aboutsummaryrefslogtreecommitdiffstats
path: root/test/output/dedicated/rules6-save
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2019-12-24 21:21:13 +0200
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2020-01-17 18:26:05 +0200
commit408d036cf9a26ec8a419a358c3e96df9dabfc082 (patch)
treeb23af1365f9f20c8aef3eda2479a7f5a0b4df8cc /test/output/dedicated/rules6-save
parentc81d6fc2ce59212a4cdee9244417dd86a15e8844 (diff)
downloadawall-408d036cf9a26ec8a419a358c3e96df9dabfc082.tar.bz2
awall-408d036cf9a26ec8a419a358c3e96df9dabfc082.tar.xz
support co-existence with other firewall management tools
Diffstat (limited to 'test/output/dedicated/rules6-save')
-rw-r--r--test/output/dedicated/rules6-save181
1 files changed, 181 insertions, 0 deletions
diff --git a/test/output/dedicated/rules6-save b/test/output/dedicated/rules6-save
new file mode 100644
index 0000000..48e7802
--- /dev/null
+++ b/test/output/dedicated/rules6-save
@@ -0,0 +1,181 @@
+# rules6-save generated by awall
+*filter
+:FORWARD DROP [0:0]
+:INPUT DROP [0:0]
+:OUTPUT DROP [0:0]
+:awall-FORWARD - [0:0]
+:awall-INPUT - [0:0]
+:awall-OUTPUT - [0:0]
+:awall-icmp-routing - [0:0]
+:awall-logaccept-0 - [0:0]
+:awall-logaccept-1 - [0:0]
+:awall-logaccept-2 - [0:0]
+:awall-logaccept-3 - [0:0]
+:awall-logdrop-0 - [0:0]
+:awall-logdrop-1 - [0:0]
+:awall-logdrop-2 - [0:0]
+:awall-logdrop-3 - [0:0]
+:awall-logdrop-4 - [0:0]
+:awall-logpass-0 - [0:0]
+:awall-logpass-1 - [0:0]
+:awall-logpass-2 - [0:0]
+-A FORWARD -j awall-FORWARD
+-A INPUT -j awall-INPUT
+-A OUTPUT -j awall-OUTPUT
+-A awall-FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A awall-FORWARD -j ACCEPT
+-A awall-FORWARD -j awall-logdrop-0
+-A awall-FORWARD
+-A awall-FORWARD -j ACCEPT
+-A awall-FORWARD -j DROP
+-A awall-FORWARD
+-A awall-FORWARD -j awall-logaccept-0
+-A awall-FORWARD -j awall-logdrop-1
+-A awall-FORWARD -j awall-logpass-0
+-A awall-FORWARD -j awall-logaccept-1
+-A awall-FORWARD -j awall-logdrop-2
+-A awall-FORWARD -j awall-logpass-1
+-A awall-FORWARD -j awall-logaccept-2
+-A awall-FORWARD -j awall-logdrop-3
+-A awall-FORWARD -j awall-logpass-2
+-A awall-FORWARD -j ACCEPT
+-A awall-FORWARD -j DROP
+-A awall-FORWARD
+-A awall-FORWARD -j awall-logaccept-3
+-A awall-FORWARD -j awall-logdrop-4
+-A awall-FORWARD -i eth0 -j ACCEPT
+-A awall-FORWARD -o eth1 -d fc00::/7 -j ACCEPT
+-A awall-FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
+-A awall-FORWARD -i eth0 -o eth4 -j ACCEPT
+-A awall-FORWARD -i eth0 -o eth5 -j ACCEPT
+-A awall-FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
+-A awall-FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
+-A awall-FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
+-A awall-FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
+-A awall-FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
+-A awall-FORWARD -i eth4 -o eth0 -j ACCEPT
+-A awall-FORWARD -i eth5 -o eth0 -j ACCEPT
+-A awall-FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
+-A awall-FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
+-A awall-FORWARD -i eth4 -o eth4 -j ACCEPT
+-A awall-FORWARD -i eth4 -o eth5 -j ACCEPT
+-A awall-FORWARD -i eth5 -o eth4 -j ACCEPT
+-A awall-FORWARD -i eth5 -o eth5 -j ACCEPT
+-A awall-FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
+-A awall-FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
+-A awall-FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
+-A awall-FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
+-A awall-FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
+-A awall-FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
+-A awall-FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
+-A awall-FORWARD -p icmpv6 -j awall-icmp-routing
+-A awall-INPUT -j NFLOG --nflog-group 1 --nflog-size 128
