test: route-track

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2017-11-01 10:51:33 +0200
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2017-11-01 10:54:32 +0200
commit: 049605ec1472284d0130d897800c768b19e2405e (patch)
tree: 590dbbb204d2466a3d639fd45a792a53e730c447 /test/output/route-track/rules6-save
parent: 57760b1a2b7172451b0e6bf77d31361a832456d2 (diff)
download: awall-049605ec1472284d0130d897800c768b19e2405e.tar.bz2
awall-049605ec1472284d0130d897800c768b19e2405e.tar.xz
1 files changed, 119 insertions, 0 deletions
diff --git a/test/output/route-track/rules6-save b/test/output/route-track/rules6-save
new file mode 100644
index 0000000..047aa8d
--- /dev/null
+++ b/test/output/route-track/rules6-save
@@ -0,0 +1,119 @@
+# rules6-save generated by awall
+*filter
+:FORWARD DROP [0:0]
+:INPUT DROP [0:0]
+:OUTPUT DROP [0:0]
+:icmp-routing - [0:0]
+:logaccept-0 - [0:0]
+:logdrop-0 - [0:0]
+:logdrop-1 - [0:0]
+:logpass-0 - [0:0]
+-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A FORWARD -j ACCEPT
+-A FORWARD -j logdrop-0
+-A FORWARD 
+-A FORWARD -j ACCEPT
+-A FORWARD -j DROP
+-A FORWARD 
+-A FORWARD -j logaccept-0
+-A FORWARD -j logdrop-1
+-A FORWARD -j logpass-0
+-A FORWARD -j ACCEPT
+-A FORWARD -j DROP
+-A FORWARD 
+-A FORWARD -i eth0 -j ACCEPT
+-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
+-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
+-A FORWARD -i eth0 -o eth4 -j ACCEPT
+-A FORWARD -i eth0 -o eth5 -j ACCEPT
+-A FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
+-A FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
+-A FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
+-A FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -i eth4 -o eth0 -j ACCEPT
+-A FORWARD -i eth5 -o eth0 -j ACCEPT
+-A FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
+-A FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
+-A FORWARD -i eth4 -o eth4 -j ACCEPT
+-A FORWARD -i eth4 -o eth5 -j ACCEPT
+-A FORWARD -i eth5 -o eth4 -j ACCEPT
+-A FORWARD -i eth5 -o eth5 -j ACCEPT
+-A FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -p icmpv6 -j icmp-routing
+-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -j ACCEPT
+-A INPUT -j logdrop-0
+-A INPUT 
+-A INPUT -j ACCEPT
+-A INPUT -j DROP
+-A INPUT 
+-A INPUT -j logaccept-0
+-A INPUT -j logdrop-1
+-A INPUT -j logpass-0
+-A INPUT -j ACCEPT
+-A INPUT -j DROP
+-A INPUT 
+-A INPUT -i eth0 -j ACCEPT
+-A INPUT -j ACCEPT
+-A INPUT -p icmpv6 -j ACCEPT
+-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A OUTPUT -o lo -j ACCEPT
+-A OUTPUT -j ACCEPT
+-A OUTPUT -j logdrop-0
+-A OUTPUT 
+-A OUTPUT -j ACCEPT
+-A OUTPUT -j DROP
+-A OUTPUT 
+-A OUTPUT -j logaccept-0
+-A OUTPUT -j logdrop-1
+-A OUTPUT -j logpass-0
+-A OUTPUT -j ACCEPT
+-A OUTPUT -j DROP
+-A OUTPUT 
+-A OUTPUT -j ACCEPT
+-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
+-A OUTPUT -p icmpv6 -j ACCEPT
+-A icmp-routing -p icmpv6 --icmpv6-type 1 -j ACCEPT
+-A icmp-routing -p icmpv6 --icmpv6-type 2 -j ACCEPT
+-A icmp-routing -p icmpv6 --icmpv6-type 3 -j ACCEPT
+-A icmp-routing -p icmpv6 --icmpv6-type 4 -j ACCEPT
+-A logaccept-0 -m limit --limit 1/second -j LOG
+-A logaccept-0 -j ACCEPT
+-A logdrop-0 -m limit --limit 1/second -j LOG
+-A logdrop-0 -j DROP
+-A logdrop-1 -m limit --limit 1/second -j LOG
+-A logdrop-1 -j DROP
+-A logpass-0 -m limit --limit 1/second -j LOG
+COMMIT
+*mangle
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
+-A INPUT -j MARK --set-mark 3
+-A OUTPUT -m connmark ! --mark 0 -j CONNMARK --restore-mark
+-A OUTPUT -m mark --mark 0 -j MARK --set-mark 4
+-A OUTPUT -m mark --mark 0 -j CONNMARK --save-mark
+-A OUTPUT -j MARK --set-mark 1
+-A POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 3
+-A PREROUTING -m connmark ! --mark 0 -j CONNMARK --restore-mark
+-A PREROUTING -m mark --mark 0 -j MARK --set-mark 4
+-A PREROUTING -m mark --mark 0 -j CONNMARK --save-mark
+-A PREROUTING -i eth0 -j MARK --set-mark 1
+COMMIT
+*raw
+:OUTPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
+-A OUTPUT -j CT --notrack
+-A PREROUTING -i eth0 -j CT --notrack
+-A PREROUTING -i eth1 -s fc00::/7 -j CT --notrack
+-A PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
+COMMIT
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2017-11-01 10:51:33 +0200
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2017-11-01 10:54:32 +0200
commit	049605ec1472284d0130d897800c768b19e2405e (patch)
tree	590dbbb204d2466a3d639fd45a792a53e730c447 /test/output/route-track/rules6-save
parent	57760b1a2b7172451b0e6bf77d31361a832456d2 (diff)
download	awall-049605ec1472284d0130d897800c768b19e2405e.tar.bz2 awall-049605ec1472284d0130d897800c768b19e2405e.tar.xz