diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-06-05 12:57:10 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-06-05 12:57:10 +0300 |
| commit | 1d22026cccbc4824511b9131dd0861f5392cfb90 (patch) | |
| tree | 81c70dd50accc32239a2514a4a29f20c05581cb9 /test/output/rules6-save | |
| parent | 7bb0674c79d1d62533b3d917933a7ce3ff06ce35 (diff) | |
| download | awall-1d22026cccbc4824511b9131dd0861f5392cfb90.tar.bz2 awall-1d22026cccbc4824511b9131dd0861f5392cfb90.tar.xz | |
test: zone
Diffstat (limited to 'test/output/rules6-save')
| -rw-r--r-- | test/output/rules6-save | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/test/output/rules6-save b/test/output/rules6-save index 7234014..53ba76d 100644 --- a/test/output/rules6-save +++ b/test/output/rules6-save @@ -190,6 +190,31 @@ -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD +-A FORWARD -i eth0 -j ACCEPT +-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT +-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT +-A FORWARD -i eth0 -o eth4 -j ACCEPT +-A FORWARD -i eth0 -o eth5 -j ACCEPT +-A FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT +-A FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT +-A FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT +-A FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -i eth4 -o eth0 -j ACCEPT +-A FORWARD -i eth5 -o eth0 -j ACCEPT +-A FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT +-A FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT +-A FORWARD -i eth4 -o eth4 -j ACCEPT +-A FORWARD -i eth4 -o eth5 -j ACCEPT +-A FORWARD -i eth5 -o eth4 -j ACCEPT +-A FORWARD -i eth5 -o eth5 -j ACCEPT +-A FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -j limit-59 -A INPUT -j limit-58 @@ -289,6 +314,8 @@ -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT +-A INPUT -i eth0 -j ACCEPT +-A INPUT -j ACCEPT -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 @@ -388,6 +415,8 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT -A OUTPUT -p icmpv6 -j ACCEPT -A icmp-routing -p icmpv6 --icmpv6-type 1 -j ACCEPT -A icmp-routing -p icmpv6 --icmpv6-type 2 -j ACCEPT @@ -582,9 +611,23 @@ -A tarpit -p tcp -j TARPIT -A tarpit -j DROP COMMIT +*mangle +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:PREROUTING ACCEPT [0:0] +-A INPUT -j MARK --set-mark 2 +-A OUTPUT -j MARK --set-mark 0 +-A POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 2 +-A PREROUTING -i eth0 -j MARK --set-mark 0 +COMMIT *raw :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] -A OUTPUT -j CT --notrack +-A OUTPUT -j CT --notrack -A PREROUTING -j CT --notrack +-A PREROUTING -i eth0 -j CT --notrack +-A PREROUTING -i eth1 -s fc00::/7 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack COMMIT |