+-A awall-INPUT -j TEE --gateway fc00::2
+-A awall-INPUT -m limit --limit 1/second -j LOG
+-A awall-INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A awall-INPUT -i lo -j ACCEPT
+-A awall-INPUT -j ACCEPT
+-A awall-INPUT -j awall-logdrop-0
+-A awall-INPUT
+-A awall-INPUT -j ACCEPT
+-A awall-INPUT -j DROP
+-A awall-INPUT
+-A awall-INPUT -j awall-logaccept-0
+-A awall-INPUT -j awall-logdrop-1
+-A awall-INPUT -j awall-logpass-0
+-A awall-INPUT -j awall-logaccept-1
+-A awall-INPUT -j awall-logdrop-2
+-A awall-INPUT -j awall-logpass-1
+-A awall-INPUT -j awall-logaccept-2
+-A awall-INPUT -j awall-logdrop-3
+-A awall-INPUT -j awall-logpass-2
+-A awall-INPUT -j ACCEPT
+-A awall-INPUT -j DROP
+-A awall-INPUT
+-A awall-INPUT -j awall-logaccept-3
+-A awall-INPUT -j awall-logdrop-4
+-A awall-INPUT -i eth0 -j ACCEPT
+-A awall-INPUT -j ACCEPT
+-A awall-INPUT -p icmpv6 -j ACCEPT
+-A awall-OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A awall-OUTPUT -o lo -j ACCEPT
+-A awall-OUTPUT -j ACCEPT
+-A awall-OUTPUT -j awall-logdrop-0
+-A awall-OUTPUT
+-A awall-OUTPUT -j ACCEPT
+-A awall-OUTPUT -j DROP
+-A awall-OUTPUT
+-A awall-OUTPUT -j awall-logaccept-0
+-A awall-OUTPUT -j awall-logdrop-1
+-A awall-OUTPUT -j awall-logpass-0
+-A awall-OUTPUT -j awall-logaccept-1
+-A awall-OUTPUT -j awall-logdrop-2
+-A awall-OUTPUT -j awall-logpass-1
+-A awall-OUTPUT -j awall-logaccept-2
+-A awall-OUTPUT -j awall-logdrop-3
+-A awall-OUTPUT -j awall-logpass-2
+-A awall-OUTPUT -j ACCEPT
+-A awall-OUTPUT -j DROP
+-A awall-OUTPUT
+-A awall-OUTPUT -j awall-logaccept-3
+-A awall-OUTPUT -j awall-logdrop-4
+-A awall-OUTPUT -j ACCEPT
+-A awall-OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
+-A awall-OUTPUT -p icmpv6 -j ACCEPT
+-A awall-icmp-routing -p icmpv6 --icmpv6-type 1 -j ACCEPT
+-A awall-icmp-routing -p icmpv6 --icmpv6-type 2 -j ACCEPT
+-A awall-icmp-routing -p icmpv6 --icmpv6-type 3 -j ACCEPT
+-A awall-icmp-routing -p icmpv6 --icmpv6-type 4 -j ACCEPT
+-A awall-logaccept-0 -m limit --limit 1/second -j LOG
+-A awall-logaccept-0 -j ACCEPT
+-A awall-logaccept-1 -j LOG
+-A awall-logaccept-1 -j TEE --gateway fc00::1
+-A awall-logaccept-1 -j ACCEPT
+-A awall-logaccept-2 -j TEE --gateway fc00::2
+-A awall-logaccept-2 -j ACCEPT
+-A awall-logaccept-3 -j ACCEPT
+-A awall-logdrop-0 -m limit --limit 1/second -j LOG
+-A awall-logdrop-0 -j DROP
+-A awall-logdrop-1 -m limit --limit 1/second -j LOG
+-A awall-logdrop-1 -j DROP
+-A awall-logdrop-2 -j LOG
+-A awall-logdrop-2 -j TEE --gateway fc00::1
+-A awall-logdrop-2 -j DROP
+-A awall-logdrop-3 -j TEE --gateway fc00::2
+-A awall-logdrop-3 -j DROP
+-A awall-logdrop-4 -j DROP
+-A awall-logpass-0 -m limit --limit 1/second -j LOG
+-A awall-logpass-1 -j LOG
+-A awall-logpass-1 -j TEE --gateway fc00::1
+-A awall-logpass-2 -j TEE --gateway fc00::2
+COMMIT
+*mangle
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
+:awall-INPUT - [0:0]
+:awall-OUTPUT - [0:0]
+:awall-POSTROUTING - [0:0]
+:awall-PREROUTING - [0:0]
+-A INPUT -j awall-INPUT
+-A OUTPUT -j awall-OUTPUT
+-A POSTROUTING -j awall-POSTROUTING
+-A PREROUTING -j awall-PREROUTING
+-A awall-INPUT -j MARK --set-mark 3
+-A awall-OUTPUT -j MARK --set-mark 1
+-A awall-POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 3
+-A awall-PREROUTING -i eth0 -j MARK --set-mark 1
+COMMIT
+*raw
+:OUTPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
+:awall-OUTPUT - [0:0]
+:awall-PREROUTING - [0:0]
+-A OUTPUT -j awall-OUTPUT
+-A PREROUTING -j awall-PREROUTING
+-A awall-OUTPUT -j CT --notrack
+-A awall-PREROUTING -i eth0 -j CT --notrack
+-A awall-PREROUTING -i eth1 -s fc00::/7 -j CT --notrack
+-A awall-PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
+COMMIT
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 22:59:28 +0000