diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 13:12:08 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 13:12:18 +0300 |
commit | 44424903aeed8310c6cc4100d79ad3b1f4e8b06f (patch) | |
tree | f7487d0ea437b9e19d69bc26afac5eab8dd136ad /test | |
parent | b8bb8e88476dbd1ad60244222aba0234da63d3dd (diff) | |
download | awall-44424903aeed8310c6cc4100d79ad3b1f4e8b06f.tar.bz2 awall-44424903aeed8310c6cc4100d79ad3b1f4e8b06f.tar.xz |
test: filter-limit: update
Diffstat (limited to 'test')
-rw-r--r-- | test/mandatory/filter-limit.lua | 36 | ||||
-rw-r--r-- | test/output/dump | 6158 | ||||
-rw-r--r-- | test/output/rules-save | 1239 | ||||
-rw-r--r-- | test/output/rules6-save | 1239 |
4 files changed, 5377 insertions, 3295 deletions
diff --git a/test/mandatory/filter-limit.lua b/test/mandatory/filter-limit.lua index 7fe5757..4c9b7cd 100644 --- a/test/mandatory/filter-limit.lua +++ b/test/mandatory/filter-limit.lua @@ -14,22 +14,26 @@ function add(limit_type, base) for _, name in ipairs{ false, type(limit) == 'table' and count == 1 and 'foo' or nil } do - for _, log in ipairs{false, true, 'none'} do - for _, action in ipairs{false, 'pass'} do - if not (count == 30 and log and action) then - table.insert( - res, - update( - { - [limit_type..'-limit']=type(limit) == 'table' and update( - {name=name or nil}, limit - ) or limit, - log=log or nil, - action=action or nil - }, - base or {} - ) - ) + for _, no_update in ipairs{false, name or nil} do + local upd + if no_update then upd = false end + for _, log in ipairs{false, true, 'none'} do + for _, action in ipairs{false, 'pass'} do + if not (count == 30 and log and action) then + table.insert( + res, + update( + { + [limit_type..'-limit']=type(limit) == 'table' and update( + {name=name or nil, update=upd}, limit + ) or limit, + log=log or nil, + action=action or nil + }, + base or {} + ) + ) + end end end end diff --git a/test/output/dump b/test/output/dump index 432d290..a20ee36 100644 --- a/test/output/dump +++ b/test/output/dump @@ -354,859 +354,683 @@ Filter 24 {"action":"pass","conn-limit":{"count":1,"nam inet/filter/limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 25 {"conn-limit":{"count":1,"log":false},"out":"B"} +Filter 25 {"conn-limit":{"count":1,"name":"foo","update":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-18 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-18 - inet/filter/limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-18 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19 + inet6/filter/limit-18 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19 + inet/filter/logdrop-19 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-19 -m limit --limit 1/second -j LOG + inet/filter/logdrop-19 -j DROP + inet6/filter/logdrop-19 -j DROP + inet/filter/limit-18 -j ACCEPT + inet6/filter/limit-18 -j ACCEPT -Filter 26 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} +Filter 26 {"action":"pass","conn-limit":{"count":1,"name":"foo","update":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-19 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-19 - inet/filter/limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-20 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-20 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -Filter 27 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} +Filter 27 {"conn-limit":{"count":1,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-20 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-20 - inet/filter/limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-20 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21 + inet6/filter/limit-20 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21 + inet/filter/logdrop-21 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-21 -m limit --limit 1/second -j LOG + inet/filter/logdrop-21 -j DROP + inet6/filter/logdrop-21 -j DROP inet/filter/limit-20 -m limit --limit 1/second -j LOG inet6/filter/limit-20 -m limit --limit 1/second -j LOG - inet/filter/limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-20 -j ACCEPT + inet6/filter/limit-20 -j ACCEPT -Filter 28 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} +Filter 28 {"action":"pass","conn-limit":{"count":1,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-21 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-21 - inet/filter/limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-21 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22 + inet6/filter/limit-21 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22 + inet/filter/logdrop-22 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-22 -m limit --limit 1/second -j LOG + inet/filter/logdrop-22 -j DROP + inet6/filter/logdrop-22 -j DROP + inet/filter/limit-21 -m limit --limit 1/second -j LOG + inet6/filter/limit-21 -m limit --limit 1/second -j LOG -Filter 29 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} +Filter 29 {"conn-limit":{"count":1,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-22 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-22 - inet/filter/limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-22 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23 + inet6/filter/limit-22 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23 + inet/filter/logdrop-23 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-23 -m limit --limit 1/second -j LOG + inet/filter/logdrop-23 -j DROP + inet6/filter/logdrop-23 -j DROP + inet/filter/limit-22 -j ACCEPT + inet6/filter/limit-22 -j ACCEPT -Filter 30 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} +Filter 30 {"action":"pass","conn-limit":{"count":1,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-23 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-23 - inet/filter/limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-24 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-24 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-24 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -Filter 31 {"conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} +Filter 31 {"conn-limit":{"count":1,"log":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-24 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-24 - inet/filter/limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 32 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} +Filter 32 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-25 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-25 - inet/filter/limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 33 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} +Filter 33 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26 - inet/filter/limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-26 -m limit --limit 1/second -j LOG inet6/filter/limit-26 -m limit --limit 1/second -j LOG - inet/filter/limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 34 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} +Filter 34 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-27 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-27 - inet/filter/limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 35 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} +Filter 35 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-28 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-28 - inet/filter/limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 36 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} +Filter 36 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-29 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-29 - inet/filter/limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 37 {"conn-limit":{"count":1,"log":"none"},"out":"B"} +Filter 37 {"conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-30 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-30 - inet/filter/limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 38 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} +Filter 38 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-31 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-31 - inet/filter/limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 39 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} +Filter 39 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-32 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-32 - inet/filter/limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-32 -m limit --limit 1/second -j LOG inet6/filter/limit-32 -m limit --limit 1/second -j LOG - inet/filter/limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 40 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} +Filter 40 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-33 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-33 - inet/filter/limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 41 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} +Filter 41 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-34 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-34 - inet/filter/limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 42 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} +Filter 42 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-35 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-35 - inet/filter/limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 43 {"conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} +Filter 43 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-36 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-36 - inet/filter/limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-36 -j ACCEPT + inet6/filter/limit-36 -j ACCEPT -Filter 44 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} +Filter 44 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-37 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-37 - inet/filter/limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 45 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} +Filter 45 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-38 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-38 - inet/filter/limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/limit-38 -m limit --limit 1/second -j LOG inet6/filter/limit-38 -m limit --limit 1/second -j LOG - inet/filter/limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-38 -j ACCEPT + inet6/filter/limit-38 -j ACCEPT -Filter 46 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} +Filter 46 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-39 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-39 - inet/filter/limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-39 -m limit --limit 1/second -j LOG + inet6/filter/limit-39 -m limit --limit 1/second -j LOG -Filter 47 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +Filter 47 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-40 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-40 - inet/filter/limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-40 -j ACCEPT + inet6/filter/limit-40 -j ACCEPT -Filter 48 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +Filter 48 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-41 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-41 - inet/filter/limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 49 {"conn-limit":30,"out":"B"} +Filter 49 {"conn-limit":{"count":1,"log":"none"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-42 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-42 - inet/filter/limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-42 -j ACCEPT - inet6/filter/limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-42 -j ACCEPT - inet/filter/limit-42 -m limit --limit 1/second -j LOG - inet6/filter/limit-42 -m limit --limit 1/second -j LOG - inet/filter/limit-42 -j DROP - inet6/filter/limit-42 -j DROP + inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 50 {"action":"pass","conn-limit":30,"out":"B"} +Filter 50 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-43 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-43 - inet/filter/limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-43 -j RETURN - inet6/filter/limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-43 -j RETURN - inet/filter/limit-43 -m limit --limit 1/second -j LOG - inet6/filter/limit-43 -m limit --limit 1/second -j LOG - inet/filter/limit-43 -j DROP - inet6/filter/limit-43 -j DROP + inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 51 {"conn-limit":30,"log":true,"out":"B"} +Filter 51 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-44 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-44 - inet/filter/limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-44 -j logaccept-0 - inet6/filter/limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-44 -j logaccept-0 - inet/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-0 -j ACCEPT - inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-44 -m limit --limit 1/second -j LOG inet6/filter/limit-44 -m limit --limit 1/second -j LOG - inet/filter/limit-44 -j DROP - inet6/filter/limit-44 -j DROP + inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 52 {"conn-limit":30,"log":"none","out":"B"} +Filter 52 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-45 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-45 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-45 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-45 - inet/filter/limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-45 -j ACCEPT - inet6/filter/limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-45 -j ACCEPT - inet/filter/limit-45 -m limit --limit 1/second -j LOG - inet6/filter/limit-45 -m limit --limit 1/second -j LOG - inet/filter/limit-45 -j DROP - inet6/filter/limit-45 -j DROP + inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 53 {"conn-limit":{"count":30},"out":"B"} +Filter 53 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-46 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-46 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-46 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-46 - inet/filter/limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-46 -j ACCEPT - inet6/filter/limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-46 -j ACCEPT - inet/filter/limit-46 -m limit --limit 1/second -j LOG - inet6/filter/limit-46 -m limit --limit 1/second -j LOG - inet/filter/limit-46 -j DROP - inet6/filter/limit-46 -j DROP + inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 54 {"action":"pass","conn-limit":{"count":30},"out":"B"} +Filter 54 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-47 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-47 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-47 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-47 - inet/filter/limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-47 -j RETURN - inet6/filter/limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-47 -j RETURN - inet/filter/limit-47 -m limit --limit 1/second -j LOG - inet6/filter/limit-47 -m limit --limit 1/second -j LOG - inet/filter/limit-47 -j DROP - inet6/filter/limit-47 -j DROP + inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 55 {"conn-limit":{"count":30},"log":true,"out":"B"} +Filter 55 {"conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-48 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-48 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-48 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-48 - inet/filter/limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j logaccept-1 - inet6/filter/limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j logaccept-1 - inet/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-1 -j ACCEPT - inet6/filter/logaccept-1 -j ACCEPT - inet/filter/limit-48 -m limit --limit 1/second -j LOG - inet6/filter/limit-48 -m limit --limit 1/second -j LOG - inet/filter/limit-48 -j DROP - inet6/filter/limit-48 -j DROP + inet/filter/limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 56 {"conn-limit":{"count":30},"log":"none","out":"B"} +Filter 56 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-49 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-49 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-49 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-49 - inet/filter/limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j ACCEPT - inet6/filter/limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j ACCEPT - inet/filter/limit-49 -m limit --limit 1/second -j LOG - inet6/filter/limit-49 -m limit --limit 1/second -j LOG - inet/filter/limit-49 -j DROP - inet6/filter/limit-49 -j DROP + inet/filter/limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 57 {"conn-limit":{"count":30,"log":false},"out":"B"} +Filter 57 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-50 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-50 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-50 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-50 - inet/filter/limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j ACCEPT - inet6/filter/limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j ACCEPT - inet/filter/limit-50 -j DROP - inet6/filter/limit-50 -j DROP + inet/filter/limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-50 -m limit --limit 1/second -j LOG + inet6/filter/limit-50 -m limit --limit 1/second -j LOG + inet/filter/limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 58 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} +Filter 58 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-51 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-51 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-51 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-51 - inet/filter/limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN - inet6/filter/limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN - inet/filter/limit-51 -j DROP - inet6/filter/limit-51 -j DROP + inet/filter/limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 59 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} +Filter 59 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-52 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-52 - inet/filter/limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j logaccept-2 - inet6/filter/limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j logaccept-2 - inet/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-2 -j ACCEPT - inet6/filter/logaccept-2 -j ACCEPT - inet/filter/limit-52 -j DROP - inet6/filter/limit-52 -j DROP + inet/filter/limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 60 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} +Filter 60 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-53 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-53 - inet/filter/limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j ACCEPT - inet6/filter/limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j ACCEPT - inet/filter/limit-53 -j DROP - inet6/filter/limit-53 -j DROP + inet/filter/limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 61 {"conn-limit":{"count":30,"log":"none"},"out":"B"} +Filter 61 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-54 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-54 - inet/filter/limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j ACCEPT - inet6/filter/limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j ACCEPT - inet/filter/limit-54 -j DROP - inet6/filter/limit-54 -j DROP + inet/filter/limit-54 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-54 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-54 -j ACCEPT + inet6/filter/limit-54 -j ACCEPT -Filter 62 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} +Filter 62 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-55 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-55 - inet/filter/limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN - inet6/filter/limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN - inet/filter/limit-55 -j DROP - inet6/filter/limit-55 -j DROP + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 63 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} +Filter 63 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-56 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-56 - inet/filter/limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j logaccept-3 - inet6/filter/limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j logaccept-3 - inet/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-3 -j ACCEPT - inet6/filter/logaccept-3 -j ACCEPT - inet/filter/limit-56 -j DROP - inet6/filter/limit-56 -j DROP + inet/filter/limit-56 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-56 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-56 -m limit --limit 1/second -j LOG + inet6/filter/limit-56 -m limit --limit 1/second -j LOG + inet/filter/limit-56 -j ACCEPT + inet6/filter/limit-56 -j ACCEPT -Filter 64 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} +Filter 64 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-57 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-57 - inet/filter/limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j ACCEPT - inet6/filter/limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j ACCEPT - inet/filter/limit-57 -j DROP - inet6/filter/limit-57 -j DROP - -Filter 65 {"flow-limit":1} -(filter-limit) - inet/filter/FORWARD -j limit-58 - inet6/filter/FORWARD -j limit-58 - inet/filter/INPUT -j limit-58 - inet6/filter/INPUT -j limit-58 - inet/filter/OUTPUT -j limit-58 - inet6/filter/OUTPUT -j limit-58 - inet/filter/limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 - inet6/filter/limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 - inet/filter/logdrop-19 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-19 -m limit --limit 1/second -j LOG - inet/filter/logdrop-19 -j DROP - inet6/filter/logdrop-19 -j DROP - inet/filter/limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 66 {"action":"pass","flow-limit":1} -(filter-limit) - inet/filter/FORWARD -j limit-59 - inet6/filter/FORWARD -j limit-59 - inet/filter/INPUT -j limit-59 - inet6/filter/INPUT -j limit-59 - inet/filter/OUTPUT -j limit-59 - inet6/filter/OUTPUT -j limit-59 - inet/filter/limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 - inet6/filter/limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 - inet/filter/logdrop-20 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-20 -m limit --limit 1/second -j LOG - inet/filter/logdrop-20 -j DROP - inet6/filter/logdrop-20 -j DROP - inet/filter/limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 67 {"flow-limit":1,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-60 - inet6/filter/FORWARD -j limit-60 - inet/filter/INPUT -j limit-60 - inet6/filter/INPUT -j limit-60 - inet/filter/OUTPUT -j limit-60 - inet6/filter/OUTPUT -j limit-60 - inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 - inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 - inet/filter/logdrop-21 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-21 -m limit --limit 1/second -j LOG - inet/filter/logdrop-21 -j DROP - inet6/filter/logdrop-21 -j DROP - inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-0 - inet6/filter/FORWARD -j logaccept-final-0 - inet/filter/INPUT -j logaccept-final-0 - inet6/filter/INPUT -j logaccept-final-0 - inet/filter/OUTPUT -j logaccept-final-0 - inet6/filter/OUTPUT -j logaccept-final-0 - inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-0 -j ACCEPT - inet6/filter/logaccept-final-0 -j ACCEPT - -Filter 68 {"action":"pass","flow-limit":1,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-61 - inet6/filter/FORWARD -j limit-61 - inet/filter/INPUT -j limit-61 - inet6/filter/INPUT -j limit-61 - inet/filter/OUTPUT -j limit-61 - inet6/filter/OUTPUT -j limit-61 - inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 - inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 - inet/filter/logdrop-22 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-22 -m limit --limit 1/second -j LOG - inet/filter/logdrop-22 -j DROP - inet6/filter/logdrop-22 -j DROP - inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 69 {"flow-limit":1,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-62 - inet6/filter/FORWARD -j limit-62 - inet/filter/INPUT -j limit-62 - inet6/filter/INPUT -j limit-62 - inet/filter/OUTPUT -j limit-62 - inet6/filter/OUTPUT -j limit-62 - inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 - inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 - inet/filter/logdrop-23 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-23 -m limit --limit 1/second -j LOG - inet/filter/logdrop-23 -j DROP - inet6/filter/logdrop-23 -j DROP - inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 70 {"action":"pass","flow-limit":1,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-63 - inet6/filter/FORWARD -j limit-63 - inet/filter/INPUT -j limit-63 - inet6/filter/INPUT -j limit-63 - inet/filter/OUTPUT -j limit-63 - inet6/filter/OUTPUT -j limit-63 - inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 - inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 - inet/filter/logdrop-24 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-24 -m limit --limit 1/second -j LOG - inet/filter/logdrop-24 -j DROP - inet6/filter/logdrop-24 -j DROP - inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 71 {"flow-limit":{"count":1}} -(filter-limit) - inet/filter/FORWARD -j limit-64 - inet6/filter/FORWARD -j limit-64 - inet/filter/INPUT -j limit-64 - inet6/filter/INPUT -j limit-64 - inet/filter/OUTPUT -j limit-64 - inet6/filter/OUTPUT -j limit-64 - inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 - inet6/filter/limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 - inet/filter/logdrop-25 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-25 -m limit --limit 1/second -j LOG - inet/filter/logdrop-25 -j DROP - inet6/filter/logdrop-25 -j DROP - inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 72 {"action":"pass","flow-limit":{"count":1}} -(filter-limit) - inet/filter/FORWARD -j limit-65 - inet6/filter/FORWARD -j limit-65 - inet/filter/INPUT -j limit-65 - inet6/filter/INPUT -j limit-65 - inet/filter/OUTPUT -j limit-65 - inet6/filter/OUTPUT -j limit-65 - inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 - inet6/filter/limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 - inet/filter/logdrop-26 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG - inet/filter/logdrop-26 -j DROP - inet6/filter/logdrop-26 -j DROP - inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 73 {"flow-limit":{"count":1},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-66 - inet6/filter/FORWARD -j limit-66 - inet/filter/INPUT -j limit-66 - inet6/filter/INPUT -j limit-66 - inet/filter/OUTPUT -j limit-66 - inet6/filter/OUTPUT -j limit-66 - inet/filter/limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 - inet6/filter/limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 - inet/filter/logdrop-27 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-27 -m limit --limit 1/second -j LOG - inet/filter/logdrop-27 -j DROP - inet6/filter/logdrop-27 -j DROP - inet/filter/limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-1 - inet6/filter/FORWARD -j logaccept-final-1 - inet/filter/INPUT -j logaccept-final-1 - inet6/filter/INPUT -j logaccept-final-1 - inet/filter/OUTPUT -j logaccept-final-1 - inet6/filter/OUTPUT -j logaccept-final-1 - inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-1 -j ACCEPT - inet6/filter/logaccept-final-1 -j ACCEPT - -Filter 74 {"action":"pass","flow-limit":{"count":1},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-67 - inet6/filter/FORWARD -j limit-67 - inet/filter/INPUT -j limit-67 - inet6/filter/INPUT -j limit-67 - inet/filter/OUTPUT -j limit-67 - inet6/filter/OUTPUT -j limit-67 - inet/filter/limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 - inet6/filter/limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 - inet/filter/logdrop-28 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-28 -m limit --limit 1/second -j LOG - inet/filter/logdrop-28 -j DROP - inet6/filter/logdrop-28 -j DROP - inet/filter/limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 75 {"flow-limit":{"count":1},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-68 - inet6/filter/FORWARD -j limit-68 - inet/filter/INPUT -j limit-68 - inet6/filter/INPUT -j limit-68 - inet/filter/OUTPUT -j limit-68 - inet6/filter/OUTPUT -j limit-68 - inet/filter/limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 - inet6/filter/limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 - inet/filter/logdrop-29 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-29 -m limit --limit 1/second -j LOG - inet/filter/logdrop-29 -j DROP - inet6/filter/logdrop-29 -j DROP - inet/filter/limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 76 {"action":"pass","flow-limit":{"count":1},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-69 - inet6/filter/FORWARD -j limit-69 - inet/filter/INPUT -j limit-69 - inet6/filter/INPUT -j limit-69 - inet/filter/OUTPUT -j limit-69 - inet6/filter/OUTPUT -j limit-69 - inet/filter/limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 - inet6/filter/limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 - inet/filter/logdrop-30 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-30 -m limit --limit 1/second -j LOG - inet/filter/logdrop-30 -j DROP - inet6/filter/logdrop-30 -j DROP - inet/filter/limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 77 {"flow-limit":{"count":1,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-70 - inet6/filter/FORWARD -j limit-70 - inet/filter/INPUT -j limit-70 - inet6/filter/INPUT -j limit-70 - inet/filter/OUTPUT -j limit-70 - inet6/filter/OUTPUT -j limit-70 - inet/filter/limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 - inet6/filter/limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 - inet/filter/logdrop-31 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-31 -m limit --limit 1/second -j LOG - inet/filter/logdrop-31 -j DROP - inet6/filter/logdrop-31 -j DROP - inet/filter/limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 78 {"action":"pass","flow-limit":{"count":1,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-71 - inet6/filter/FORWARD -j limit-71 - inet/filter/INPUT -j limit-71 - inet6/filter/INPUT -j limit-71 - inet/filter/OUTPUT -j limit-71 - inet6/filter/OUTPUT -j limit-71 - inet/filter/limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 - inet6/filter/limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 - inet/filter/logdrop-32 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-32 -m limit --limit 1/second -j LOG - inet/filter/logdrop-32 -j DROP - inet6/filter/logdrop-32 -j DROP - inet/filter/limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 79 {"flow-limit":{"count":1,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-72 - inet6/filter/FORWARD -j limit-72 - inet/filter/INPUT -j limit-72 - inet6/filter/INPUT -j limit-72 - inet/filter/OUTPUT -j limit-72 - inet6/filter/OUTPUT -j limit-72 - inet/filter/limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 - inet6/filter/limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 - inet/filter/logdrop-33 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-33 -m limit --limit 1/second -j LOG - inet/filter/logdrop-33 -j DROP - inet6/filter/logdrop-33 -j DROP - inet/filter/limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-2 - inet6/filter/FORWARD -j logaccept-final-2 - inet/filter/INPUT -j logaccept-final-2 - inet6/filter/INPUT -j logaccept-final-2 - inet/filter/OUTPUT -j logaccept-final-2 - inet6/filter/OUTPUT -j logaccept-final-2 - inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-2 -j ACCEPT - inet6/filter/logaccept-final-2 -j ACCEPT - -Filter 80 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-73 - inet6/filter/FORWARD -j limit-73 - inet/filter/INPUT -j limit-73 - inet6/filter/INPUT -j limit-73 - inet/filter/OUTPUT -j limit-73 - inet6/filter/OUTPUT -j limit-73 - inet/filter/limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 - inet6/filter/limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 - inet/filter/logdrop-34 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-34 -m limit --limit 1/second -j LOG - inet/filter/logdrop-34 -j DROP - inet6/filter/logdrop-34 -j DROP - inet/filter/limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 81 {"flow-limit":{"count":1,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-74 - inet6/filter/FORWARD -j limit-74 - inet/filter/INPUT -j limit-74 - inet6/filter/INPUT -j limit-74 - inet/filter/OUTPUT -j limit-74 - inet6/filter/OUTPUT -j limit-74 - inet/filter/limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 - inet6/filter/limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 - inet/filter/logdrop-35 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-35 -m limit --limit 1/second -j LOG - inet/filter/logdrop-35 -j DROP - inet6/filter/logdrop-35 -j DROP - inet/filter/limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-57 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-57 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-57 -m limit --limit 1/second -j LOG + inet6/filter/limit-57 -m limit --limit 1/second -j LOG + +Filter 65 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-58 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-58 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-58 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-58 + inet/filter/limit-58 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-58 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-58 -j ACCEPT + inet6/filter/limit-58 -j ACCEPT + +Filter 66 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 67 {"conn-limit":30,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-60 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-60 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-60 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-60 + inet/filter/limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-60 -j ACCEPT + inet6/filter/limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-60 -j ACCEPT + inet/filter/limit-60 -m limit --limit 1/second -j LOG + inet6/filter/limit-60 -m limit --limit 1/second -j LOG + inet/filter/limit-60 -j DROP + inet6/filter/limit-60 -j DROP + +Filter 68 {"action":"pass","conn-limit":30,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-61 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-61 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-61 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-61 + inet/filter/limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-61 -j RETURN + inet6/filter/limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-61 -j RETURN + inet/filter/limit-61 -m limit --limit 1/second -j LOG + inet6/filter/limit-61 -m limit --limit 1/second -j LOG + inet/filter/limit-61 -j DROP + inet6/filter/limit-61 -j DROP + +Filter 69 {"conn-limit":30,"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-62 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-62 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-62 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-62 + inet/filter/limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-62 -j logaccept-0 + inet6/filter/limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-62 -j logaccept-0 + inet/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-0 -j ACCEPT + inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-62 -m limit --limit 1/second -j LOG + inet6/filter/limit-62 -m limit --limit 1/second -j LOG + inet/filter/limit-62 -j DROP + inet6/filter/limit-62 -j DROP + +Filter 70 {"conn-limit":30,"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-63 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-63 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-63 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-63 + inet/filter/limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-63 -j ACCEPT + inet6/filter/limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-63 -j ACCEPT + inet/filter/limit-63 -m limit --limit 1/second -j LOG + inet6/filter/limit-63 -m limit --limit 1/second -j LOG + inet/filter/limit-63 -j DROP + inet6/filter/limit-63 -j DROP + +Filter 71 {"conn-limit":{"count":30},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-64 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-64 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-64 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-64 + inet/filter/limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j ACCEPT + inet6/filter/limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j ACCEPT + inet/filter/limit-64 -m limit --limit 1/second -j LOG + inet6/filter/limit-64 -m limit --limit 1/second -j LOG + inet/filter/limit-64 -j DROP + inet6/filter/limit-64 -j DROP + +Filter 72 {"action":"pass","conn-limit":{"count":30},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-65 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-65 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-65 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-65 + inet/filter/limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN + inet6/filter/limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN + inet/filter/limit-65 -m limit --limit 1/second -j LOG + inet6/filter/limit-65 -m limit --limit 1/second -j LOG + inet/filter/limit-65 -j DROP + inet6/filter/limit-65 -j DROP + +Filter 73 {"conn-limit":{"count":30},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-66 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-66 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-66 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-66 + inet/filter/limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j logaccept-1 + inet6/filter/limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j logaccept-1 + inet/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-1 -j ACCEPT + inet6/filter/logaccept-1 -j ACCEPT + inet/filter/limit-66 -m limit --limit 1/second -j LOG + inet6/filter/limit-66 -m limit --limit 1/second -j LOG + inet/filter/limit-66 -j DROP + inet6/filter/limit-66 -j DROP + +Filter 74 {"conn-limit":{"count":30},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-67 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-67 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-67 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-67 + inet/filter/limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j ACCEPT + inet6/filter/limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j ACCEPT + inet/filter/limit-67 -m limit --limit 1/second -j LOG + inet6/filter/limit-67 -m limit --limit 1/second -j LOG + inet/filter/limit-67 -j DROP + inet6/filter/limit-67 -j DROP + +Filter 75 {"conn-limit":{"count":30,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-68 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-68 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-68 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-68 + inet/filter/limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j ACCEPT + inet6/filter/limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j ACCEPT + inet/filter/limit-68 -j DROP + inet6/filter/limit-68 -j DROP + +Filter 76 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-69 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-69 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-69 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-69 + inet/filter/limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN + inet6/filter/limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN + inet/filter/limit-69 -j DROP + inet6/filter/limit-69 -j DROP + +Filter 77 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-70 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-70 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-70 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-70 + inet/filter/limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j logaccept-2 + inet6/filter/limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j logaccept-2 + inet/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-2 -j ACCEPT + inet6/filter/logaccept-2 -j ACCEPT + inet/filter/limit-70 -j DROP + inet6/filter/limit-70 -j DROP + +Filter 78 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-71 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-71 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-71 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-71 + inet/filter/limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j ACCEPT + inet6/filter/limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j ACCEPT + inet/filter/limit-71 -j DROP + inet6/filter/limit-71 -j DROP + +Filter 79 {"conn-limit":{"count":30,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-72 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-72 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-72 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-72 + inet/filter/limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j ACCEPT + inet6/filter/limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j ACCEPT + inet/filter/limit-72 -j DROP + inet6/filter/limit-72 -j DROP + +Filter 80 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-73 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-73 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-73 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-73 + inet/filter/limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN + inet6/filter/limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN + inet/filter/limit-73 -j DROP + inet6/filter/limit-73 -j DROP + +Filter 81 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-74 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-74 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-74 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-74 + inet/filter/limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j logaccept-3 + inet6/filter/limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j logaccept-3 + inet/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-3 -j ACCEPT + inet6/filter/logaccept-3 -j ACCEPT + inet/filter/limit-74 -j DROP + inet6/filter/limit-74 -j DROP -Filter 82 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":"none"} +Filter 82 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-75 - inet6/filter/FORWARD -j limit-75 - inet/filter/INPUT -j limit-75 - inet6/filter/INPUT -j limit-75 - inet/filter/OUTPUT -j limit-75 - inet6/filter/OUTPUT -j limit-75 - inet/filter/limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 - inet6/filter/limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 - inet/filter/logdrop-36 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-36 -m limit --limit 1/second -j LOG - inet/filter/logdrop-36 -j DROP - inet6/filter/logdrop-36 -j DROP - inet/filter/limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-75 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-75 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-75 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-75 + inet/filter/limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j ACCEPT + inet6/filter/limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j ACCEPT + inet/filter/limit-75 -j DROP + inet6/filter/limit-75 -j DROP -Filter 83 {"flow-limit":{"count":1,"log":false}} +Filter 83 {"flow-limit":1} (filter-limit) inet/filter/FORWARD -j limit-76 inet6/filter/FORWARD -j limit-76 @@ -1214,8 +1038,12 @@ Filter 83 {"flow-limit":{"count":1,"log":false}} inet6/filter/INPUT -j limit-76 inet/filter/OUTPUT -j limit-76 inet6/filter/OUTPUT -j limit-76 - inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 + inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 + inet/filter/logdrop-25 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-25 -m limit --limit 1/second -j LOG + inet/filter/logdrop-25 -j DROP + inet6/filter/logdrop-25 -j DROP inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT @@ -1225,7 +1053,7 @@ Filter 83 {"flow-limit":{"count":1,"log":false}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 84 {"action":"pass","flow-limit":{"count":1,"log":false}} +Filter 84 {"action":"pass","flow-limit":1} (filter-limit) inet/filter/FORWARD -j limit-77 inet6/filter/FORWARD -j limit-77 @@ -1233,12 +1061,16 @@ Filter 84 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-77 inet/filter/OUTPUT -j limit-77 inet6/filter/OUTPUT -j limit-77 - inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 + inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 + inet/filter/logdrop-26 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG + inet/filter/logdrop-26 -j DROP + inet6/filter/logdrop-26 -j DROP inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 85 {"flow-limit":{"count":1,"log":false},"log":true} +Filter 85 {"flow-limit":1,"log":true} (filter-limit) inet/filter/FORWARD -j limit-78 inet6/filter/FORWARD -j limit-78 @@ -1246,22 +1078,26 @@ Filter 85 {"flow-limit":{"count":1,"log":false},"log":t inet6/filter/INPUT -j limit-78 inet/filter/OUTPUT -j limit-78 inet6/filter/OUTPUT -j limit-78 - inet/filter/limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 + inet6/filter/limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 + inet/filter/logdrop-27 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-27 -m limit --limit 1/second -j LOG + inet/filter/logdrop-27 -j DROP + inet6/filter/logdrop-27 -j DROP inet/filter/limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set inet6/filter/limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-3 - inet6/filter/FORWARD -j logaccept-final-3 - inet/filter/INPUT -j logaccept-final-3 - inet6/filter/INPUT -j logaccept-final-3 - inet/filter/OUTPUT -j logaccept-final-3 - inet6/filter/OUTPUT -j logaccept-final-3 - inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-3 -j ACCEPT - inet6/filter/logaccept-final-3 -j ACCEPT + inet/filter/FORWARD -j logaccept-final-0 + inet6/filter/FORWARD -j logaccept-final-0 + inet/filter/INPUT -j logaccept-final-0 + inet6/filter/INPUT -j logaccept-final-0 + inet/filter/OUTPUT -j logaccept-final-0 + inet6/filter/OUTPUT -j logaccept-final-0 + inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-0 -j ACCEPT + inet6/filter/logaccept-final-0 -j ACCEPT -Filter 86 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} +Filter 86 {"action":"pass","flow-limit":1,"log":true} (filter-limit) inet/filter/FORWARD -j limit-79 inet6/filter/FORWARD -j limit-79 @@ -1269,12 +1105,16 @@ Filter 86 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-79 inet/filter/OUTPUT -j limit-79 inet6/filter/OUTPUT -j limit-79 - inet/filter/limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 + inet6/filter/limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 + inet/filter/logdrop-28 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-28 -m limit --limit 1/second -j LOG + inet/filter/logdrop-28 -j DROP + inet6/filter/logdrop-28 -j DROP inet/filter/limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG inet6/filter/limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 87 {"flow-limit":{"count":1,"log":false},"log":"none"} +Filter 87 {"flow-limit":1,"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-80 inet6/filter/FORWARD -j limit-80 @@ -1282,8 +1122,12 @@ Filter 87 {"flow-limit":{"count":1,"log":false},"log":" inet6/filter/INPUT -j limit-80 inet/filter/OUTPUT -j limit-80 inet6/filter/OUTPUT -j limit-80 - inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 + inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 + inet/filter/logdrop-29 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-29 -m limit --limit 1/second -j LOG + inet/filter/logdrop-29 -j DROP + inet6/filter/logdrop-29 -j DROP inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT @@ -1293,7 +1137,7 @@ Filter 87 {"flow-limit":{"count":1,"log":false},"log":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 88 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} +Filter 88 {"action":"pass","flow-limit":1,"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-81 inet6/filter/FORWARD -j limit-81 @@ -1301,12 +1145,16 @@ Filter 88 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-81 inet/filter/OUTPUT -j limit-81 inet6/filter/OUTPUT -j limit-81 - inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 + inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 + inet/filter/logdrop-30 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-30 -m limit --limit 1/second -j LOG + inet/filter/logdrop-30 -j DROP + inet6/filter/logdrop-30 -j DROP inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 89 {"flow-limit":{"count":1,"log":false,"name":"foo"}} +Filter 89 {"flow-limit":{"count":1}} (filter-limit) inet/filter/FORWARD -j limit-82 inet6/filter/FORWARD -j limit-82 @@ -1314,10 +1162,14 @@ Filter 89 {"flow-limit":{"count":1,"log":false,"name":" inet6/filter/INPUT -j limit-82 inet/filter/OUTPUT -j limit-82 inet6/filter/OUTPUT -j limit-82 - inet/filter/limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 + inet6/filter/limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 + inet/filter/logdrop-31 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-31 -m limit --limit 1/second -j LOG + inet/filter/logdrop-31 -j DROP + inet6/filter/logdrop-31 -j DROP + inet/filter/limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1325,7 +1177,7 @@ Filter 89 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 90 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"}} +Filter 90 {"action":"pass","flow-limit":{"count":1}} (filter-limit) inet/filter/FORWARD -j limit-83 inet6/filter/FORWARD -j limit-83 @@ -1333,12 +1185,16 @@ Filter 90 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-83 inet/filter/OUTPUT -j limit-83 inet6/filter/OUTPUT -j limit-83 - inet/filter/limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 + inet6/filter/limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 + inet/filter/logdrop-32 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-32 -m limit --limit 1/second -j LOG + inet/filter/logdrop-32 -j DROP + inet6/filter/logdrop-32 -j DROP + inet/filter/limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 91 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} +Filter 91 {"flow-limit":{"count":1},"log":true} (filter-limit) inet/filter/FORWARD -j limit-84 inet6/filter/FORWARD -j limit-84 @@ -1346,22 +1202,26 @@ Filter 91 {"flow-limit":{"count":1,"log":false,"name":" inet6/filter/INPUT -j limit-84 inet/filter/OUTPUT -j limit-84 inet6/filter/OUTPUT -j limit-84 - inet/filter/limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-4 - inet6/filter/FORWARD -j logaccept-final-4 - inet/filter/INPUT -j logaccept-final-4 - inet6/filter/INPUT -j logaccept-final-4 - inet/filter/OUTPUT -j logaccept-final-4 - inet6/filter/OUTPUT -j logaccept-final-4 - inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-4 -j ACCEPT - inet6/filter/logaccept-final-4 -j ACCEPT + inet/filter/limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 + inet6/filter/limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 + inet/filter/logdrop-33 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-33 -m limit --limit 1/second -j LOG + inet/filter/logdrop-33 -j DROP + inet6/filter/logdrop-33 -j DROP + inet/filter/limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-1 + inet6/filter/FORWARD -j logaccept-final-1 + inet/filter/INPUT -j logaccept-final-1 + inet6/filter/INPUT -j logaccept-final-1 + inet/filter/OUTPUT -j logaccept-final-1 + inet6/filter/OUTPUT -j logaccept-final-1 + inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-1 -j ACCEPT + inet6/filter/logaccept-final-1 -j ACCEPT -Filter 92 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} +Filter 92 {"action":"pass","flow-limit":{"count":1},"log":true} (filter-limit) inet/filter/FORWARD -j limit-85 inet6/filter/FORWARD -j limit-85 @@ -1369,12 +1229,16 @@ Filter 92 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-85 inet/filter/OUTPUT -j limit-85 inet6/filter/OUTPUT -j limit-85 - inet/filter/limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 + inet6/filter/limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 + inet/filter/logdrop-34 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-34 -m limit --limit 1/second -j LOG + inet/filter/logdrop-34 -j DROP + inet6/filter/logdrop-34 -j DROP + inet/filter/limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 93 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +Filter 93 {"flow-limit":{"count":1},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-86 inet6/filter/FORWARD -j limit-86 @@ -1382,10 +1246,14 @@ Filter 93 {"flow-limit":{"count":1,"log":false,"name":" inet6/filter/INPUT -j limit-86 inet/filter/OUTPUT -j limit-86 inet6/filter/OUTPUT -j limit-86 - inet/filter/limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 + inet6/filter/limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 + inet/filter/logdrop-35 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-35 -m limit --limit 1/second -j LOG + inet/filter/logdrop-35 -j DROP + inet6/filter/logdrop-35 -j DROP + inet/filter/limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1393,7 +1261,7 @@ Filter 93 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 94 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +Filter 94 {"action":"pass","flow-limit":{"count":1},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-87 inet6/filter/FORWARD -j limit-87 @@ -1401,12 +1269,16 @@ Filter 94 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-87 inet/filter/OUTPUT -j limit-87 inet6/filter/OUTPUT -j limit-87 - inet/filter/limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 + inet6/filter/limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 + inet/filter/logdrop-36 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-36 -m limit --limit 1/second -j LOG + inet/filter/logdrop-36 -j DROP + inet6/filter/logdrop-36 -j DROP + inet/filter/limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 95 {"flow-limit":{"count":1,"log":"none"}} +Filter 95 {"flow-limit":{"count":1,"name":"foo"}} (filter-limit) inet/filter/FORWARD -j limit-88 inet6/filter/FORWARD -j limit-88 @@ -1414,10 +1286,14 @@ Filter 95 {"flow-limit":{"count":1,"log":"none"}} inet6/filter/INPUT -j limit-88 inet/filter/OUTPUT -j limit-88 inet6/filter/OUTPUT -j limit-88 - inet/filter/limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 + inet6/filter/limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 + inet/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet/filter/logdrop-37 -j DROP + inet6/filter/logdrop-37 -j DROP + inet/filter/limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1425,7 +1301,7 @@ Filter 95 {"flow-limit":{"count":1,"log":"none"}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 96 {"action":"pass","flow-limit":{"count":1,"log":"none"}} +Filter 96 {"action":"pass","flow-limit":{"count":1,"name":"foo"}} (filter-limit) inet/filter/FORWARD -j limit-89 inet6/filter/FORWARD -j limit-89 @@ -1433,12 +1309,16 @@ Filter 96 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-89 inet/filter/OUTPUT -j limit-89 inet6/filter/OUTPUT -j limit-89 - inet/filter/limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 + inet6/filter/limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 + inet/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet/filter/logdrop-38 -j DROP + inet6/filter/logdrop-38 -j DROP + inet/filter/limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 97 {"flow-limit":{"count":1,"log":"none"},"log":true} +Filter 97 {"flow-limit":{"count":1,"name":"foo"},"log":true} (filter-limit) inet/filter/FORWARD -j limit-90 inet6/filter/FORWARD -j limit-90 @@ -1446,22 +1326,26 @@ Filter 97 {"flow-limit":{"count":1,"log":"none"},"log": inet6/filter/INPUT -j limit-90 inet/filter/OUTPUT -j limit-90 inet6/filter/OUTPUT -j limit-90 - inet/filter/limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-5 - inet6/filter/FORWARD -j logaccept-final-5 - inet/filter/INPUT -j logaccept-final-5 - inet6/filter/INPUT -j logaccept-final-5 - inet/filter/OUTPUT -j logaccept-final-5 - inet6/filter/OUTPUT -j logaccept-final-5 - inet/filter/logaccept-final-5 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-5 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-5 -j ACCEPT - inet6/filter/logaccept-final-5 -j ACCEPT + inet/filter/limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 + inet6/filter/limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 + inet/filter/logdrop-39 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-39 -m limit --limit 1/second -j LOG + inet/filter/logdrop-39 -j DROP + inet6/filter/logdrop-39 -j DROP + inet/filter/limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-2 + inet6/filter/FORWARD -j logaccept-final-2 + inet/filter/INPUT -j logaccept-final-2 + inet6/filter/INPUT -j logaccept-final-2 + inet/filter/OUTPUT -j logaccept-final-2 + inet6/filter/OUTPUT -j logaccept-final-2 + inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-2 -j ACCEPT + inet6/filter/logaccept-final-2 -j ACCEPT -Filter 98 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} +Filter 98 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":true} (filter-limit) inet/filter/FORWARD -j limit-91 inet6/filter/FORWARD -j limit-91 @@ -1469,12 +1353,16 @@ Filter 98 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-91 inet/filter/OUTPUT -j limit-91 inet6/filter/OUTPUT -j limit-91 - inet/filter/limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 + inet6/filter/limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 + inet/filter/logdrop-40 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-40 -m limit --limit 1/second -j LOG + inet/filter/logdrop-40 -j DROP + inet6/filter/logdrop-40 -j DROP + inet/filter/limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 99 {"flow-limit":{"count":1,"log":"none"},"log":"none"} +Filter 99 {"flow-limit":{"count":1,"name":"foo"},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-92 inet6/filter/FORWARD -j limit-92 @@ -1482,10 +1370,14 @@ Filter 99 {"flow-limit":{"count":1,"log":"none"},"log": inet6/filter/INPUT -j limit-92 inet/filter/OUTPUT -j limit-92 inet6/filter/OUTPUT -j limit-92 - inet/filter/limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 + inet6/filter/limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 + inet/filter/logdrop-41 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-41 -m limit --limit 1/second -j LOG + inet/filter/logdrop-41 -j DROP + inet6/filter/logdrop-41 -j DROP + inet/filter/limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1493,7 +1385,7 @@ Filter 99 {"flow-limit":{"count":1,"log":"none"},"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 100 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} +Filter 100 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-93 inet6/filter/FORWARD -j limit-93 @@ -1501,12 +1393,16 @@ Filter 100 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-93 inet/filter/OUTPUT -j limit-93 inet6/filter/OUTPUT -j limit-93 - inet/filter/limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 + inet6/filter/limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 + inet/filter/logdrop-42 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-42 -m limit --limit 1/second -j LOG + inet/filter/logdrop-42 -j DROP + inet6/filter/logdrop-42 -j DROP + inet/filter/limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 101 {"flow-limit":{"count":1,"log":"none","name":"foo"}} +Filter 101 {"flow-limit":{"count":1,"name":"foo","update":false}} (filter-limit) inet/filter/FORWARD -j limit-94 inet6/filter/FORWARD -j limit-94 @@ -1514,10 +1410,12 @@ Filter 101 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-94 inet/filter/OUTPUT -j limit-94 inet6/filter/OUTPUT -j limit-94 - inet/filter/limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-43 + inet6/filter/limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-43 + inet/filter/logdrop-43 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-43 -m limit --limit 1/second -j LOG + inet/filter/logdrop-43 -j DROP + inet6/filter/logdrop-43 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1525,7 +1423,7 @@ Filter 101 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 102 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"}} +Filter 102 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false}} (filter-limit) inet/filter/FORWARD -j limit-95 inet6/filter/FORWARD -j limit-95 @@ -1533,12 +1431,14 @@ Filter 102 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-95 inet/filter/OUTPUT -j limit-95 inet6/filter/OUTPUT -j limit-95 - inet/filter/limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-44 + inet6/filter/limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-44 + inet/filter/logdrop-44 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG + inet/filter/logdrop-44 -j DROP + inet6/filter/logdrop-44 -j DROP -Filter 103 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +Filter 103 {"flow-limit":{"count":1,"name":"foo","update":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-96 inet6/filter/FORWARD -j limit-96 @@ -1546,22 +1446,24 @@ Filter 103 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-96 inet/filter/OUTPUT -j limit-96 inet6/filter/OUTPUT -j limit-96 - inet/filter/limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-6 - inet6/filter/FORWARD -j logaccept-final-6 - inet/filter/INPUT -j logaccept-final-6 - inet6/filter/INPUT -j logaccept-final-6 - inet/filter/OUTPUT -j logaccept-final-6 - inet6/filter/OUTPUT -j logaccept-final-6 - inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-6 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-6 -j ACCEPT - inet6/filter/logaccept-final-6 -j ACCEPT + inet/filter/limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-45 + inet6/filter/limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-45 + inet/filter/logdrop-45 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-45 -m limit --limit 1/second -j LOG + inet/filter/logdrop-45 -j DROP + inet6/filter/logdrop-45 -j DROP + inet/filter/FORWARD -j logaccept-final-3 + inet6/filter/FORWARD -j logaccept-final-3 + inet/filter/INPUT -j logaccept-final-3 + inet6/filter/INPUT -j logaccept-final-3 + inet/filter/OUTPUT -j logaccept-final-3 + inet6/filter/OUTPUT -j logaccept-final-3 + inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-3 -j ACCEPT + inet6/filter/logaccept-final-3 -j ACCEPT -Filter 104 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +Filter 104 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-97 inet6/filter/FORWARD -j limit-97 @@ -1569,12 +1471,16 @@ Filter 104 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-97 inet/filter/OUTPUT -j limit-97 inet6/filter/OUTPUT -j limit-97 - inet/filter/limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-46 + inet6/filter/limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-46 + inet/filter/logdrop-46 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-46 -m limit --limit 1/second -j LOG + inet/filter/logdrop-46 -j DROP + inet6/filter/logdrop-46 -j DROP + inet/filter/limit-97 -m limit --limit 1/second -j LOG + inet6/filter/limit-97 -m limit --limit 1/second -j LOG -Filter 105 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +Filter 105 {"flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-98 inet6/filter/FORWARD -j limit-98 @@ -1582,10 +1488,12 @@ Filter 105 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-98 inet/filter/OUTPUT -j limit-98 inet6/filter/OUTPUT -j limit-98 - inet/filter/limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-47 + inet6/filter/limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-47 + inet/filter/logdrop-47 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-47 -m limit --limit 1/second -j LOG + inet/filter/logdrop-47 -j DROP + inet6/filter/logdrop-47 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1593,7 +1501,7 @@ Filter 105 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 106 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +Filter 106 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-99 inet6/filter/FORWARD -j limit-99 @@ -1601,12 +1509,14 @@ Filter 106 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-99 inet/filter/OUTPUT -j limit-99 inet6/filter/OUTPUT -j limit-99 - inet/filter/limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-48 + inet6/filter/limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-48 + inet/filter/logdrop-48 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-48 -m limit --limit 1/second -j LOG + inet/filter/logdrop-48 -j DROP + inet6/filter/logdrop-48 -j DROP -Filter 107 {"flow-limit":30} +Filter 107 {"flow-limit":{"count":1,"log":false}} (filter-limit) inet/filter/FORWARD -j limit-100 inet6/filter/FORWARD -j limit-100 @@ -1614,12 +1524,10 @@ Filter 107 {"flow-limit":30} inet6/filter/INPUT -j limit-100 inet/filter/OUTPUT -j limit-100 inet6/filter/OUTPUT -j limit-100 - inet/filter/limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j RETURN - inet6/filter/limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j RETURN - inet/filter/limit-100 -m limit --limit 1/second -j LOG - inet6/filter/limit-100 -m limit --limit 1/second -j LOG - inet/filter/limit-100 -j DROP - inet6/filter/limit-100 -j DROP + inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1627,7 +1535,7 @@ Filter 107 {"flow-limit":30} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 108 {"action":"pass","flow-limit":30} +Filter 108 {"action":"pass","flow-limit":{"count":1,"log":false}} (filter-limit) inet/filter/FORWARD -j limit-101 inet6/filter/FORWARD -j limit-101 @@ -1635,14 +1543,12 @@ Filter 108 {"action":"pass","flow-limit":30} inet6/filter/INPUT -j limit-101 inet/filter/OUTPUT -j limit-101 inet6/filter/OUTPUT -j limit-101 - inet/filter/limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN - inet6/filter/limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN - inet/filter/limit-101 -m limit --limit 1/second -j LOG - inet6/filter/limit-101 -m limit --limit 1/second -j LOG - inet/filter/limit-101 -j DROP - inet6/filter/limit-101 -j DROP + inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 109 {"flow-limit":30,"log":true} +Filter 109 {"flow-limit":{"count":1,"log":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-102 inet6/filter/FORWARD -j limit-102 @@ -1650,24 +1556,22 @@ Filter 109 {"flow-limit":30,"log":true} inet6/filter/INPUT -j limit-102 inet/filter/OUTPUT -j limit-102 inet6/filter/OUTPUT -j limit-102 - inet/filter/limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j RETURN - inet6/filter/limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j RETURN - inet/filter/limit-102 -m limit --limit 1/second -j LOG - inet6/filter/limit-102 -m limit --limit 1/second -j LOG - inet/filter/limit-102 -j DROP - inet6/filter/limit-102 -j DROP - inet/filter/FORWARD -j logaccept-final-7 - inet6/filter/FORWARD -j logaccept-final-7 - inet/filter/INPUT -j logaccept-final-7 - inet6/filter/INPUT -j logaccept-final-7 - inet/filter/OUTPUT -j logaccept-final-7 - inet6/filter/OUTPUT -j logaccept-final-7 - inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-7 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-7 -j ACCEPT - inet6/filter/logaccept-final-7 -j ACCEPT + inet/filter/limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-4 + inet6/filter/FORWARD -j logaccept-final-4 + inet/filter/INPUT -j logaccept-final-4 + inet6/filter/INPUT -j logaccept-final-4 + inet/filter/OUTPUT -j logaccept-final-4 + inet6/filter/OUTPUT -j logaccept-final-4 + inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-4 -j ACCEPT + inet6/filter/logaccept-final-4 -j ACCEPT -Filter 110 {"flow-limit":30,"log":"none"} +Filter 110 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-103 inet6/filter/FORWARD -j limit-103 @@ -1675,20 +1579,12 @@ Filter 110 {"flow-limit":30,"log":"none"} inet6/filter/INPUT -j limit-103 inet/filter/OUTPUT -j limit-103 inet6/filter/OUTPUT -j limit-103 - inet/filter/limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j RETURN - inet6/filter/limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j RETURN - inet/filter/limit-103 -m limit --limit 1/second -j LOG - inet6/filter/limit-103 -m limit --limit 1/second -j LOG - inet/filter/limit-103 -j DROP - inet6/filter/limit-103 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 111 {"flow-limit":{"count":30}} +Filter 111 {"flow-limit":{"count":1,"log":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-104 inet6/filter/FORWARD -j limit-104 @@ -1696,12 +1592,10 @@ Filter 111 {"flow-limit":{"count":30}} inet6/filter/INPUT -j limit-104 inet/filter/OUTPUT -j limit-104 inet6/filter/OUTPUT -j limit-104 - inet/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j RETURN - inet6/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j RETURN - inet/filter/limit-104 -m limit --limit 1/second -j LOG - inet6/filter/limit-104 -m limit --limit 1/second -j LOG - inet/filter/limit-104 -j DROP - inet6/filter/limit-104 -j DROP + inet/filter/limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1709,7 +1603,7 @@ Filter 111 {"flow-limit":{"count":30}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 112 {"action":"pass","flow-limit":{"count":30}} +Filter 112 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-105 inet6/filter/FORWARD -j limit-105 @@ -1717,14 +1611,12 @@ Filter 112 {"action":"pass","flow-limit":{"count":30}} inet6/filter/INPUT -j limit-105 inet/filter/OUTPUT -j limit-105 inet6/filter/OUTPUT -j limit-105 - inet/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN - inet6/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN - inet/filter/limit-105 -m limit --limit 1/second -j LOG - inet6/filter/limit-105 -m limit --limit 1/second -j LOG - inet/filter/limit-105 -j DROP - inet6/filter/limit-105 -j DROP + inet/filter/limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 113 {"flow-limit":{"count":30},"log":true} +Filter 113 {"flow-limit":{"count":1,"log":false,"name":"foo"}} (filter-limit) inet/filter/FORWARD -j limit-106 inet6/filter/FORWARD -j limit-106 @@ -1732,24 +1624,18 @@ Filter 113 {"flow-limit":{"count":30},"log":true} inet6/filter/INPUT -j limit-106 inet/filter/OUTPUT -j limit-106 inet6/filter/OUTPUT -j limit-106 - inet/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j RETURN - inet6/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j RETURN - inet/filter/limit-106 -m limit --limit 1/second -j LOG - inet6/filter/limit-106 -m limit --limit 1/second -j LOG - inet/filter/limit-106 -j DROP - inet6/filter/limit-106 -j DROP - inet/filter/FORWARD -j logaccept-final-8 - inet6/filter/FORWARD -j logaccept-final-8 - inet/filter/INPUT -j logaccept-final-8 - inet6/filter/INPUT -j logaccept-final-8 - inet/filter/OUTPUT -j logaccept-final-8 - inet6/filter/OUTPUT -j logaccept-final-8 - inet/filter/logaccept-final-8 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-8 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-8 -j ACCEPT - inet6/filter/logaccept-final-8 -j ACCEPT + inet/filter/limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT -Filter 114 {"flow-limit":{"count":30},"log":"none"} +Filter 114 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"}} (filter-limit) inet/filter/FORWARD -j limit-107 inet6/filter/FORWARD -j limit-107 @@ -1757,20 +1643,12 @@ Filter 114 {"flow-limit":{"count":30},"log":"none"} inet6/filter/INPUT -j limit-107 inet/filter/OUTPUT -j limit-107 inet6/filter/OUTPUT -j limit-107 - inet/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j RETURN - inet6/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j RETURN - inet/filter/limit-107 -m limit --limit 1/second -j LOG - inet6/filter/limit-107 -m limit --limit 1/second -j LOG - inet/filter/limit-107 -j DROP - inet6/filter/limit-107 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 115 {"flow-limit":{"count":30,"log":false}} +Filter 115 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} (filter-limit) inet/filter/FORWARD -j limit-108 inet6/filter/FORWARD -j limit-108 @@ -1778,18 +1656,22 @@ Filter 115 {"flow-limit":{"count":30,"log":false}} inet6/filter/INPUT -j limit-108 inet/filter/OUTPUT -j limit-108 inet6/filter/OUTPUT -j limit-108 - inet/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j RETURN - inet6/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j RETURN - inet/filter/limit-108 -j DROP - inet6/filter/limit-108 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-5 + inet6/filter/FORWARD -j logaccept-final-5 + inet/filter/INPUT -j logaccept-final-5 + inet6/filter/INPUT -j logaccept-final-5 + inet/filter/OUTPUT -j logaccept-final-5 + inet6/filter/OUTPUT -j logaccept-final-5 + inet/filter/logaccept-final-5 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-5 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-5 -j ACCEPT + inet6/filter/logaccept-final-5 -j ACCEPT -Filter 116 {"action":"pass","flow-limit":{"count":30,"log":false}} +Filter 116 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} (filter-limit) inet/filter/FORWARD -j limit-109 inet6/filter/FORWARD -j limit-109 @@ -1797,12 +1679,12 @@ Filter 116 {"action":"pass","flow-limit":{"count":30,"lo inet6/filter/INPUT -j limit-109 inet/filter/OUTPUT -j limit-109 inet6/filter/OUTPUT -j limit-109 - inet/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN - inet6/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN - inet/filter/limit-109 -j DROP - inet6/filter/limit-109 -j DROP + inet/filter/limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 117 {"flow-limit":{"count":30,"log":false},"log":true} +Filter 117 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-110 inet6/filter/FORWARD -j limit-110 @@ -1810,22 +1692,18 @@ Filter 117 {"flow-limit":{"count":30,"log":false},"log": inet6/filter/INPUT -j limit-110 inet/filter/OUTPUT -j limit-110 inet6/filter/OUTPUT -j limit-110 - inet/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j RETURN - inet6/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j RETURN - inet/filter/limit-110 -j DROP - inet6/filter/limit-110 -j DROP - inet/filter/FORWARD -j logaccept-final-9 - inet6/filter/FORWARD -j logaccept-final-9 - inet/filter/INPUT -j logaccept-final-9 - inet6/filter/INPUT -j logaccept-final-9 - inet/filter/OUTPUT -j logaccept-final-9 - inet6/filter/OUTPUT -j logaccept-final-9 - inet/filter/logaccept-final-9 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-9 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-9 -j ACCEPT - inet6/filter/logaccept-final-9 -j ACCEPT + inet/filter/limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT -Filter 118 {"flow-limit":{"count":30,"log":false},"log":"none"} +Filter 118 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-111 inet6/filter/FORWARD -j limit-111 @@ -1833,18 +1711,12 @@ Filter 118 {"flow-limit":{"count":30,"log":false},"log": inet6/filter/INPUT -j limit-111 inet/filter/OUTPUT -j limit-111 inet6/filter/OUTPUT -j limit-111 - inet/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j RETURN - inet6/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j RETURN - inet/filter/limit-111 -j DROP - inet6/filter/limit-111 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 119 {"flow-limit":{"count":30,"log":"none"}} +Filter 119 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false}} (filter-limit) inet/filter/FORWARD -j limit-112 inet6/filter/FORWARD -j limit-112 @@ -1852,10 +1724,8 @@ Filter 119 {"flow-limit":{"count":30,"log":"none"}} inet6/filter/INPUT -j limit-112 inet/filter/OUTPUT -j limit-112 inet6/filter/OUTPUT -j limit-112 - inet/filter/limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j RETURN - inet6/filter/limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j RETURN - inet/filter/limit-112 -j DROP - inet6/filter/limit-112 -j DROP + inet/filter/limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1863,7 +1733,7 @@ Filter 119 {"flow-limit":{"count":30,"log":"none"}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 120 {"action":"pass","flow-limit":{"count":30,"log":"none"}} +Filter 120 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false}} (filter-limit) inet/filter/FORWARD -j limit-113 inet6/filter/FORWARD -j limit-113 @@ -1871,12 +1741,10 @@ Filter 120 {"action":"pass","flow-limit":{"count":30,"lo inet6/filter/INPUT -j limit-113 inet/filter/OUTPUT -j limit-113 inet6/filter/OUTPUT -j limit-113 - inet/filter/limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN - inet6/filter/limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN - inet/filter/limit-113 -j DROP - inet6/filter/limit-113 -j DROP + inet/filter/limit-113 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-113 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 121 {"flow-limit":{"count":30,"log":"none"},"log":true} +Filter 121 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-114 inet6/filter/FORWARD -j limit-114 @@ -1884,10 +1752,400 @@ Filter 121 {"flow-limit":{"count":30,"log":"none"},"log" inet6/filter/INPUT -j limit-114 inet/filter/OUTPUT -j limit-114 inet6/filter/OUTPUT -j limit-114 - inet/filter/limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j RETURN - inet6/filter/limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j RETURN - inet/filter/limit-114 -j DROP - inet6/filter/limit-114 -j DROP + inet/filter/limit-114 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-114 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j logaccept-final-6 + inet6/filter/FORWARD -j logaccept-final-6 + inet/filter/INPUT -j logaccept-final-6 + inet6/filter/INPUT -j logaccept-final-6 + inet/filter/OUTPUT -j logaccept-final-6 + inet6/filter/OUTPUT -j logaccept-final-6 + inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-6 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-6 -j ACCEPT + inet6/filter/logaccept-final-6 -j ACCEPT + +Filter 122 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-115 + inet6/filter/FORWARD -j limit-115 + inet/filter/INPUT -j limit-115 + inet6/filter/INPUT -j limit-115 + inet/filter/OUTPUT -j limit-115 + inet6/filter/OUTPUT -j limit-115 + inet/filter/limit-115 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-115 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-115 -m limit --limit 1/second -j LOG + inet6/filter/limit-115 -m limit --limit 1/second -j LOG + +Filter 123 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-116 + inet6/filter/FORWARD -j limit-116 + inet/filter/INPUT -j limit-116 + inet6/filter/INPUT -j limit-116 + inet/filter/OUTPUT -j limit-116 + inet6/filter/OUTPUT -j limit-116 + inet/filter/limit-116 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-116 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 124 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-117 + inet6/filter/FORWARD -j limit-117 + inet/filter/INPUT -j limit-117 + inet6/filter/INPUT -j limit-117 + inet/filter/OUTPUT -j limit-117 + inet6/filter/OUTPUT -j limit-117 + inet/filter/limit-117 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-117 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 125 {"flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-118 + inet6/filter/FORWARD -j limit-118 + inet/filter/INPUT -j limit-118 + inet6/filter/INPUT -j limit-118 + inet/filter/OUTPUT -j limit-118 + inet6/filter/OUTPUT -j limit-118 + inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 126 {"action":"pass","flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-119 + inet6/filter/FORWARD -j limit-119 + inet/filter/INPUT -j limit-119 + inet6/filter/INPUT -j limit-119 + inet/filter/OUTPUT -j limit-119 + inet6/filter/OUTPUT -j limit-119 + inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 127 {"flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-120 + inet6/filter/FORWARD -j limit-120 + inet/filter/INPUT -j limit-120 + inet6/filter/INPUT -j limit-120 + inet/filter/OUTPUT -j limit-120 + inet6/filter/OUTPUT -j limit-120 + inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-7 + inet6/filter/FORWARD -j logaccept-final-7 + inet/filter/INPUT -j logaccept-final-7 + inet6/filter/INPUT -j logaccept-final-7 + inet/filter/OUTPUT -j logaccept-final-7 + inet6/filter/OUTPUT -j logaccept-final-7 + inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-7 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-7 -j ACCEPT + inet6/filter/logaccept-final-7 -j ACCEPT + +Filter 128 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-121 + inet6/filter/FORWARD -j limit-121 + inet/filter/INPUT -j limit-121 + inet6/filter/INPUT -j limit-121 + inet/filter/OUTPUT -j limit-121 + inet6/filter/OUTPUT -j limit-121 + inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 129 {"flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-122 + inet6/filter/FORWARD -j limit-122 + inet/filter/INPUT -j limit-122 + inet6/filter/INPUT -j limit-122 + inet/filter/OUTPUT -j limit-122 + inet6/filter/OUTPUT -j limit-122 + inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 130 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-123 + inet6/filter/FORWARD -j limit-123 + inet/filter/INPUT -j limit-123 + inet6/filter/INPUT -j limit-123 + inet/filter/OUTPUT -j limit-123 + inet6/filter/OUTPUT -j limit-123 + inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 131 {"flow-limit":{"count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-124 + inet6/filter/FORWARD -j limit-124 + inet/filter/INPUT -j limit-124 + inet6/filter/INPUT -j limit-124 + inet/filter/OUTPUT -j limit-124 + inet6/filter/OUTPUT -j limit-124 + inet/filter/limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 132 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-125 + inet6/filter/FORWARD -j limit-125 + inet/filter/INPUT -j limit-125 + inet6/filter/INPUT -j limit-125 + inet/filter/OUTPUT -j limit-125 + inet6/filter/OUTPUT -j limit-125 + inet/filter/limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 133 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-126 + inet6/filter/FORWARD -j limit-126 + inet/filter/INPUT -j limit-126 + inet6/filter/INPUT -j limit-126 + inet/filter/OUTPUT -j limit-126 + inet6/filter/OUTPUT -j limit-126 + inet/filter/limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-8 + inet6/filter/FORWARD -j logaccept-final-8 + inet/filter/INPUT -j logaccept-final-8 + inet6/filter/INPUT -j logaccept-final-8 + inet/filter/OUTPUT -j logaccept-final-8 + inet6/filter/OUTPUT -j logaccept-final-8 + inet/filter/logaccept-final-8 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-8 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-8 -j ACCEPT + inet6/filter/logaccept-final-8 -j ACCEPT + +Filter 134 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-127 + inet6/filter/FORWARD -j limit-127 + inet/filter/INPUT -j limit-127 + inet6/filter/INPUT -j limit-127 + inet/filter/OUTPUT -j limit-127 + inet6/filter/OUTPUT -j limit-127 + inet/filter/limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 135 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-128 + inet6/filter/FORWARD -j limit-128 + inet/filter/INPUT -j limit-128 + inet6/filter/INPUT -j limit-128 + inet/filter/OUTPUT -j limit-128 + inet6/filter/OUTPUT -j limit-128 + inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 136 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-129 + inet6/filter/FORWARD -j limit-129 + inet/filter/INPUT -j limit-129 + inet6/filter/INPUT -j limit-129 + inet/filter/OUTPUT -j limit-129 + inet6/filter/OUTPUT -j limit-129 + inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 137 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-130 + inet6/filter/FORWARD -j limit-130 + inet/filter/INPUT -j limit-130 + inet6/filter/INPUT -j limit-130 + inet/filter/OUTPUT -j limit-130 + inet6/filter/OUTPUT -j limit-130 + inet/filter/limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 138 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-131 + inet6/filter/FORWARD -j limit-131 + inet/filter/INPUT -j limit-131 + inet6/filter/INPUT -j limit-131 + inet/filter/OUTPUT -j limit-131 + inet6/filter/OUTPUT -j limit-131 + inet/filter/limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 139 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-132 + inet6/filter/FORWARD -j limit-132 + inet/filter/INPUT -j limit-132 + inet6/filter/INPUT -j limit-132 + inet/filter/OUTPUT -j limit-132 + inet6/filter/OUTPUT -j limit-132 + inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j logaccept-final-9 + inet6/filter/FORWARD -j logaccept-final-9 + inet/filter/INPUT -j logaccept-final-9 + inet6/filter/INPUT -j logaccept-final-9 + inet/filter/OUTPUT -j logaccept-final-9 + inet6/filter/OUTPUT -j logaccept-final-9 + inet/filter/logaccept-final-9 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-9 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-9 -j ACCEPT + inet6/filter/logaccept-final-9 -j ACCEPT + +Filter 140 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-133 + inet6/filter/FORWARD -j limit-133 + inet/filter/INPUT -j limit-133 + inet6/filter/INPUT -j limit-133 + inet/filter/OUTPUT -j limit-133 + inet6/filter/OUTPUT -j limit-133 + inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-133 -m limit --limit 1/second -j LOG + inet6/filter/limit-133 -m limit --limit 1/second -j LOG + +Filter 141 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-134 + inet6/filter/FORWARD -j limit-134 + inet/filter/INPUT -j limit-134 + inet6/filter/INPUT -j limit-134 + inet/filter/OUTPUT -j limit-134 + inet6/filter/OUTPUT -j limit-134 + inet/filter/limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 142 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-135 + inet6/filter/FORWARD -j limit-135 + inet/filter/INPUT -j limit-135 + inet6/filter/INPUT -j limit-135 + inet/filter/OUTPUT -j limit-135 + inet6/filter/OUTPUT -j limit-135 + inet/filter/limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 143 {"flow-limit":30} +(filter-limit) + inet/filter/FORWARD -j limit-136 + inet6/filter/FORWARD -j limit-136 + inet/filter/INPUT -j limit-136 + inet6/filter/INPUT -j limit-136 + inet/filter/OUTPUT -j limit-136 + inet6/filter/OUTPUT -j limit-136 + inet/filter/limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-136 -j RETURN + inet6/filter/limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-136 -j RETURN + inet/filter/limit-136 -m limit --limit 1/second -j LOG + inet6/filter/limit-136 -m limit --limit 1/second -j LOG + inet/filter/limit-136 -j DROP + inet6/filter/limit-136 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 144 {"action":"pass","flow-limit":30} +(filter-limit) + inet/filter/FORWARD -j limit-137 + inet6/filter/FORWARD -j limit-137 + inet/filter/INPUT -j limit-137 + inet6/filter/INPUT -j limit-137 + inet/filter/OUTPUT -j limit-137 + inet6/filter/OUTPUT -j limit-137 + inet/filter/limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-137 -j RETURN + inet6/filter/limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-137 -j RETURN + inet/filter/limit-137 -m limit --limit 1/second -j LOG + inet6/filter/limit-137 -m limit --limit 1/second -j LOG + inet/filter/limit-137 -j DROP + inet6/filter/limit-137 -j DROP + +Filter 145 {"flow-limit":30,"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-138 + inet6/filter/FORWARD -j limit-138 + inet/filter/INPUT -j limit-138 + inet6/filter/INPUT -j limit-138 + inet/filter/OUTPUT -j limit-138 + inet6/filter/OUTPUT -j limit-138 + inet/filter/limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-138 -j RETURN + inet6/filter/limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-138 -j RETURN + inet/filter/limit-138 -m limit --limit 1/second -j LOG + inet6/filter/limit-138 -m limit --limit 1/second -j LOG + inet/filter/limit-138 -j DROP + inet6/filter/limit-138 -j DROP inet/filter/FORWARD -j logaccept-final-10 inet6/filter/FORWARD -j logaccept-final-10 inet/filter/INPUT -j logaccept-final-10 @@ -1899,18 +2157,176 @@ Filter 121 {"flow-limit":{"count":30,"log":"none"},"log" inet/filter/logaccept-final-10 -j ACCEPT inet6/filter/logaccept-final-10 -j ACCEPT -Filter 122 {"flow-limit":{"count":30,"log":"none"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-115 - inet6/filter/FORWARD -j limit-115 - inet/filter/INPUT -j limit-115 - inet6/filter/INPUT -j limit-115 - inet/filter/OUTPUT -j limit-115 - inet6/filter/OUTPUT -j limit-115 - inet/filter/limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j RETURN - inet6/filter/limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j RETURN - inet/filter/limit-115 -j DROP - inet6/filter/limit-115 -j DROP +Filter 146 {"flow-limit":30,"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-139 + inet6/filter/FORWARD -j limit-139 + inet/filter/INPUT -j limit-139 + inet6/filter/INPUT -j limit-139 + inet/filter/OUTPUT -j limit-139 + inet6/filter/OUTPUT -j limit-139 + inet/filter/limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-139 -j RETURN + inet6/filter/limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-139 -j RETURN + inet/filter/limit-139 -m limit --limit 1/second -j LOG + inet6/filter/limit-139 -m limit --limit 1/second -j LOG + inet/filter/limit-139 -j DROP + inet6/filter/limit-139 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 147 {"flow-limit":{"count":30}} +(filter-limit) + inet/filter/FORWARD -j limit-140 + inet6/filter/FORWARD -j limit-140 + inet/filter/INPUT -j limit-140 + inet6/filter/INPUT -j limit-140 + inet/filter/OUTPUT -j limit-140 + inet6/filter/OUTPUT -j limit-140 + inet/filter/limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-140 -j RETURN + inet6/filter/limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-140 -j RETURN + inet/filter/limit-140 -m limit --limit 1/second -j LOG + inet6/filter/limit-140 -m limit --limit 1/second -j LOG + inet/filter/limit-140 -j DROP + inet6/filter/limit-140 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 148 {"action":"pass","flow-limit":{"count":30}} +(filter-limit) + inet/filter/FORWARD -j limit-141 + inet6/filter/FORWARD -j limit-141 + inet/filter/INPUT -j limit-141 + inet6/filter/INPUT -j limit-141 + inet/filter/OUTPUT -j limit-141 + inet6/filter/OUTPUT -j limit-141 + inet/filter/limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-141 -j RETURN + inet6/filter/limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-141 -j RETURN + inet/filter/limit-141 -m limit --limit 1/second -j LOG + inet6/filter/limit-141 -m limit --limit 1/second -j LOG + inet/filter/limit-141 -j DROP + inet6/filter/limit-141 -j DROP + +Filter 149 {"flow-limit":{"count":30},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-142 + inet6/filter/FORWARD -j limit-142 + inet/filter/INPUT -j limit-142 + inet6/filter/INPUT -j limit-142 + inet/filter/OUTPUT -j limit-142 + inet6/filter/OUTPUT -j limit-142 + inet/filter/limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-142 -j RETURN + inet6/filter/limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-142 -j RETURN + inet/filter/limit-142 -m limit --limit 1/second -j LOG + inet6/filter/limit-142 -m limit --limit 1/second -j LOG + inet/filter/limit-142 -j DROP + inet6/filter/limit-142 -j DROP + inet/filter/FORWARD -j logaccept-final-11 + inet6/filter/FORWARD -j logaccept-final-11 + inet/filter/INPUT -j logaccept-final-11 + inet6/filter/INPUT -j logaccept-final-11 + inet/filter/OUTPUT -j logaccept-final-11 + inet6/filter/OUTPUT -j logaccept-final-11 + inet/filter/logaccept-final-11 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-11 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-11 -j ACCEPT + inet6/filter/logaccept-final-11 -j ACCEPT + +Filter 150 {"flow-limit":{"count":30},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-143 + inet6/filter/FORWARD -j limit-143 + inet/filter/INPUT -j limit-143 + inet6/filter/INPUT -j limit-143 + inet/filter/OUTPUT -j limit-143 + inet6/filter/OUTPUT -j limit-143 + inet/filter/limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-143 -j RETURN + inet6/filter/limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-143 -j RETURN + inet/filter/limit-143 -m limit --limit 1/second -j LOG + inet6/filter/limit-143 -m limit --limit 1/second -j LOG + inet/filter/limit-143 -j DROP + inet6/filter/limit-143 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 151 {"flow-limit":{"count":30,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-144 + inet6/filter/FORWARD -j limit-144 + inet/filter/INPUT -j limit-144 + inet6/filter/INPUT -j limit-144 + inet/filter/OUTPUT -j limit-144 + inet6/filter/OUTPUT -j limit-144 + inet/filter/limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-144 -j RETURN + inet6/filter/limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-144 -j RETURN + inet/filter/limit-144 -j DROP + inet6/filter/limit-144 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 152 {"action":"pass","flow-limit":{"count":30,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-145 + inet6/filter/FORWARD -j limit-145 + inet/filter/INPUT -j limit-145 + inet6/filter/INPUT -j limit-145 + inet/filter/OUTPUT -j limit-145 + inet6/filter/OUTPUT -j limit-145 + inet/filter/limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-145 -j RETURN + inet6/filter/limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-145 -j RETURN + inet/filter/limit-145 -j DROP + inet6/filter/limit-145 -j DROP + +Filter 153 {"flow-limit":{"count":30,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-146 + inet6/filter/FORWARD -j limit-146 + inet/filter/INPUT -j limit-146 + inet6/filter/INPUT -j limit-146 + inet/filter/OUTPUT -j limit-146 + inet6/filter/OUTPUT -j limit-146 + inet/filter/limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-146 -j RETURN + inet6/filter/limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-146 -j RETURN + inet/filter/limit-146 -j DROP + inet6/filter/limit-146 -j DROP + inet/filter/FORWARD -j logaccept-final-12 + inet6/filter/FORWARD -j logaccept-final-12 + inet/filter/INPUT -j logaccept-final-12 + inet6/filter/INPUT -j logaccept-final-12 + inet/filter/OUTPUT -j logaccept-final-12 + inet6/filter/OUTPUT -j logaccept-final-12 + inet/filter/logaccept-final-12 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-12 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-12 -j ACCEPT + inet6/filter/logaccept-final-12 -j ACCEPT + +Filter 154 {"flow-limit":{"count":30,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-147 + inet6/filter/FORWARD -j limit-147 + inet/filter/INPUT -j limit-147 + inet6/filter/INPUT -j limit-147 + inet/filter/OUTPUT -j limit-147 + inet6/filter/OUTPUT -j limit-147 + inet/filter/limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-147 -j RETURN + inet6/filter/limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-147 -j RETURN + inet/filter/limit-147 -j DROP + inet6/filter/limit-147 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1918,18 +2334,92 @@ Filter 122 {"flow-limit":{"count":30,"log":"none"},"log" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 123 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +Filter 155 {"flow-limit":{"count":30,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-148 + inet6/filter/FORWARD -j limit-148 + inet/filter/INPUT -j limit-148 + inet6/filter/INPUT -j limit-148 + inet/filter/OUTPUT -j limit-148 + inet6/filter/OUTPUT -j limit-148 + inet/filter/limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-148 -j RETURN + inet6/filter/limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-148 -j RETURN + inet/filter/limit-148 -j DROP + inet6/filter/limit-148 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 156 {"action":"pass","flow-limit":{"count":30,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-149 + inet6/filter/FORWARD -j limit-149 + inet/filter/INPUT -j limit-149 + inet6/filter/INPUT -j limit-149 + inet/filter/OUTPUT -j limit-149 + inet6/filter/OUTPUT -j limit-149 + inet/filter/limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-149 -j RETURN + inet6/filter/limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-149 -j RETURN + inet/filter/limit-149 -j DROP + inet6/filter/limit-149 -j DROP + +Filter 157 {"flow-limit":{"count":30,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-150 + inet6/filter/FORWARD -j limit-150 + inet/filter/INPUT -j limit-150 + inet6/filter/INPUT -j limit-150 + inet/filter/OUTPUT -j limit-150 + inet6/filter/OUTPUT -j limit-150 + inet/filter/limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-150 -j RETURN + inet6/filter/limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-150 -j RETURN + inet/filter/limit-150 -j DROP + inet6/filter/limit-150 -j DROP + inet/filter/FORWARD -j logaccept-final-13 + inet6/filter/FORWARD -j logaccept-final-13 + inet/filter/INPUT -j logaccept-final-13 + inet6/filter/INPUT -j logaccept-final-13 + inet/filter/OUTPUT -j logaccept-final-13 + inet6/filter/OUTPUT -j logaccept-final-13 + inet/filter/logaccept-final-13 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-13 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-13 -j ACCEPT + inet6/filter/logaccept-final-13 -j ACCEPT + +Filter 158 {"flow-limit":{"count":30,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-151 + inet6/filter/FORWARD -j limit-151 + inet/filter/INPUT -j limit-151 + inet6/filter/INPUT -j limit-151 + inet/filter/OUTPUT -j limit-151 + inet6/filter/OUTPUT -j limit-151 + inet/filter/limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-151 -j RETURN + inet6/filter/limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-151 -j RETURN + inet/filter/limit-151 -j DROP + inet6/filter/limit-151 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 159 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-116 - inet6/filter/INPUT -i eth0 -j limit-116 - inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 - inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 - inet/filter/logdrop-37 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG - inet/filter/logdrop-37 -j DROP - inet6/filter/logdrop-37 -j DROP - inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-152 + inet6/filter/INPUT -i eth0 -j limit-152 + inet/filter/limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 + inet6/filter/limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 + inet/filter/logdrop-49 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-49 -m limit --limit 1/second -j LOG + inet/filter/logdrop-49 -j DROP + inet6/filter/logdrop-49 -j DROP + inet/filter/limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1937,35 +2427,35 @@ Filter 123 {"flow-limit":1,"in":"A","no-track":true,"out inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 124 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +Filter 160 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-117 - inet6/filter/INPUT -i eth0 -j limit-117 - inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 - inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 - inet/filter/logdrop-38 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG - inet/filter/logdrop-38 -j DROP - inet6/filter/logdrop-38 -j DROP - inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-153 + inet6/filter/INPUT -i eth0 -j limit-153 + inet/filter/limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 + inet6/filter/limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 + inet/filter/logdrop-50 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-50 -m limit --limit 1/second -j LOG + inet/filter/logdrop-50 -j DROP + inet6/filter/logdrop-50 -j DROP + inet/filter/limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 125 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 161 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-118 - inet6/filter/INPUT -i eth0 -j limit-118 - inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 - inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 - inet/filter/logdrop-39 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-39 -m limit --limit 1/second -j LOG - inet/filter/logdrop-39 -j DROP - inet6/filter/logdrop-39 -j DROP - inet/filter/limit-118 -m limit --limit 1/second -j LOG - inet6/filter/limit-118 -m limit --limit 1/second -j LOG - inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-154 + inet6/filter/INPUT -i eth0 -j limit-154 + inet/filter/limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 + inet6/filter/limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 + inet/filter/logdrop-51 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-51 -m limit --limit 1/second -j LOG + inet/filter/logdrop-51 -j DROP + inet6/filter/logdrop-51 -j DROP + inet/filter/limit-154 -m limit --limit 1/second -j LOG + inet6/filter/limit-154 -m limit --limit 1/second -j LOG + inet/filter/limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1973,33 +2463,33 @@ Filter 125 {"flow-limit":1,"in":"A","log":true,"no-track inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 126 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 162 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-119 - inet6/filter/INPUT -i eth0 -j limit-119 - inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 - inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 - inet/filter/logdrop-40 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-40 -m limit --limit 1/second -j LOG - inet/filter/logdrop-40 -j DROP - inet6/filter/logdrop-40 -j DROP - inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-155 + inet6/filter/INPUT -i eth0 -j limit-155 + inet/filter/limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 + inet6/filter/limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 + inet/filter/logdrop-52 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-52 -m limit --limit 1/second -j LOG + inet/filter/logdrop-52 -j DROP + inet6/filter/logdrop-52 -j DROP + inet/filter/limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 127 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 163 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-120 - inet6/filter/INPUT -i eth0 -j limit-120 - inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 - inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 - inet/filter/logdrop-41 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-41 -m limit --limit 1/second -j LOG - inet/filter/logdrop-41 -j DROP - inet6/filter/logdrop-41 -j DROP - inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-156 + inet6/filter/INPUT -i eth0 -j limit-156 + inet/filter/limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 + inet6/filter/limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 + inet/filter/logdrop-53 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-53 -m limit --limit 1/second -j LOG + inet/filter/logdrop-53 -j DROP + inet6/filter/logdrop-53 -j DROP + inet/filter/limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2007,33 +2497,33 @@ Filter 127 {"flow-limit":1,"in":"A","log":"none","no-tra inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 128 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 164 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-121 - inet6/filter/INPUT -i eth0 -j limit-121 - inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 - inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 - inet/filter/logdrop-42 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-42 -m limit --limit 1/second -j LOG - inet/filter/logdrop-42 -j DROP - inet6/filter/logdrop-42 -j DROP - inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-157 + inet6/filter/INPUT -i eth0 -j limit-157 + inet/filter/limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 + inet6/filter/limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 + inet/filter/logdrop-54 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-54 -m limit --limit 1/second -j LOG + inet/filter/logdrop-54 -j DROP + inet6/filter/logdrop-54 -j DROP + inet/filter/limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 129 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +Filter 165 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-122 - inet6/filter/INPUT -i eth0 -j limit-122 - inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 - inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 - inet/filter/logdrop-43 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-43 -m limit --limit 1/second -j LOG - inet/filter/logdrop-43 -j DROP - inet6/filter/logdrop-43 -j DROP - inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-158 + inet6/filter/INPUT -i eth0 -j limit-158 + inet/filter/limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-55 + inet6/filter/limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-55 + inet/filter/logdrop-55 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-55 -m limit --limit 1/second -j LOG + inet/filter/logdrop-55 -j DROP + inet6/filter/logdrop-55 -j DROP + inet/filter/limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2041,35 +2531,35 @@ Filter 129 {"flow-limit":{"count":1},"in":"A","no-track" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 130 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +Filter 166 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-123 - inet6/filter/INPUT -i eth0 -j limit-123 - inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 - inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 - inet/filter/logdrop-44 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG - inet/filter/logdrop-44 -j DROP - inet6/filter/logdrop-44 -j DROP - inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-159 + inet6/filter/INPUT -i eth0 -j limit-159 + inet/filter/limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-56 + inet6/filter/limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-56 + inet/filter/logdrop-56 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG + inet/filter/logdrop-56 -j DROP + inet6/filter/logdrop-56 -j DROP + inet/filter/limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 131 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 167 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-124 - inet6/filter/INPUT -i eth0 -j limit-124 - inet/filter/limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 - inet6/filter/limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 - inet/filter/logdrop-45 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-45 -m limit --limit 1/second -j LOG - inet/filter/logdrop-45 -j DROP - inet6/filter/logdrop-45 -j DROP - inet/filter/limit-124 -m limit --limit 1/second -j LOG - inet6/filter/limit-124 -m limit --limit 1/second -j LOG - inet/filter/limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-160 + inet6/filter/INPUT -i eth0 -j limit-160 + inet/filter/limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-57 + inet6/filter/limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-57 + inet/filter/logdrop-57 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-57 -m limit --limit 1/second -j LOG + inet/filter/logdrop-57 -j DROP + inet6/filter/logdrop-57 -j DROP + inet/filter/limit-160 -m limit --limit 1/second -j LOG + inet6/filter/limit-160 -m limit --limit 1/second -j LOG + inet/filter/limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2077,33 +2567,33 @@ Filter 131 {"flow-limit":{"count":1},"in":"A","log":true inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 132 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 168 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-125 - inet6/filter/INPUT -i eth0 -j limit-125 - inet/filter/limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 - inet6/filter/limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 - inet/filter/logdrop-46 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-46 -m limit --limit 1/second -j LOG - inet/filter/logdrop-46 -j DROP - inet6/filter/logdrop-46 -j DROP - inet/filter/limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-161 + inet6/filter/INPUT -i eth0 -j limit-161 + inet/filter/limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-58 + inet6/filter/limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-58 + inet/filter/logdrop-58 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-58 -m limit --limit 1/second -j LOG + inet/filter/logdrop-58 -j DROP + inet6/filter/logdrop-58 -j DROP + inet/filter/limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 133 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 169 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-126 - inet6/filter/INPUT -i eth0 -j limit-126 - inet/filter/limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 - inet6/filter/limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 - inet/filter/logdrop-47 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-47 -m limit --limit 1/second -j LOG - inet/filter/logdrop-47 -j DROP - inet6/filter/logdrop-47 -j DROP - inet/filter/limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-162 + inet6/filter/INPUT -i eth0 -j limit-162 + inet/filter/limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-59 + inet6/filter/limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-59 + inet/filter/logdrop-59 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-59 -m limit --limit 1/second -j LOG + inet/filter/logdrop-59 -j DROP + inet6/filter/logdrop-59 -j DROP + inet/filter/limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2111,33 +2601,33 @@ Filter 133 {"flow-limit":{"count":1},"in":"A","log":"non inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 134 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 170 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-127 - inet6/filter/INPUT -i eth0 -j limit-127 - inet/filter/limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 - inet6/filter/limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 - inet/filter/logdrop-48 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-48 -m limit --limit 1/second -j LOG - inet/filter/logdrop-48 -j DROP - inet6/filter/logdrop-48 -j DROP - inet/filter/limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-163 + inet6/filter/INPUT -i eth0 -j limit-163 + inet/filter/limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-60 + inet6/filter/limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-60 + inet/filter/logdrop-60 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-60 -m limit --limit 1/second -j LOG + inet/filter/logdrop-60 -j DROP + inet6/filter/logdrop-60 -j DROP + inet/filter/limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 135 {"flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 171 {"flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-128 - inet6/filter/INPUT -i eth0 -j limit-128 - inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 - inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 - inet/filter/logdrop-49 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-49 -m limit --limit 1/second -j LOG - inet/filter/logdrop-49 -j DROP - inet6/filter/logdrop-49 -j DROP - inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-164 + inet6/filter/INPUT -i eth0 -j limit-164 + inet/filter/limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 + inet6/filter/limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 + inet/filter/logdrop-61 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-61 -m limit --limit 1/second -j LOG + inet/filter/logdrop-61 -j DROP + inet6/filter/logdrop-61 -j DROP + inet/filter/limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2145,35 +2635,35 @@ Filter 135 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 136 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 172 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-129 - inet6/filter/INPUT -i eth0 -j limit-129 - inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 - inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 - inet/filter/logdrop-50 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-50 -m limit --limit 1/second -j LOG - inet/filter/logdrop-50 -j DROP - inet6/filter/logdrop-50 -j DROP - inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-165 + inet6/filter/INPUT -i eth0 -j limit-165 + inet/filter/limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 + inet6/filter/limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 + inet/filter/logdrop-62 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-62 -m limit --limit 1/second -j LOG + inet/filter/logdrop-62 -j DROP + inet6/filter/logdrop-62 -j DROP + inet/filter/limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 137 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 173 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-130 - inet6/filter/INPUT -i eth0 -j limit-130 - inet/filter/limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 - inet6/filter/limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 - inet/filter/logdrop-51 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-51 -m limit --limit 1/second -j LOG - inet/filter/logdrop-51 -j DROP - inet6/filter/logdrop-51 -j DROP - inet/filter/limit-130 -m limit --limit 1/second -j LOG - inet6/filter/limit-130 -m limit --limit 1/second -j LOG - inet/filter/limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-166 + inet6/filter/INPUT -i eth0 -j limit-166 + inet/filter/limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 + inet6/filter/limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 + inet/filter/logdrop-63 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-63 -m limit --limit 1/second -j LOG + inet/filter/logdrop-63 -j DROP + inet6/filter/logdrop-63 -j DROP + inet/filter/limit-166 -m limit --limit 1/second -j LOG + inet6/filter/limit-166 -m limit --limit 1/second -j LOG + inet/filter/limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2181,33 +2671,33 @@ Filter 137 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 138 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 174 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-131 - inet6/filter/INPUT -i eth0 -j limit-131 - inet/filter/limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 - inet6/filter/limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 - inet/filter/logdrop-52 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-52 -m limit --limit 1/second -j LOG - inet/filter/logdrop-52 -j DROP - inet6/filter/logdrop-52 -j DROP - inet/filter/limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-167 + inet6/filter/INPUT -i eth0 -j limit-167 + inet/filter/limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 + inet6/filter/limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 + inet/filter/logdrop-64 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-64 -m limit --limit 1/second -j LOG + inet/filter/logdrop-64 -j DROP + inet6/filter/logdrop-64 -j DROP + inet/filter/limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 139 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 175 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-132 - inet6/filter/INPUT -i eth0 -j limit-132 - inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 - inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 - inet/filter/logdrop-53 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-53 -m limit --limit 1/second -j LOG - inet/filter/logdrop-53 -j DROP - inet6/filter/logdrop-53 -j DROP - inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-168 + inet6/filter/INPUT -i eth0 -j limit-168 + inet/filter/limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 + inet6/filter/limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 + inet/filter/logdrop-65 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-65 -m limit --limit 1/second -j LOG + inet/filter/logdrop-65 -j DROP + inet6/filter/logdrop-65 -j DROP + inet/filter/limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2215,29 +2705,33 @@ Filter 139 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 140 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 176 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-133 - inet6/filter/INPUT -i eth0 -j limit-133 - inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 - inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 - inet/filter/logdrop-54 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-54 -m limit --limit 1/second -j LOG - inet/filter/logdrop-54 -j DROP - inet6/filter/logdrop-54 -j DROP - inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-169 + inet6/filter/INPUT -i eth0 -j limit-169 + inet/filter/limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 + inet6/filter/limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 + inet/filter/logdrop-66 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-66 -m limit --limit 1/second -j LOG + inet/filter/logdrop-66 -j DROP + inet6/filter/logdrop-66 -j DROP + inet/filter/limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 141 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 177 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-134 - inet6/filter/INPUT -i eth0 -j limit-134 - inet/filter/limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-170 + inet6/filter/INPUT -i eth0 -j limit-170 + inet/filter/limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 + inet6/filter/limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 + inet/filter/logdrop-67 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-67 -m limit --limit 1/second -j LOG + inet/filter/logdrop-67 -j DROP + inet6/filter/logdrop-67 -j DROP + inet/filter/limit-170 -j ACCEPT + inet6/filter/limit-170 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2245,27 +2739,61 @@ Filter 141 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 142 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 178 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-135 - inet6/filter/INPUT -i eth0 -j limit-135 - inet/filter/limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 143 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 179 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-136 - inet6/filter/INPUT -i eth0 -j limit-136 - inet/filter/limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-136 -m limit --limit 1/second -j LOG - inet6/filter/limit-136 -m limit --limit 1/second -j LOG - inet/filter/limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-172 + inet6/filter/INPUT -i eth0 -j limit-172 + inet/filter/limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 + inet6/filter/limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 + inet/filter/logdrop-69 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-69 -m limit --limit 1/second -j LOG + inet/filter/logdrop-69 -j DROP + inet6/filter/logdrop-69 -j DROP + inet/filter/limit-172 -m limit --limit 1/second -j LOG + inet6/filter/limit-172 -m limit --limit 1/second -j LOG + inet/filter/limit-172 -j ACCEPT + inet6/filter/limit-172 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 180 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-173 + inet6/filter/INPUT -i eth0 -j limit-173 + inet/filter/limit-173 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 + inet6/filter/limit-173 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 + inet/filter/logdrop-70 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-70 -m limit --limit 1/second -j LOG + inet/filter/logdrop-70 -j DROP + inet6/filter/logdrop-70 -j DROP + inet/filter/limit-173 -m limit --limit 1/second -j LOG + inet6/filter/limit-173 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 181 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-174 + inet6/filter/INPUT -i eth0 -j limit-174 + inet/filter/limit-174 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 + inet6/filter/limit-174 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 + inet/filter/logdrop-71 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-71 -m limit --limit 1/second -j LOG + inet/filter/logdrop-71 -j DROP + inet6/filter/logdrop-71 -j DROP + inet/filter/limit-174 -j ACCEPT + inet6/filter/limit-174 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2273,25 +2801,21 @@ Filter 143 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 144 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 182 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-137 - inet6/filter/INPUT -i eth0 -j limit-137 - inet/filter/limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 145 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 183 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-138 - inet6/filter/INPUT -i eth0 -j limit-138 - inet/filter/limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-176 + inet6/filter/INPUT -i eth0 -j limit-176 + inet/filter/limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2299,25 +2823,27 @@ Filter 145 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 146 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 184 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-139 - inet6/filter/INPUT -i eth0 -j limit-139 - inet/filter/limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-177 + inet6/filter/INPUT -i eth0 -j limit-177 + inet/filter/limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 147 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 185 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-140 - inet6/filter/INPUT -i eth0 -j limit-140 - inet/filter/limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-178 + inet6/filter/INPUT -i eth0 -j limit-178 + inet/filter/limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-178 -m limit --limit 1/second -j LOG + inet6/filter/limit-178 -m limit --limit 1/second -j LOG + inet/filter/limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2325,27 +2851,25 @@ Filter 147 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 148 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 186 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-141 - inet6/filter/INPUT -i eth0 -j limit-141 - inet/filter/limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-179 + inet6/filter/INPUT -i eth0 -j limit-179 + inet/filter/limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 149 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 187 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-142 - inet6/filter/INPUT -i eth0 -j limit-142 - inet/filter/limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-142 -m limit --limit 1/second -j LOG - inet6/filter/limit-142 -m limit --limit 1/second -j LOG - inet/filter/limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-180 + inet6/filter/INPUT -i eth0 -j limit-180 + inet/filter/limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2353,25 +2877,25 @@ Filter 149 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 150 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 188 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-143 - inet6/filter/INPUT -i eth0 -j limit-143 - inet/filter/limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-181 + inet6/filter/INPUT -i eth0 -j limit-181 + inet/filter/limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 151 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 189 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-144 - inet6/filter/INPUT -i eth0 -j limit-144 - inet/filter/limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-182 + inet6/filter/INPUT -i eth0 -j limit-182 + inet/filter/limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2379,25 +2903,27 @@ Filter 151 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 152 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 190 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-145 - inet6/filter/INPUT -i eth0 -j limit-145 - inet/filter/limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-183 + inet6/filter/INPUT -i eth0 -j limit-183 + inet/filter/limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 153 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 191 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-146 - inet6/filter/INPUT -i eth0 -j limit-146 - inet/filter/limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-184 + inet6/filter/INPUT -i eth0 -j limit-184 + inet/filter/limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-184 -m limit --limit 1/second -j LOG + inet6/filter/limit-184 -m limit --limit 1/second -j LOG + inet/filter/limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2405,27 +2931,25 @@ Filter 153 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 154 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 192 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-147 - inet6/filter/INPUT -i eth0 -j limit-147 - inet/filter/limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-185 + inet6/filter/INPUT -i eth0 -j limit-185 + inet/filter/limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 155 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 193 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-148 - inet6/filter/INPUT -i eth0 -j limit-148 - inet/filter/limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-148 -m limit --limit 1/second -j LOG - inet6/filter/limit-148 -m limit --limit 1/second -j LOG - inet/filter/limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-186 + inet6/filter/INPUT -i eth0 -j limit-186 + inet/filter/limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2433,25 +2957,25 @@ Filter 155 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 156 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 194 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-149 - inet6/filter/INPUT -i eth0 -j limit-149 - inet/filter/limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-187 + inet6/filter/INPUT -i eth0 -j limit-187 + inet/filter/limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 157 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 195 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-150 - inet6/filter/INPUT -i eth0 -j limit-150 - inet/filter/limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-188 + inet6/filter/INPUT -i eth0 -j limit-188 + inet/filter/limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-188 -j ACCEPT + inet6/filter/limit-188 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2459,25 +2983,23 @@ Filter 157 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 158 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 196 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-151 - inet6/filter/INPUT -i eth0 -j limit-151 - inet/filter/limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 159 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 197 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-152 - inet6/filter/INPUT -i eth0 -j limit-152 - inet/filter/limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-190 + inet6/filter/INPUT -i eth0 -j limit-190 + inet/filter/limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-190 -m limit --limit 1/second -j LOG + inet6/filter/limit-190 -m limit --limit 1/second -j LOG + inet/filter/limit-190 -j ACCEPT + inet6/filter/limit-190 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2485,27 +3007,25 @@ Filter 159 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 160 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 198 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-153 - inet6/filter/INPUT -i eth0 -j limit-153 - inet/filter/limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-191 + inet6/filter/INPUT -i eth0 -j limit-191 + inet/filter/limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-191 -m limit --limit 1/second -j LOG + inet6/filter/limit-191 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 161 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 199 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-154 - inet6/filter/INPUT -i eth0 -j limit-154 - inet/filter/limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-154 -m limit --limit 1/second -j LOG - inet6/filter/limit-154 -m limit --limit 1/second -j LOG - inet/filter/limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-192 + inet6/filter/INPUT -i eth0 -j limit-192 + inet/filter/limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-192 -j ACCEPT + inet6/filter/limit-192 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2513,25 +3033,21 @@ Filter 161 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 162 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 200 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-155 - inet6/filter/INPUT -i eth0 -j limit-155 - inet/filter/limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 163 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 201 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-156 - inet6/filter/INPUT -i eth0 -j limit-156 - inet/filter/limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-194 + inet6/filter/INPUT -i eth0 -j limit-194 + inet/filter/limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2539,27 +3055,27 @@ Filter 163 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 164 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 202 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-157 - inet6/filter/INPUT -i eth0 -j limit-157 - inet/filter/limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-195 + inet6/filter/INPUT -i eth0 -j limit-195 + inet/filter/limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 165 {"flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +Filter 203 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-158 - inet6/filter/INPUT -i eth0 -j limit-158 - inet/filter/limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-158 -j ACCEPT - inet6/filter/limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-158 -j ACCEPT - inet/filter/limit-158 -m limit --limit 1/second -j LOG - inet6/filter/limit-158 -m limit --limit 1/second -j LOG - inet/filter/limit-158 -j DROP - inet6/filter/limit-158 -j DROP + inet/filter/INPUT -i eth0 -j limit-196 + inet6/filter/INPUT -i eth0 -j limit-196 + inet/filter/limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-196 -m limit --limit 1/second -j LOG + inet6/filter/limit-196 -m limit --limit 1/second -j LOG + inet/filter/limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2567,33 +3083,239 @@ Filter 165 {"flow-limit":30,"in":"A","no-track":true,"ou inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 166 {"action":"pass","flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +Filter 204 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-159 - inet6/filter/INPUT -i eth0 -j limit-159 - inet/filter/limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-159 -j RETURN - inet6/filter/limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-159 -j RETURN - inet/filter/limit-159 -m limit --limit 1/second -j LOG - inet6/filter/limit-159 -m limit --limit 1/second -j LOG - inet/filter/limit-159 -j DROP - inet6/filter/limit-159 -j DROP + inet/filter/INPUT -i eth0 -j limit-197 + inet6/filter/INPUT -i eth0 -j limit-197 + inet/filter/limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 167 {"flow-limit":30,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 205 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-160 - inet6/filter/INPUT -i eth0 -j limit-160 - inet/filter/limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-160 -j logaccept-4 - inet6/filter/limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-160 -j logaccept-4 + inet/filter/INPUT -i eth0 -j limit-198 + inet6/filter/INPUT -i eth0 -j limit-198 + inet/filter/limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 206 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-199 + inet6/filter/INPUT -i eth0 -j limit-199 + inet/filter/limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 207 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-200 + inet6/filter/INPUT -i eth0 -j limit-200 + inet/filter/limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 208 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-201 + inet6/filter/INPUT -i eth0 -j limit-201 + inet/filter/limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 209 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-202 + inet6/filter/INPUT -i eth0 -j limit-202 + inet/filter/limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-202 -m limit --limit 1/second -j LOG + inet6/filter/limit-202 -m limit --limit 1/second -j LOG + inet/filter/limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 210 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-203 + inet6/filter/INPUT -i eth0 -j limit-203 + inet/filter/limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 211 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-204 + inet6/filter/INPUT -i eth0 -j limit-204 + inet/filter/limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 212 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-205 + inet6/filter/INPUT -i eth0 -j limit-205 + inet/filter/limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 213 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-206 + inet6/filter/INPUT -i eth0 -j limit-206 + inet/filter/limit-206 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-206 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-206 -j ACCEPT + inet6/filter/limit-206 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 214 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 215 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-208 + inet6/filter/INPUT -i eth0 -j limit-208 + inet/filter/limit-208 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-208 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-208 -m limit --limit 1/second -j LOG + inet6/filter/limit-208 -m limit --limit 1/second -j LOG + inet/filter/limit-208 -j ACCEPT + inet6/filter/limit-208 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 216 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-209 + inet6/filter/INPUT -i eth0 -j limit-209 + inet/filter/limit-209 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-209 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-209 -m limit --limit 1/second -j LOG + inet6/filter/limit-209 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 217 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-210 + inet6/filter/INPUT -i eth0 -j limit-210 + inet/filter/limit-210 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-210 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-210 -j ACCEPT + inet6/filter/limit-210 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 218 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 219 {"flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-212 + inet6/filter/INPUT -i eth0 -j limit-212 + inet/filter/limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j ACCEPT + inet6/filter/limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j ACCEPT + inet/filter/limit-212 -m limit --limit 1/second -j LOG + inet6/filter/limit-212 -m limit --limit 1/second -j LOG + inet/filter/limit-212 -j DROP + inet6/filter/limit-212 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 220 {"action":"pass","flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-213 + inet6/filter/INPUT -i eth0 -j limit-213 + inet/filter/limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN + inet6/filter/limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN + inet/filter/limit-213 -m limit --limit 1/second -j LOG + inet6/filter/limit-213 -m limit --limit 1/second -j LOG + inet/filter/limit-213 -j DROP + inet6/filter/limit-213 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 221 {"flow-limit":30,"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-214 + inet6/filter/INPUT -i eth0 -j limit-214 + inet/filter/limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j logaccept-4 + inet6/filter/limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j logaccept-4 inet/filter/logaccept-4 -m limit --limit 1/second -j LOG inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG inet/filter/logaccept-4 -j ACCEPT inet6/filter/logaccept-4 -j ACCEPT - inet/filter/limit-160 -m limit --limit 1/second -j LOG - inet6/filter/limit-160 -m limit --limit 1/second -j LOG - inet/filter/limit-160 -j DROP - inet6/filter/limit-160 -j DROP + inet/filter/limit-214 -m limit --limit 1/second -j LOG + inet6/filter/limit-214 -m limit --limit 1/second -j LOG + inet/filter/limit-214 -j DROP + inet6/filter/limit-214 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2601,16 +3323,16 @@ Filter 167 {"flow-limit":30,"in":"A","log":true,"no-trac inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 168 {"flow-limit":30,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 222 {"flow-limit":30,"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-161 - inet6/filter/INPUT -i eth0 -j limit-161 - inet/filter/limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-161 -j ACCEPT - inet6/filter/limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-161 -j ACCEPT - inet/filter/limit-161 -m limit --limit 1/second -j LOG - inet6/filter/limit-161 -m limit --limit 1/second -j LOG - inet/filter/limit-161 -j DROP - inet6/filter/limit-161 -j DROP + inet/filter/INPUT -i eth0 -j limit-215 + inet6/filter/INPUT -i eth0 -j limit-215 + inet/filter/limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j ACCEPT + inet6/filter/limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j ACCEPT + inet/filter/limit-215 -m limit --limit 1/second -j LOG + inet6/filter/limit-215 -m limit --limit 1/second -j LOG + inet/filter/limit-215 -j DROP + inet6/filter/limit-215 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2618,16 +3340,16 @@ Filter 168 {"flow-limit":30,"in":"A","log":"none","no-tr inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 169 {"flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} +Filter 223 {"flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-162 - inet6/filter/INPUT -i eth0 -j limit-162 - inet/filter/limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-162 -j ACCEPT - inet6/filter/limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-162 -j ACCEPT - inet/filter/limit-162 -m limit --limit 1/second -j LOG - inet6/filter/limit-162 -m limit --limit 1/second -j LOG - inet/filter/limit-162 -j DROP - inet6/filter/limit-162 -j DROP + inet/filter/INPUT -i eth0 -j limit-216 + inet6/filter/INPUT -i eth0 -j limit-216 + inet/filter/limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j ACCEPT + inet6/filter/limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j ACCEPT + inet/filter/limit-216 -m limit --limit 1/second -j LOG + inet6/filter/limit-216 -m limit --limit 1/second -j LOG + inet/filter/limit-216 -j DROP + inet6/filter/limit-216 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2635,33 +3357,33 @@ Filter 169 {"flow-limit":{"count":30},"in":"A","no-track inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 170 {"action":"pass","flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} +Filter 224 {"action":"pass","flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-163 - inet6/filter/INPUT -i eth0 -j limit-163 - inet/filter/limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-163 -j RETURN - inet6/filter/limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-163 -j RETURN - inet/filter/limit-163 -m limit --limit 1/second -j LOG - inet6/filter/limit-163 -m limit --limit 1/second -j LOG - inet/filter/limit-163 -j DROP - inet6/filter/limit-163 -j DROP + inet/filter/INPUT -i eth0 -j limit-217 + inet6/filter/INPUT -i eth0 -j limit-217 + inet/filter/limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN + inet6/filter/limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN + inet/filter/limit-217 -m limit --limit 1/second -j LOG + inet6/filter/limit-217 -m limit --limit 1/second -j LOG + inet/filter/limit-217 -j DROP + inet6/filter/limit-217 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 171 {"flow-limit":{"count":30},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 225 {"flow-limit":{"count":30},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-164 - inet6/filter/INPUT -i eth0 -j limit-164 - inet/filter/limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-164 -j logaccept-5 - inet6/filter/limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-164 -j logaccept-5 + inet/filter/INPUT -i eth0 -j limit-218 + inet6/filter/INPUT -i eth0 -j limit-218 + inet/filter/limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j logaccept-5 + inet6/filter/limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j logaccept-5 inet/filter/logaccept-5 -m limit --limit 1/second -j LOG inet6/filter/logaccept-5 -m limit --limit 1/second -j LOG inet/filter/logaccept-5 -j ACCEPT inet6/filter/logaccept-5 -j ACCEPT - inet/filter/limit-164 -m limit --limit 1/second -j LOG - inet6/filter/limit-164 -m limit --limit 1/second -j LOG - inet/filter/limit-164 -j DROP - inet6/filter/limit-164 -j DROP + inet/filter/limit-218 -m limit --limit 1/second -j LOG + inet6/filter/limit-218 -m limit --limit 1/second -j LOG + inet/filter/limit-218 -j DROP + inet6/filter/limit-218 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2669,16 +3391,16 @@ Filter 171 {"flow-limit":{"count":30},"in":"A","log":tru inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 172 {"flow-limit":{"count":30},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 226 {"flow-limit":{"count":30},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-165 - inet6/filter/INPUT -i eth0 -j limit-165 - inet/filter/limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-165 -j ACCEPT - inet6/filter/limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-165 -j ACCEPT - inet/filter/limit-165 -m limit --limit 1/second -j LOG - inet6/filter/limit-165 -m limit --limit 1/second -j LOG - inet/filter/limit-165 -j DROP - inet6/filter/limit-165 -j DROP + inet/filter/INPUT -i eth0 -j limit-219 + inet6/filter/INPUT -i eth0 -j limit-219 + inet/filter/limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j ACCEPT + inet6/filter/limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j ACCEPT + inet/filter/limit-219 -m limit --limit 1/second -j LOG + inet6/filter/limit-219 -m limit --limit 1/second -j LOG + inet/filter/limit-219 -j DROP + inet6/filter/limit-219 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2686,14 +3408,14 @@ Filter 172 {"flow-limit":{"count":30},"in":"A","log":"no inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 173 {"flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 227 {"flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-166 - inet6/filter/INPUT -i eth0 -j limit-166 - inet/filter/limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-166 -j ACCEPT - inet6/filter/limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-166 -j ACCEPT - inet/filter/limit-166 -j DROP - inet6/filter/limit-166 -j DROP + inet/filter/INPUT -i eth0 -j limit-220 + inet6/filter/INPUT -i eth0 -j limit-220 + inet/filter/limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j ACCEPT + inet6/filter/limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j ACCEPT + inet/filter/limit-220 -j DROP + inet6/filter/limit-220 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2701,29 +3423,29 @@ Filter 173 {"flow-limit":{"count":30,"log":false},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 174 {"action":"pass","flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 228 {"action":"pass","flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-167 - inet6/filter/INPUT -i eth0 -j limit-167 - inet/filter/limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-167 -j RETURN - inet6/filter/limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-167 -j RETURN - inet/filter/limit-167 -j DROP - inet6/filter/limit-167 -j DROP + inet/filter/INPUT -i eth0 -j limit-221 + inet6/filter/INPUT -i eth0 -j limit-221 + inet/filter/limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN + inet6/filter/limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN + inet/filter/limit-221 -j DROP + inet6/filter/limit-221 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 175 {"flow-limit":{"count":30,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 229 {"flow-limit":{"count":30,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-168 - inet6/filter/INPUT -i eth0 -j limit-168 - inet/filter/limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-168 -j logaccept-6 - inet6/filter/limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-168 -j logaccept-6 + inet/filter/INPUT -i eth0 -j limit-222 + inet6/filter/INPUT -i eth0 -j limit-222 + inet/filter/limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j logaccept-6 + inet6/filter/limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j logaccept-6 inet/filter/logaccept-6 -m limit --limit 1/second -j LOG inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG inet/filter/logaccept-6 -j ACCEPT inet6/filter/logaccept-6 -j ACCEPT - inet/filter/limit-168 -j DROP - inet6/filter/limit-168 -j DROP + inet/filter/limit-222 -j DROP + inet6/filter/limit-222 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2731,14 +3453,14 @@ Filter 175 {"flow-limit":{"count":30,"log":false},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 176 {"flow-limit":{"count":30,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 230 {"flow-limit":{"count":30,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-169 - inet6/filter/INPUT -i eth0 -j limit-169 - inet/filter/limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-169 -j ACCEPT - inet6/filter/limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-169 -j ACCEPT - inet/filter/limit-169 -j DROP - inet6/filter/limit-169 -j DROP + inet/filter/INPUT -i eth0 -j limit-223 + inet6/filter/INPUT -i eth0 -j limit-223 + inet/filter/limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j ACCEPT + inet6/filter/limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j ACCEPT + inet/filter/limit-223 -j DROP + inet6/filter/limit-223 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2746,14 +3468,14 @@ Filter 176 {"flow-limit":{"count":30,"log":false},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 177 {"flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 231 {"flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-170 - inet6/filter/INPUT -i eth0 -j limit-170 - inet/filter/limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-170 -j ACCEPT - inet6/filter/limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-170 -j ACCEPT - inet/filter/limit-170 -j DROP - inet6/filter/limit-170 -j DROP + inet/filter/INPUT -i eth0 -j limit-224 + inet6/filter/INPUT -i eth0 -j limit-224 + inet/filter/limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-224 -j ACCEPT + inet6/filter/limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-224 -j ACCEPT + inet/filter/limit-224 -j DROP + inet6/filter/limit-224 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2761,29 +3483,29 @@ Filter 177 {"flow-limit":{"count":30,"log":"none"},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 178 {"action":"pass","flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 232 {"action":"pass","flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-171 - inet6/filter/INPUT -i eth0 -j limit-171 - inet/filter/limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-171 -j RETURN - inet6/filter/limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-171 -j RETURN - inet/filter/limit-171 -j DROP - inet6/filter/limit-171 -j DROP + inet/filter/INPUT -i eth0 -j limit-225 + inet6/filter/INPUT -i eth0 -j limit-225 + inet/filter/limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-225 -j RETURN + inet6/filter/limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-225 -j RETURN + inet/filter/limit-225 -j DROP + inet6/filter/limit-225 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 179 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 233 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-172 - inet6/filter/INPUT -i eth0 -j limit-172 - inet/filter/limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-172 -j logaccept-7 - inet6/filter/limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-172 -j logaccept-7 + inet/filter/INPUT -i eth0 -j limit-226 + inet6/filter/INPUT -i eth0 -j limit-226 + inet/filter/limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-226 -j logaccept-7 + inet6/filter/limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-226 -j logaccept-7 inet/filter/logaccept-7 -m limit --limit 1/second -j LOG inet6/filter/logaccept-7 -m limit --limit 1/second -j LOG inet/filter/logaccept-7 -j ACCEPT inet6/filter/logaccept-7 -j ACCEPT - inet/filter/limit-172 -j DROP - inet6/filter/limit-172 -j DROP + inet/filter/limit-226 -j DROP + inet6/filter/limit-226 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2791,14 +3513,14 @@ Filter 179 {"flow-limit":{"count":30,"log":"none"},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 180 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 234 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-173 - inet6/filter/INPUT -i eth0 -j limit-173 - inet/filter/limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-173 -j ACCEPT - inet6/filter/limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-173 -j ACCEPT - inet/filter/limit-173 -j DROP - inet6/filter/limit-173 -j DROP + inet/filter/INPUT -i eth0 -j limit-227 + inet6/filter/INPUT -i eth0 -j limit-227 + inet/filter/limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-227 -j ACCEPT + inet6/filter/limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-227 -j ACCEPT + inet/filter/limit-227 -j DROP + inet6/filter/limit-227 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2806,7 +3528,7 @@ Filter 180 {"flow-limit":{"count":30,"log":"none"},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 181 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} +Filter 235 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -2815,7 +3537,7 @@ Filter 181 {"update-limit":{"addr":"src","measure":"conn inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 182 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} +Filter 236 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set @@ -2824,7 +3546,7 @@ Filter 182 {"update-limit":{"addr":"dest","measure":"con inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 183 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} +Filter 237 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -2833,7 +3555,7 @@ Filter 183 {"update-limit":{"addr":"src","measure":"flow inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 184 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} +Filter 238 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set @@ -2842,7 +3564,7 @@ Filter 184 {"update-limit":{"addr":"dest","measure":"flo inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 185 {} +Filter 239 {} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -2851,20 +3573,20 @@ Filter 185 {} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 186 {"action":"drop"} +Filter 240 {"action":"drop"} (log) - inet/filter/FORWARD -j logdrop-55 - inet6/filter/FORWARD -j logdrop-55 - inet/filter/INPUT -j logdrop-55 - inet6/filter/INPUT -j logdrop-55 - inet/filter/OUTPUT -j logdrop-55 - inet6/filter/OUTPUT -j logdrop-55 - inet/filter/logdrop-55 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-55 -m limit --limit 1/second -j LOG - inet/filter/logdrop-55 -j DROP - inet6/filter/logdrop-55 -j DROP - -Filter 187 {"action":"pass"} + inet/filter/FORWARD -j logdrop-73 + inet6/filter/FORWARD -j logdrop-73 + inet/filter/INPUT -j logdrop-73 + inet6/filter/INPUT -j logdrop-73 + inet/filter/OUTPUT -j logdrop-73 + inet6/filter/OUTPUT -j logdrop-73 + inet/filter/logdrop-73 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-73 -m limit --limit 1/second -j LOG + inet/filter/logdrop-73 -j DROP + inet6/filter/logdrop-73 -j DROP + +Filter 241 {"action":"pass"} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -2873,7 +3595,7 @@ Filter 187 {"action":"pass"} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 188 {"log":false} +Filter 242 {"log":false} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -2882,7 +3604,7 @@ Filter 188 {"log":false} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 189 {"action":"drop","log":false} +Filter 243 {"action":"drop","log":false} (log) inet/filter/FORWARD -j DROP inet6/filter/FORWARD -j DROP @@ -2891,7 +3613,7 @@ Filter 189 {"action":"drop","log":false} inet/filter/OUTPUT -j DROP inet6/filter/OUTPUT -j DROP -Filter 190 {"action":"pass","log":false} +Filter 244 {"action":"pass","log":false} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -2900,7 +3622,7 @@ Filter 190 {"action":"pass","log":false} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 191 {"log":true} +Filter 245 {"log":true} (log) inet/filter/FORWARD -j logaccept-8 inet6/filter/FORWARD -j logaccept-8 @@ -2913,20 +3635,20 @@ Filter 191 {"log":true} inet/filter/logaccept-8 -j ACCEPT inet6/filter/logaccept-8 -j ACCEPT -Filter 192 {"action":"drop","log":true} +Filter 246 {"action":"drop","log":true} (log) - inet/filter/FORWARD -j logdrop-56 - inet6/filter/FORWARD -j logdrop-56 - inet/filter/INPUT -j logdrop-56 - inet6/filter/INPUT -j logdrop-56 - inet/filter/OUTPUT -j logdrop-56 - inet6/filter/OUTPUT -j logdrop-56 - inet/filter/logdrop-56 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG - inet/filter/logdrop-56 -j DROP - inet6/filter/logdrop-56 -j DROP - -Filter 193 {"action":"pass","log":true} + inet/filter/FORWARD -j logdrop-74 + inet6/filter/FORWARD -j logdrop-74 + inet/filter/INPUT -j logdrop-74 + inet6/filter/INPUT -j logdrop-74 + inet/filter/OUTPUT -j logdrop-74 + inet6/filter/OUTPUT -j logdrop-74 + inet/filter/logdrop-74 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-74 -m limit --limit 1/second -j LOG + inet/filter/logdrop-74 -j DROP + inet6/filter/logdrop-74 -j DROP + +Filter 247 {"action":"pass","log":true} (log) inet/filter/FORWARD -j logpass-0 inet6/filter/FORWARD -j logpass-0 @@ -2937,7 +3659,7 @@ Filter 193 {"action":"pass","log":true} inet/filter/logpass-0 -m limit --limit 1/second -j LOG inet6/filter/logpass-0 -m limit --limit 1/second -j LOG -Filter 194 {"log":"none"} +Filter 248 {"log":"none"} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -2946,7 +3668,7 @@ Filter 194 {"log":"none"} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 195 {"action":"drop","log":"none"} +Filter 249 {"action":"drop","log":"none"} (log) inet/filter/FORWARD -j DROP inet6/filter/FORWARD -j DROP @@ -2955,7 +3677,7 @@ Filter 195 {"action":"drop","log":"none"} inet/filter/OUTPUT -j DROP inet6/filter/OUTPUT -j DROP -Filter 196 {"action":"pass","log":"none"} +Filter 250 {"action":"pass","log":"none"} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -2964,7 +3686,7 @@ Filter 196 {"action":"pass","log":"none"} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 197 {"in":"_fw","no-track":true,"service":"http"} +Filter 251 {"in":"_fw","no-track":true,"service":"http"} (no-track) inet/filter/OUTPUT -p tcp --dport 80 -j ACCEPT inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT @@ -2975,7 +3697,7 @@ Filter 197 {"in":"_fw","no-track":true,"service":"http"} inet/filter/INPUT -p tcp --sport 80 -j ACCEPT inet6/filter/INPUT -p tcp --sport 80 -j ACCEPT -Filter 198 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} +Filter 252 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} (no-track) inet/filter/FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT @@ -2998,7 +3720,7 @@ Filter 198 {"dest":"172.17.0.0\/16","no-track":true,"ser inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT -Filter 199 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} +Filter 253 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} (no-track) inet/filter/FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT inet/filter/INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT @@ -3011,7 +3733,7 @@ Filter 199 {"dest":"172.18.0.0\/16","no-track":true,"ser inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT -Filter 200 {"no-track":true,"out":"_fw","service":"ipsec"} +Filter 254 {"no-track":true,"out":"_fw","service":"ipsec"} (no-track) inet/filter/INPUT -p esp -j ACCEPT inet6/filter/INPUT -p esp -j ACCEPT @@ -3030,7 +3752,7 @@ Filter 200 {"no-track":true,"out":"_fw","service":"ipsec inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT inet6/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT -Filter 201 {"in":["_fw","A"]} +Filter 255 {"in":["_fw","A"]} (zone) inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT @@ -3039,12 +3761,12 @@ Filter 201 {"in":["_fw","A"]} inet/filter/INPUT -i eth0 -j ACCEPT inet6/filter/INPUT -i eth0 -j ACCEPT -Filter 202 {"in":"B","out":"C"} +Filter 256 {"in":"B","out":"C"} (zone) inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT -Filter 203 {"out":["_fw","B"]} +Filter 257 {"out":["_fw","B"]} (zone) inet/filter/INPUT -j ACCEPT inet6/filter/INPUT -j ACCEPT @@ -3053,7 +3775,7 @@ Filter 203 {"out":["_fw","B"]} inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT -Filter 204 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} +Filter 258 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} (zone) inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT @@ -3469,16 +4191,62 @@ hash:net family inet :limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] -:limit-171 - [0:0] :limit-172 - [0:0] :limit-173 - [0:0] +:limit-174 - [0:0] +:limit-176 - [0:0] +:limit-177 - [0:0] +:limit-178 - [0:0] +:limit-179 - [0:0] :limit-18 - [0:0] -:limit-19 - [0:0] +:limit-180 - [0:0] +:limit-181 - [0:0] +:limit-182 - [0:0] +:limit-183 - [0:0] +:limit-184 - [0:0] +:limit-185 - [0:0] +:limit-186 - [0:0] +:limit-187 - [0:0] +:limit-188 - [0:0] +:limit-190 - [0:0] +:limit-191 - [0:0] +:limit-192 - [0:0] +:limit-194 - [0:0] +:limit-195 - [0:0] +:limit-196 - [0:0] +:limit-197 - [0:0] +:limit-198 - [0:0] +:limit-199 - [0:0] :limit-2 - [0:0] :limit-20 - [0:0] +:limit-200 - [0:0] +:limit-201 - [0:0] +:limit-202 - [0:0] +:limit-203 - [0:0] +:limit-204 - [0:0] +:limit-205 - [0:0] +:limit-206 - [0:0] +:limit-208 - [0:0] +:limit-209 - [0:0] :limit-21 - [0:0] +:limit-210 - [0:0] +:limit-212 - [0:0] +:limit-213 - [0:0] +:limit-214 - [0:0] +:limit-215 - [0:0] +:limit-216 - [0:0] +:limit-217 - [0:0] +:limit-218 - [0:0] +:limit-219 - [0:0] :limit-22 - [0:0] -:limit-23 - [0:0] +:limit-220 - [0:0] +:limit-221 - [0:0] +:limit-222 - [0:0] +:limit-223 - [0:0] +:limit-224 - [0:0] +:limit-225 - [0:0] +:limit-226 - [0:0] +:limit-227 - [0:0] :limit-24 - [0:0] :limit-25 - [0:0] :limit-26 - [0:0] @@ -3493,12 +4261,10 @@ hash:net family inet :limit-34 - [0:0] :limit-35 - [0:0] :limit-36 - [0:0] -:limit-37 - [0:0] :limit-38 - [0:0] :limit-39 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] -:limit-41 - [0:0] :limit-42 - [0:0] :limit-43 - [0:0] :limit-44 - [0:0] @@ -3513,11 +4279,9 @@ hash:net family inet :limit-52 - [0:0] :limit-53 - [0:0] :limit-54 - [0:0] -:limit-55 - [0:0] :limit-56 - [0:0] :limit-57 - [0:0] :limit-58 - [0:0] -:limit-59 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] :limit-61 - [0:0] @@ -3574,6 +4338,9 @@ hash:net family inet :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-10 - [0:0] +:logaccept-final-11 - [0:0] +:logaccept-final-12 - [0:0] +:logaccept-final-13 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] @@ -3595,11 +4362,9 @@ hash:net family inet :logdrop-18 - [0:0] :logdrop-19 - [0:0] :logdrop-2 - [0:0] -:logdrop-20 - [0:0] :logdrop-21 - [0:0] :logdrop-22 - [0:0] :logdrop-23 - [0:0] -:logdrop-24 - [0:0] :logdrop-25 - [0:0] :logdrop-26 - [0:0] :logdrop-27 - [0:0] @@ -3635,8 +4400,24 @@ hash:net family inet :logdrop-54 - [0:0] :logdrop-55 - [0:0] :logdrop-56 - [0:0] +:logdrop-57 - [0:0] +:logdrop-58 - [0:0] +:logdrop-59 - [0:0] :logdrop-6 - [0:0] +:logdrop-60 - [0:0] +:logdrop-61 - [0:0] +:logdrop-62 - [0:0] +:logdrop-63 - [0:0] +:logdrop-64 - [0:0] +:logdrop-65 - [0:0] +:logdrop-66 - [0:0] +:logdrop-67 - [0:0] +:logdrop-69 - [0:0] :logdrop-7 - [0:0] +:logdrop-70 - [0:0] +:logdrop-71 - [0:0] +:logdrop-73 - [0:0] +:logdrop-74 - [0:0] :logdrop-8 - [0:0] :logdrop-9 - [0:0] :logpass-0 - [0:0] @@ -3645,6 +4426,42 @@ hash:net family inet :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-151 +-A FORWARD -j limit-150 +-A FORWARD -j limit-149 +-A FORWARD -j limit-148 +-A FORWARD -j limit-147 +-A FORWARD -j limit-146 +-A FORWARD -j limit-145 +-A FORWARD -j limit-144 +-A FORWARD -j limit-143 +-A FORWARD -j limit-142 +-A FORWARD -j limit-141 +-A FORWARD -j limit-140 +-A FORWARD -j limit-139 +-A FORWARD -j limit-138 +-A FORWARD -j limit-137 +-A FORWARD -j limit-136 +-A FORWARD -j limit-135 +-A FORWARD -j limit-134 +-A FORWARD -j limit-133 +-A FORWARD -j limit-132 +-A FORWARD -j limit-131 +-A FORWARD -j limit-130 +-A FORWARD -j limit-129 +-A FORWARD -j limit-128 +-A FORWARD -j limit-127 +-A FORWARD -j limit-126 +-A FORWARD -j limit-125 +-A FORWARD -j limit-124 +-A FORWARD -j limit-123 +-A FORWARD -j limit-122 +-A FORWARD -j limit-121 +-A FORWARD -j limit-120 +-A FORWARD -j limit-119 +-A FORWARD -j limit-118 +-A FORWARD -j limit-117 +-A FORWARD -j limit-116 -A FORWARD -j limit-115 -A FORWARD -j limit-114 -A FORWARD -j limit-113 @@ -3685,24 +4502,6 @@ hash:net family inet -A FORWARD -j limit-78 -A FORWARD -j limit-77 -A FORWARD -j limit-76 --A FORWARD -j limit-75 --A FORWARD -j limit-74 --A FORWARD -j limit-73 --A FORWARD -j limit-72 --A FORWARD -j limit-71 --A FORWARD -j limit-70 --A FORWARD -j limit-69 --A FORWARD -j limit-68 --A FORWARD -j limit-67 --A FORWARD -j limit-66 --A FORWARD -j limit-65 --A FORWARD -j limit-64 --A FORWARD -j limit-63 --A FORWARD -j limit-62 --A FORWARD -j limit-61 --A FORWARD -j limit-60 --A FORWARD -j limit-59 --A FORWARD -j limit-58 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -3729,11 +4528,11 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 @@ -3747,11 +4546,11 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 @@ -3765,9 +4564,27 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-58 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-60 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-61 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-62 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-63 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-64 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-65 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-66 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-67 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-68 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-69 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-70 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-71 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-72 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-73 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-74 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-75 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -3801,16 +4618,25 @@ hash:net family inet -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-10 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-11 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-12 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-13 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-55 +-A FORWARD -j logdrop-73 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-56 +-A FORWARD -j logdrop-74 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -3873,6 +4699,42 @@ hash:net family inet -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-151 +-A INPUT -j limit-150 +-A INPUT -j limit-149 +-A INPUT -j limit-148 +-A INPUT -j limit-147 +-A INPUT -j limit-146 +-A INPUT -j limit-145 +-A INPUT -j limit-144 +-A INPUT -j limit-143 +-A INPUT -j limit-142 +-A INPUT -j limit-141 +-A INPUT -j limit-140 +-A INPUT -j limit-139 +-A INPUT -j limit-138 +-A INPUT -j limit-137 +-A INPUT -j limit-136 +-A INPUT -j limit-135 +-A INPUT -j limit-134 +-A INPUT -j limit-133 +-A INPUT -j limit-132 +-A INPUT -j limit-131 +-A INPUT -j limit-130 +-A INPUT -j limit-129 +-A INPUT -j limit-128 +-A INPUT -j limit-127 +-A INPUT -j limit-126 +-A INPUT -j limit-125 +-A INPUT -j limit-124 +-A INPUT -j limit-123 +-A INPUT -j limit-122 +-A INPUT -j limit-121 +-A INPUT -j limit-120 +-A INPUT -j limit-119 +-A INPUT -j limit-118 +-A INPUT -j limit-117 +-A INPUT -j limit-116 -A INPUT -j limit-115 -A INPUT -j limit-114 -A INPUT -j limit-113 @@ -3913,24 +4775,6 @@ hash:net family inet -A INPUT -j limit-78 -A INPUT -j limit-77 -A INPUT -j limit-76 --A INPUT -j limit-75 --A INPUT -j limit-74 --A INPUT -j limit-73 --A INPUT -j limit-72 --A INPUT -j limit-71 --A INPUT -j limit-70 --A INPUT -j limit-69 --A INPUT -j limit-68 --A INPUT -j limit-67 --A INPUT -j limit-66 --A INPUT -j limit-65 --A INPUT -j limit-64 --A INPUT -j limit-63 --A INPUT -j limit-62 --A INPUT -j limit-61 --A INPUT -j limit-60 --A INPUT -j limit-59 --A INPUT -j limit-58 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -3972,42 +4816,15 @@ hash:net family inet -A INPUT -j ACCEPT -A INPUT -j logaccept-final-10 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-116 --A INPUT -i eth0 -j limit-117 --A INPUT -i eth0 -j limit-118 --A INPUT -i eth0 -j limit-119 --A INPUT -i eth0 -j limit-120 --A INPUT -i eth0 -j limit-121 --A INPUT -i eth0 -j limit-122 --A INPUT -i eth0 -j limit-123 --A INPUT -i eth0 -j limit-124 --A INPUT -i eth0 -j limit-125 --A INPUT -i eth0 -j limit-126 --A INPUT -i eth0 -j limit-127 --A INPUT -i eth0 -j limit-128 --A INPUT -i eth0 -j limit-129 --A INPUT -i eth0 -j limit-130 --A INPUT -i eth0 -j limit-131 --A INPUT -i eth0 -j limit-132 --A INPUT -i eth0 -j limit-133 --A INPUT -i eth0 -j limit-134 --A INPUT -i eth0 -j limit-135 --A INPUT -i eth0 -j limit-136 --A INPUT -i eth0 -j limit-137 --A INPUT -i eth0 -j limit-138 --A INPUT -i eth0 -j limit-139 --A INPUT -i eth0 -j limit-140 --A INPUT -i eth0 -j limit-141 --A INPUT -i eth0 -j limit-142 --A INPUT -i eth0 -j limit-143 --A INPUT -i eth0 -j limit-144 --A INPUT -i eth0 -j limit-145 --A INPUT -i eth0 -j limit-146 --A INPUT -i eth0 -j limit-147 --A INPUT -i eth0 -j limit-148 --A INPUT -i eth0 -j limit-149 --A INPUT -i eth0 -j limit-150 --A INPUT -i eth0 -j limit-151 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-11 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-12 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-13 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-152 -A INPUT -i eth0 -j limit-153 -A INPUT -i eth0 -j limit-154 @@ -4027,19 +4844,73 @@ hash:net family inet -A INPUT -i eth0 -j limit-168 -A INPUT -i eth0 -j limit-169 -A INPUT -i eth0 -j limit-170 --A INPUT -i eth0 -j limit-171 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 -A INPUT -i eth0 -j limit-172 -A INPUT -i eth0 -j limit-173 +-A INPUT -i eth0 -j limit-174 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 +-A INPUT -i eth0 -j limit-176 +-A INPUT -i eth0 -j limit-177 +-A INPUT -i eth0 -j limit-178 +-A INPUT -i eth0 -j limit-179 +-A INPUT -i eth0 -j limit-180 +-A INPUT -i eth0 -j limit-181 +-A INPUT -i eth0 -j limit-182 +-A INPUT -i eth0 -j limit-183 +-A INPUT -i eth0 -j limit-184 +-A INPUT -i eth0 -j limit-185 +-A INPUT -i eth0 -j limit-186 +-A INPUT -i eth0 -j limit-187 +-A INPUT -i eth0 -j limit-188 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-190 +-A INPUT -i eth0 -j limit-191 +-A INPUT -i eth0 -j limit-192 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-194 +-A INPUT -i eth0 -j limit-195 +-A INPUT -i eth0 -j limit-196 +-A INPUT -i eth0 -j limit-197 +-A INPUT -i eth0 -j limit-198 +-A INPUT -i eth0 -j limit-199 +-A INPUT -i eth0 -j limit-200 +-A INPUT -i eth0 -j limit-201 +-A INPUT -i eth0 -j limit-202 +-A INPUT -i eth0 -j limit-203 +-A INPUT -i eth0 -j limit-204 +-A INPUT -i eth0 -j limit-205 +-A INPUT -i eth0 -j limit-206 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-208 +-A INPUT -i eth0 -j limit-209 +-A INPUT -i eth0 -j limit-210 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-212 +-A INPUT -i eth0 -j limit-213 +-A INPUT -i eth0 -j limit-214 +-A INPUT -i eth0 -j limit-215 +-A INPUT -i eth0 -j limit-216 +-A INPUT -i eth0 -j limit-217 +-A INPUT -i eth0 -j limit-218 +-A INPUT -i eth0 -j limit-219 +-A INPUT -i eth0 -j limit-220 +-A INPUT -i eth0 -j limit-221 +-A INPUT -i eth0 -j limit-222 +-A INPUT -i eth0 -j limit-223 +-A INPUT -i eth0 -j limit-224 +-A INPUT -i eth0 -j limit-225 +-A INPUT -i eth0 -j limit-226 +-A INPUT -i eth0 -j limit-227 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-55 +-A INPUT -j logdrop-73 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-56 +-A INPUT -j logdrop-74 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -4058,6 +4929,42 @@ hash:net family inet -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-151 +-A OUTPUT -j limit-150 +-A OUTPUT -j limit-149 +-A OUTPUT -j limit-148 +-A OUTPUT -j limit-147 +-A OUTPUT -j limit-146 +-A OUTPUT -j limit-145 +-A OUTPUT -j limit-144 +-A OUTPUT -j limit-143 +-A OUTPUT -j limit-142 +-A OUTPUT -j limit-141 +-A OUTPUT -j limit-140 +-A OUTPUT -j limit-139 +-A OUTPUT -j limit-138 +-A OUTPUT -j limit-137 +-A OUTPUT -j limit-136 +-A OUTPUT -j limit-135 +-A OUTPUT -j limit-134 +-A OUTPUT -j limit-133 +-A OUTPUT -j limit-132 +-A OUTPUT -j limit-131 +-A OUTPUT -j limit-130 +-A OUTPUT -j limit-129 +-A OUTPUT -j limit-128 +-A OUTPUT -j limit-127 +-A OUTPUT -j limit-126 +-A OUTPUT -j limit-125 +-A OUTPUT -j limit-124 +-A OUTPUT -j limit-123 +-A OUTPUT -j limit-122 +-A OUTPUT -j limit-121 +-A OUTPUT -j limit-120 +-A OUTPUT -j limit-119 +-A OUTPUT -j limit-118 +-A OUTPUT -j limit-117 +-A OUTPUT -j limit-116 -A OUTPUT -j limit-115 -A OUTPUT -j limit-114 -A OUTPUT -j limit-113 @@ -4098,24 +5005,6 @@ hash:net family inet -A OUTPUT -j limit-78 -A OUTPUT -j limit-77 -A OUTPUT -j limit-76 --A OUTPUT -j limit-75 --A OUTPUT -j limit-74 --A OUTPUT -j limit-73 --A OUTPUT -j limit-72 --A OUTPUT -j limit-71 --A OUTPUT -j limit-70 --A OUTPUT -j limit-69 --A OUTPUT -j limit-68 --A OUTPUT -j limit-67 --A OUTPUT -j limit-66 --A OUTPUT -j limit-65 --A OUTPUT -j limit-64 --A OUTPUT -j limit-63 --A OUTPUT -j limit-62 --A OUTPUT -j limit-61 --A OUTPUT -j limit-60 --A OUTPUT -j limit-59 --A OUTPUT -j limit-58 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -4143,11 +5032,11 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 @@ -4161,11 +5050,11 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 @@ -4179,9 +5068,27 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-58 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-60 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-61 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-62 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-63 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-64 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-65 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-66 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-67 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-68 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-69 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-70 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-71 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-72 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-73 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-74 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-75 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -4215,6 +5122,24 @@ hash:net family inet -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-10 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-11 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-12 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-13 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -4251,13 +5176,13 @@ hash:net family inet -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-55 +-A OUTPUT -j logdrop-73 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-56 +-A OUTPUT -j logdrop-74 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -4283,386 +5208,461 @@ hash:net family inet -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j RETURN --A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -j DROP --A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN --A limit-101 -m limit --limit 1/second -j LOG --A limit-101 -j DROP --A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j RETURN --A limit-102 -m limit --limit 1/second -j LOG --A limit-102 -j DROP --A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j RETURN --A limit-103 -m limit --limit 1/second -j LOG --A limit-103 -j DROP --A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j RETURN --A limit-104 -m limit --limit 1/second -j LOG --A limit-104 -j DROP --A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN --A limit-105 -m limit --limit 1/second -j LOG --A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j RETURN --A limit-106 -m limit --limit 1/second -j LOG --A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j RETURN --A limit-107 -m limit --limit 1/second -j LOG --A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j RETURN --A limit-108 -j DROP --A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN --A limit-109 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set +-A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set +-A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --set +-A limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --set +-A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set --A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j RETURN --A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j RETURN --A limit-111 -j DROP --A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j RETURN --A limit-112 -j DROP --A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN --A limit-113 -j DROP --A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j RETURN --A limit-114 -j DROP --A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j RETURN --A limit-115 -j DROP --A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-118 -m limit --limit 1/second -j LOG --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-113 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-114 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-115 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-115 -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-117 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set +-A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set --A limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 --A limit-124 -m limit --limit 1/second -j LOG --A limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 --A limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 --A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 --A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-130 -m limit --limit 1/second -j LOG --A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --set --A limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-133 -m limit --limit 1/second -j LOG +-A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-136 -j RETURN -A limit-136 -m limit --limit 1/second -j LOG --A limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --set +-A limit-136 -j DROP +-A limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-137 -j RETURN +-A limit-137 -m limit --limit 1/second -j LOG +-A limit-137 -j DROP +-A limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-138 -j RETURN +-A limit-138 -m limit --limit 1/second -j LOG +-A limit-138 -j DROP +-A limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-139 -j RETURN +-A limit-139 -m limit --limit 1/second -j LOG +-A limit-139 -j DROP -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-140 -j RETURN +-A limit-140 -m limit --limit 1/second -j LOG +-A limit-140 -j DROP +-A limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-141 -j RETURN +-A limit-141 -m limit --limit 1/second -j LOG +-A limit-141 -j DROP +-A limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-142 -j RETURN -A limit-142 -m limit --limit 1/second -j LOG --A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --set --A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-148 -m limit --limit 1/second -j LOG --A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-142 -j DROP +-A limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-143 -j RETURN +-A limit-143 -m limit --limit 1/second -j LOG +-A limit-143 -j DROP +-A limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-144 -j RETURN +-A limit-144 -j DROP +-A limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-145 -j RETURN +-A limit-145 -j DROP +-A limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-146 -j RETURN +-A limit-146 -j DROP +-A limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-147 -j RETURN +-A limit-147 -j DROP +-A limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-148 -j RETURN +-A limit-148 -j DROP +-A limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-149 -j RETURN +-A limit-149 -j DROP -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set --A limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-150 -j RETURN +-A limit-150 -j DROP +-A limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-151 -j RETURN +-A limit-151 -j DROP +-A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 +-A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set +-A limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 -A limit-154 -m limit --limit 1/second -j LOG --A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-158 -j ACCEPT --A limit-158 -m limit --limit 1/second -j LOG --A limit-158 -j DROP --A limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-159 -j RETURN --A limit-159 -m limit --limit 1/second -j LOG --A limit-159 -j DROP +-A limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 +-A limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 +-A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 +-A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set +-A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-55 +-A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-56 +-A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-160 -j logaccept-4 +-A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-57 -A limit-160 -m limit --limit 1/second -j LOG --A limit-160 -j DROP --A limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-161 -j ACCEPT --A limit-161 -m limit --limit 1/second -j LOG --A limit-161 -j DROP --A limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-162 -j ACCEPT --A limit-162 -m limit --limit 1/second -j LOG --A limit-162 -j DROP --A limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-163 -j RETURN --A limit-163 -m limit --limit 1/second -j LOG --A limit-163 -j DROP --A limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-164 -j logaccept-5 --A limit-164 -m limit --limit 1/second -j LOG --A limit-164 -j DROP --A limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-165 -j ACCEPT --A limit-165 -m limit --limit 1/second -j LOG --A limit-165 -j DROP --A limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-166 -j ACCEPT --A limit-166 -j DROP --A limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-167 -j RETURN --A limit-167 -j DROP --A limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-168 -j logaccept-6 --A limit-168 -j DROP --A limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-169 -j ACCEPT --A limit-169 -j DROP +-A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-58 +-A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-59 +-A limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-60 +-A limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --set +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 +-A limit-166 -m limit --limit 1/second -j LOG +-A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 +-A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 +-A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 +-A limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-170 -j ACCEPT --A limit-170 -j DROP --A limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-171 -j RETURN --A limit-171 -j DROP --A limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-172 -j logaccept-7 --A limit-172 -j DROP --A limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-173 -j ACCEPT --A limit-173 -j DROP --A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --set +-A limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-170 -j ACCEPT +-A limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-172 -m limit --limit 1/second -j LOG +-A limit-172 -j ACCEPT +-A limit-173 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-173 -m limit --limit 1/second -j LOG +-A limit-174 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-174 -j ACCEPT +-A limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --set +-A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-178 -m limit --limit 1/second -j LOG +-A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-18 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19 +-A limit-18 -j ACCEPT +-A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set +-A limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-184 -m limit --limit 1/second -j LOG +-A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-188 -j ACCEPT +-A limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-190 -m limit --limit 1/second -j LOG +-A limit-190 -j ACCEPT +-A limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-191 -m limit --limit 1/second -j LOG +-A limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-192 -j ACCEPT +-A limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --set +-A limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m limit --limit 1/second -j LOG +-A limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --set -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-20 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG --A limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set --A limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-20 -j ACCEPT +-A limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-202 -m limit --limit 1/second -j LOG +-A limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-206 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-206 -j ACCEPT +-A limit-208 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -m limit --limit 1/second -j LOG +-A limit-208 -j ACCEPT +-A limit-209 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-209 -m limit --limit 1/second -j LOG +-A limit-21 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22 +-A limit-21 -m limit --limit 1/second -j LOG +-A limit-210 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-210 -j ACCEPT +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j ACCEPT +-A limit-212 -m limit --limit 1/second -j LOG +-A limit-212 -j DROP +-A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN +-A limit-213 -m limit --limit 1/second -j LOG +-A limit-213 -j DROP +-A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j logaccept-4 +-A limit-214 -m limit --limit 1/second -j LOG +-A limit-214 -j DROP +-A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j ACCEPT +-A limit-215 -m limit --limit 1/second -j LOG +-A limit-215 -j DROP +-A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j ACCEPT +-A limit-216 -m limit --limit 1/second -j LOG +-A limit-216 -j DROP +-A limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN +-A limit-217 -m limit --limit 1/second -j LOG +-A limit-217 -j DROP +-A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j logaccept-5 +-A limit-218 -m limit --limit 1/second -j LOG +-A limit-218 -j DROP +-A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j ACCEPT +-A limit-219 -m limit --limit 1/second -j LOG +-A limit-219 -j DROP +-A limit-22 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23 +-A limit-22 -j ACCEPT +-A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j ACCEPT +-A limit-220 -j DROP +-A limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN +-A limit-221 -j DROP +-A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j logaccept-6 +-A limit-222 -j DROP +-A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j ACCEPT +-A limit-223 -j DROP +-A limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-224 -j ACCEPT +-A limit-224 -j DROP +-A limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-225 -j RETURN +-A limit-225 -j DROP +-A limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-226 -j logaccept-7 +-A limit-226 -j DROP +-A limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-227 -j ACCEPT +-A limit-227 -j DROP +-A limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --set +-A limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --set -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set --A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-32 -m limit --limit 1/second -j LOG --A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set --A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-36 -j ACCEPT +-A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG --A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-38 -j ACCEPT +-A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-42 -j ACCEPT --A limit-42 -m limit --limit 1/second -j LOG --A limit-42 -j DROP --A limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-43 -j RETURN --A limit-43 -m limit --limit 1/second -j LOG --A limit-43 -j DROP --A limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-44 -j logaccept-0 +-A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-40 -j ACCEPT +-A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set +-A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG --A limit-44 -j DROP --A limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-45 -j ACCEPT --A limit-45 -m limit --limit 1/second -j LOG --A limit-45 -j DROP --A limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-46 -j ACCEPT --A limit-46 -m limit --limit 1/second -j LOG --A limit-46 -j DROP --A limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-47 -j RETURN --A limit-47 -m limit --limit 1/second -j LOG --A limit-47 -j DROP --A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j logaccept-1 --A limit-48 -m limit --limit 1/second -j LOG --A limit-48 -j DROP --A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j ACCEPT --A limit-49 -m limit --limit 1/second -j LOG --A limit-49 -j DROP +-A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set +-A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set --A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j ACCEPT --A limit-50 -j DROP --A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN --A limit-51 -j DROP --A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j logaccept-2 --A limit-52 -j DROP --A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j ACCEPT --A limit-53 -j DROP --A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j ACCEPT --A limit-54 -j DROP --A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN --A limit-55 -j DROP --A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j logaccept-3 --A limit-56 -j DROP --A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j ACCEPT --A limit-57 -j DROP --A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 --A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set --A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 --A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set +-A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m limit --limit 1/second -j LOG +-A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-54 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-54 -j ACCEPT +-A limit-56 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-56 -m limit --limit 1/second -j LOG +-A limit-56 -j ACCEPT +-A limit-57 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m limit --limit 1/second -j LOG +-A limit-58 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-58 -j ACCEPT -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set --A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set --A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 --A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set --A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set --A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set --A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set +-A limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-60 -j ACCEPT +-A limit-60 -m limit --limit 1/second -j LOG +-A limit-60 -j DROP +-A limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-61 -j RETURN +-A limit-61 -m limit --limit 1/second -j LOG +-A limit-61 -j DROP +-A limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-62 -j logaccept-0 +-A limit-62 -m limit --limit 1/second -j LOG +-A limit-62 -j DROP +-A limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-63 -j ACCEPT +-A limit-63 -m limit --limit 1/second -j LOG +-A limit-63 -j DROP +-A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j ACCEPT +-A limit-64 -m limit --limit 1/second -j LOG +-A limit-64 -j DROP +-A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN +-A limit-65 -m limit --limit 1/second -j LOG +-A limit-65 -j DROP +-A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j logaccept-1 +-A limit-66 -m limit --limit 1/second -j LOG +-A limit-66 -j DROP +-A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j ACCEPT +-A limit-67 -m limit --limit 1/second -j LOG +-A limit-67 -j DROP +-A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j ACCEPT +-A limit-68 -j DROP +-A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN +-A limit-69 -j DROP -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set --A limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j logaccept-2 +-A limit-70 -j DROP +-A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j ACCEPT +-A limit-71 -j DROP +-A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j ACCEPT +-A limit-72 -j DROP +-A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN +-A limit-73 -j DROP +-A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j logaccept-3 +-A limit-74 -j DROP +-A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j ACCEPT +-A limit-75 -j DROP +-A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 -A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 -A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set --A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set --A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 -A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 -A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set --A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 -A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set --A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set --A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set +-A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set +-A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set +-A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set +-A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set +-A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set +-A limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set --A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set --A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set --A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-43 +-A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-45 +-A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-97 -m limit --limit 1/second -j LOG +-A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-47 +-A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-48 -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -4687,6 +5687,12 @@ hash:net family inet -A logaccept-final-1 -j ACCEPT -A logaccept-final-10 -m limit --limit 1/second -j LOG -A logaccept-final-10 -j ACCEPT +-A logaccept-final-11 -m limit --limit 1/second -j LOG +-A logaccept-final-11 -j ACCEPT +-A logaccept-final-12 -m limit --limit 1/second -j LOG +-A logaccept-final-12 -j ACCEPT +-A logaccept-final-13 -m limit --limit 1/second -j LOG +-A logaccept-final-13 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -4729,16 +5735,12 @@ hash:net family inet -A logdrop-19 -j DROP -A logdrop-2 -m limit --limit 1/second -j LOG -A logdrop-2 -j DROP --A logdrop-20 -m limit --limit 1/second -j LOG --A logdrop-20 -j DROP -A logdrop-21 -m limit --limit 1/second -j LOG -A logdrop-21 -j DROP -A logdrop-22 -m limit --limit 1/second -j LOG -A logdrop-22 -j DROP -A logdrop-23 -m limit --limit 1/second -j LOG -A logdrop-23 -j DROP --A logdrop-24 -m limit --limit 1/second -j LOG --A logdrop-24 -j DROP -A logdrop-25 -m limit --limit 1/second -j LOG -A logdrop-25 -j DROP -A logdrop-26 -m limit --limit 1/second -j LOG @@ -4809,10 +5811,42 @@ hash:net family inet -A logdrop-55 -j DROP -A logdrop-56 -m limit --limit 1/second -j LOG -A logdrop-56 -j DROP +-A logdrop-57 -m limit --limit 1/second -j LOG +-A logdrop-57 -j DROP +-A logdrop-58 -m limit --limit 1/second -j LOG +-A logdrop-58 -j DROP +-A logdrop-59 -m limit --limit 1/second -j LOG +-A logdrop-59 -j DROP -A logdrop-6 -m limit --limit 1/second -j LOG -A logdrop-6 -j DROP +-A logdrop-60 -m limit --limit 1/second -j LOG +-A logdrop-60 -j DROP +-A logdrop-61 -m limit --limit 1/second -j LOG +-A logdrop-61 -j DROP +-A logdrop-62 -m limit --limit 1/second -j LOG +-A logdrop-62 -j DROP +-A logdrop-63 -m limit --limit 1/second -j LOG +-A logdrop-63 -j DROP +-A logdrop-64 -m limit --limit 1/second -j LOG +-A logdrop-64 -j DROP +-A logdrop-65 -m limit --limit 1/second -j LOG +-A logdrop-65 -j DROP +-A logdrop-66 -m limit --limit 1/second -j LOG +-A logdrop-66 -j DROP +-A logdrop-67 -m limit --limit 1/second -j LOG +-A logdrop-67 -j DROP +-A logdrop-69 -m limit --limit 1/second -j LOG +-A logdrop-69 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG -A logdrop-7 -j DROP +-A logdrop-70 -m limit --limit 1/second -j LOG +-A logdrop-70 -j DROP +-A logdrop-71 -m limit --limit 1/second -j LOG +-A logdrop-71 -j DROP +-A logdrop-73 -m limit --limit 1/second -j LOG +-A logdrop-73 -j DROP +-A logdrop-74 -m limit --limit 1/second -j LOG +-A logdrop-74 -j DROP -A logdrop-8 -m limit --limit 1/second -j LOG -A logdrop-8 -j DROP -A logdrop-9 -m limit --limit 1/second -j LOG @@ -4889,6 +5923,15 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -4958,6 +6001,24 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -5059,16 +6120,62 @@ COMMIT :limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] -:limit-171 - [0:0] :limit-172 - [0:0] :limit-173 - [0:0] +:limit-174 - [0:0] +:limit-176 - [0:0] +:limit-177 - [0:0] +:limit-178 - [0:0] +:limit-179 - [0:0] :limit-18 - [0:0] -:limit-19 - [0:0] +:limit-180 - [0:0] +:limit-181 - [0:0] +:limit-182 - [0:0] +:limit-183 - [0:0] +:limit-184 - [0:0] +:limit-185 - [0:0] +:limit-186 - [0:0] +:limit-187 - [0:0] +:limit-188 - [0:0] +:limit-190 - [0:0] +:limit-191 - [0:0] +:limit-192 - [0:0] +:limit-194 - [0:0] +:limit-195 - [0:0] +:limit-196 - [0:0] +:limit-197 - [0:0] +:limit-198 - [0:0] +:limit-199 - [0:0] :limit-2 - [0:0] :limit-20 - [0:0] +:limit-200 - [0:0] +:limit-201 - [0:0] +:limit-202 - [0:0] +:limit-203 - [0:0] +:limit-204 - [0:0] +:limit-205 - [0:0] +:limit-206 - [0:0] +:limit-208 - [0:0] +:limit-209 - [0:0] :limit-21 - [0:0] +:limit-210 - [0:0] +:limit-212 - [0:0] +:limit-213 - [0:0] +:limit-214 - [0:0] +:limit-215 - [0:0] +:limit-216 - [0:0] +:limit-217 - [0:0] +:limit-218 - [0:0] +:limit-219 - [0:0] :limit-22 - [0:0] -:limit-23 - [0:0] +:limit-220 - [0:0] +:limit-221 - [0:0] +:limit-222 - [0:0] +:limit-223 - [0:0] +:limit-224 - [0:0] +:limit-225 - [0:0] +:limit-226 - [0:0] +:limit-227 - [0:0] :limit-24 - [0:0] :limit-25 - [0:0] :limit-26 - [0:0] @@ -5083,12 +6190,10 @@ COMMIT :limit-34 - [0:0] :limit-35 - [0:0] :limit-36 - [0:0] -:limit-37 - [0:0] :limit-38 - [0:0] :limit-39 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] -:limit-41 - [0:0] :limit-42 - [0:0] :limit-43 - [0:0] :limit-44 - [0:0] @@ -5103,11 +6208,9 @@ COMMIT :limit-52 - [0:0] :limit-53 - [0:0] :limit-54 - [0:0] -:limit-55 - [0:0] :limit-56 - [0:0] :limit-57 - [0:0] :limit-58 - [0:0] -:limit-59 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] :limit-61 - [0:0] @@ -5164,6 +6267,9 @@ COMMIT :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-10 - [0:0] +:logaccept-final-11 - [0:0] +:logaccept-final-12 - [0:0] +:logaccept-final-13 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] @@ -5185,11 +6291,9 @@ COMMIT :logdrop-18 - [0:0] :logdrop-19 - [0:0] :logdrop-2 - [0:0] -:logdrop-20 - [0:0] :logdrop-21 - [0:0] :logdrop-22 - [0:0] :logdrop-23 - [0:0] -:logdrop-24 - [0:0] :logdrop-25 - [0:0] :logdrop-26 - [0:0] :logdrop-27 - [0:0] @@ -5225,8 +6329,24 @@ COMMIT :logdrop-54 - [0:0] :logdrop-55 - [0:0] :logdrop-56 - [0:0] +:logdrop-57 - [0:0] +:logdrop-58 - [0:0] +:logdrop-59 - [0:0] :logdrop-6 - [0:0] +:logdrop-60 - [0:0] +:logdrop-61 - [0:0] +:logdrop-62 - [0:0] +:logdrop-63 - [0:0] +:logdrop-64 - [0:0] +:logdrop-65 - [0:0] +:logdrop-66 - [0:0] +:logdrop-67 - [0:0] +:logdrop-69 - [0:0] :logdrop-7 - [0:0] +:logdrop-70 - [0:0] +:logdrop-71 - [0:0] +:logdrop-73 - [0:0] +:logdrop-74 - [0:0] :logdrop-8 - [0:0] :logdrop-9 - [0:0] :logpass-0 - [0:0] @@ -5235,6 +6355,42 @@ COMMIT :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-151 +-A FORWARD -j limit-150 +-A FORWARD -j limit-149 +-A FORWARD -j limit-148 +-A FORWARD -j limit-147 +-A FORWARD -j limit-146 +-A FORWARD -j limit-145 +-A FORWARD -j limit-144 +-A FORWARD -j limit-143 +-A FORWARD -j limit-142 +-A FORWARD -j limit-141 +-A FORWARD -j limit-140 +-A FORWARD -j limit-139 +-A FORWARD -j limit-138 +-A FORWARD -j limit-137 +-A FORWARD -j limit-136 +-A FORWARD -j limit-135 +-A FORWARD -j limit-134 +-A FORWARD -j limit-133 +-A FORWARD -j limit-132 +-A FORWARD -j limit-131 +-A FORWARD -j limit-130 +-A FORWARD -j limit-129 +-A FORWARD -j limit-128 +-A FORWARD -j limit-127 +-A FORWARD -j limit-126 +-A FORWARD -j limit-125 +-A FORWARD -j limit-124 +-A FORWARD -j limit-123 +-A FORWARD -j limit-122 +-A FORWARD -j limit-121 +-A FORWARD -j limit-120 +-A FORWARD -j limit-119 +-A FORWARD -j limit-118 +-A FORWARD -j limit-117 +-A FORWARD -j limit-116 -A FORWARD -j limit-115 -A FORWARD -j limit-114 -A FORWARD -j limit-113 @@ -5275,24 +6431,6 @@ COMMIT -A FORWARD -j limit-78 -A FORWARD -j limit-77 -A FORWARD -j limit-76 --A FORWARD -j limit-75 --A FORWARD -j limit-74 --A FORWARD -j limit-73 --A FORWARD -j limit-72 --A FORWARD -j limit-71 --A FORWARD -j limit-70 --A FORWARD -j limit-69 --A FORWARD -j limit-68 --A FORWARD -j limit-67 --A FORWARD -j limit-66 --A FORWARD -j limit-65 --A FORWARD -j limit-64 --A FORWARD -j limit-63 --A FORWARD -j limit-62 --A FORWARD -j limit-61 --A FORWARD -j limit-60 --A FORWARD -j limit-59 --A FORWARD -j limit-58 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -5319,11 +6457,11 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-16 -A FORWARD -o eth1 -d fc00::/7 -j limit-17 -A FORWARD -o eth1 -d fc00::/7 -j limit-18 --A FORWARD -o eth1 -d fc00::/7 -j limit-19 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -A FORWARD -o eth1 -d fc00::/7 -j limit-20 -A FORWARD -o eth1 -d fc00::/7 -j limit-21 -A FORWARD -o eth1 -d fc00::/7 -j limit-22 --A FORWARD -o eth1 -d fc00::/7 -j limit-23 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -A FORWARD -o eth1 -d fc00::/7 -j limit-24 -A FORWARD -o eth1 -d fc00::/7 -j limit-25 -A FORWARD -o eth1 -d fc00::/7 -j limit-26 @@ -5337,11 +6475,11 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-34 -A FORWARD -o eth1 -d fc00::/7 -j limit-35 -A FORWARD -o eth1 -d fc00::/7 -j limit-36 --A FORWARD -o eth1 -d fc00::/7 -j limit-37 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-38 -A FORWARD -o eth1 -d fc00::/7 -j limit-39 -A FORWARD -o eth1 -d fc00::/7 -j limit-40 --A FORWARD -o eth1 -d fc00::/7 -j limit-41 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-42 -A FORWARD -o eth1 -d fc00::/7 -j limit-43 -A FORWARD -o eth1 -d fc00::/7 -j limit-44 @@ -5355,9 +6493,27 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-52 -A FORWARD -o eth1 -d fc00::/7 -j limit-53 -A FORWARD -o eth1 -d fc00::/7 -j limit-54 --A FORWARD -o eth1 -d fc00::/7 -j limit-55 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-56 -A FORWARD -o eth1 -d fc00::/7 -j limit-57 +-A FORWARD -o eth1 -d fc00::/7 -j limit-58 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-60 +-A FORWARD -o eth1 -d fc00::/7 -j limit-61 +-A FORWARD -o eth1 -d fc00::/7 -j limit-62 +-A FORWARD -o eth1 -d fc00::/7 -j limit-63 +-A FORWARD -o eth1 -d fc00::/7 -j limit-64 +-A FORWARD -o eth1 -d fc00::/7 -j limit-65 +-A FORWARD -o eth1 -d fc00::/7 -j limit-66 +-A FORWARD -o eth1 -d fc00::/7 -j limit-67 +-A FORWARD -o eth1 -d fc00::/7 -j limit-68 +-A FORWARD -o eth1 -d fc00::/7 -j limit-69 +-A FORWARD -o eth1 -d fc00::/7 -j limit-70 +-A FORWARD -o eth1 -d fc00::/7 -j limit-71 +-A FORWARD -o eth1 -d fc00::/7 -j limit-72 +-A FORWARD -o eth1 -d fc00::/7 -j limit-73 +-A FORWARD -o eth1 -d fc00::/7 -j limit-74 +-A FORWARD -o eth1 -d fc00::/7 -j limit-75 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -5391,16 +6547,25 @@ COMMIT -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-10 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-11 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-12 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-13 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-55 +-A FORWARD -j logdrop-73 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-56 +-A FORWARD -j logdrop-74 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -5433,6 +6598,42 @@ COMMIT -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-151 +-A INPUT -j limit-150 +-A INPUT -j limit-149 +-A INPUT -j limit-148 +-A INPUT -j limit-147 +-A INPUT -j limit-146 +-A INPUT -j limit-145 +-A INPUT -j limit-144 +-A INPUT -j limit-143 +-A INPUT -j limit-142 +-A INPUT -j limit-141 +-A INPUT -j limit-140 +-A INPUT -j limit-139 +-A INPUT -j limit-138 +-A INPUT -j limit-137 +-A INPUT -j limit-136 +-A INPUT -j limit-135 +-A INPUT -j limit-134 +-A INPUT -j limit-133 +-A INPUT -j limit-132 +-A INPUT -j limit-131 +-A INPUT -j limit-130 +-A INPUT -j limit-129 +-A INPUT -j limit-128 +-A INPUT -j limit-127 +-A INPUT -j limit-126 +-A INPUT -j limit-125 +-A INPUT -j limit-124 +-A INPUT -j limit-123 +-A INPUT -j limit-122 +-A INPUT -j limit-121 +-A INPUT -j limit-120 +-A INPUT -j limit-119 +-A INPUT -j limit-118 +-A INPUT -j limit-117 +-A INPUT -j limit-116 -A INPUT -j limit-115 -A INPUT -j limit-114 -A INPUT -j limit-113 @@ -5473,24 +6674,6 @@ COMMIT -A INPUT -j limit-78 -A INPUT -j limit-77 -A INPUT -j limit-76 --A INPUT -j limit-75 --A INPUT -j limit-74 --A INPUT -j limit-73 --A INPUT -j limit-72 --A INPUT -j limit-71 --A INPUT -j limit-70 --A INPUT -j limit-69 --A INPUT -j limit-68 --A INPUT -j limit-67 --A INPUT -j limit-66 --A INPUT -j limit-65 --A INPUT -j limit-64 --A INPUT -j limit-63 --A INPUT -j limit-62 --A INPUT -j limit-61 --A INPUT -j limit-60 --A INPUT -j limit-59 --A INPUT -j limit-58 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -5532,42 +6715,15 @@ COMMIT -A INPUT -j ACCEPT -A INPUT -j logaccept-final-10 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-116 --A INPUT -i eth0 -j limit-117 --A INPUT -i eth0 -j limit-118 --A INPUT -i eth0 -j limit-119 --A INPUT -i eth0 -j limit-120 --A INPUT -i eth0 -j limit-121 --A INPUT -i eth0 -j limit-122 --A INPUT -i eth0 -j limit-123 --A INPUT -i eth0 -j limit-124 --A INPUT -i eth0 -j limit-125 --A INPUT -i eth0 -j limit-126 --A INPUT -i eth0 -j limit-127 --A INPUT -i eth0 -j limit-128 --A INPUT -i eth0 -j limit-129 --A INPUT -i eth0 -j limit-130 --A INPUT -i eth0 -j limit-131 --A INPUT -i eth0 -j limit-132 --A INPUT -i eth0 -j limit-133 --A INPUT -i eth0 -j limit-134 --A INPUT -i eth0 -j limit-135 --A INPUT -i eth0 -j limit-136 --A INPUT -i eth0 -j limit-137 --A INPUT -i eth0 -j limit-138 --A INPUT -i eth0 -j limit-139 --A INPUT -i eth0 -j limit-140 --A INPUT -i eth0 -j limit-141 --A INPUT -i eth0 -j limit-142 --A INPUT -i eth0 -j limit-143 --A INPUT -i eth0 -j limit-144 --A INPUT -i eth0 -j limit-145 --A INPUT -i eth0 -j limit-146 --A INPUT -i eth0 -j limit-147 --A INPUT -i eth0 -j limit-148 --A INPUT -i eth0 -j limit-149 --A INPUT -i eth0 -j limit-150 --A INPUT -i eth0 -j limit-151 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-11 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-12 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-13 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-152 -A INPUT -i eth0 -j limit-153 -A INPUT -i eth0 -j limit-154 @@ -5587,19 +6743,73 @@ COMMIT -A INPUT -i eth0 -j limit-168 -A INPUT -i eth0 -j limit-169 -A INPUT -i eth0 -j limit-170 --A INPUT -i eth0 -j limit-171 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 -A INPUT -i eth0 -j limit-172 -A INPUT -i eth0 -j limit-173 +-A INPUT -i eth0 -j limit-174 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 +-A INPUT -i eth0 -j limit-176 +-A INPUT -i eth0 -j limit-177 +-A INPUT -i eth0 -j limit-178 +-A INPUT -i eth0 -j limit-179 +-A INPUT -i eth0 -j limit-180 +-A INPUT -i eth0 -j limit-181 +-A INPUT -i eth0 -j limit-182 +-A INPUT -i eth0 -j limit-183 +-A INPUT -i eth0 -j limit-184 +-A INPUT -i eth0 -j limit-185 +-A INPUT -i eth0 -j limit-186 +-A INPUT -i eth0 -j limit-187 +-A INPUT -i eth0 -j limit-188 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-190 +-A INPUT -i eth0 -j limit-191 +-A INPUT -i eth0 -j limit-192 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-194 +-A INPUT -i eth0 -j limit-195 +-A INPUT -i eth0 -j limit-196 +-A INPUT -i eth0 -j limit-197 +-A INPUT -i eth0 -j limit-198 +-A INPUT -i eth0 -j limit-199 +-A INPUT -i eth0 -j limit-200 +-A INPUT -i eth0 -j limit-201 +-A INPUT -i eth0 -j limit-202 +-A INPUT -i eth0 -j limit-203 +-A INPUT -i eth0 -j limit-204 +-A INPUT -i eth0 -j limit-205 +-A INPUT -i eth0 -j limit-206 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-208 +-A INPUT -i eth0 -j limit-209 +-A INPUT -i eth0 -j limit-210 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-212 +-A INPUT -i eth0 -j limit-213 +-A INPUT -i eth0 -j limit-214 +-A INPUT -i eth0 -j limit-215 +-A INPUT -i eth0 -j limit-216 +-A INPUT -i eth0 -j limit-217 +-A INPUT -i eth0 -j limit-218 +-A INPUT -i eth0 -j limit-219 +-A INPUT -i eth0 -j limit-220 +-A INPUT -i eth0 -j limit-221 +-A INPUT -i eth0 -j limit-222 +-A INPUT -i eth0 -j limit-223 +-A INPUT -i eth0 -j limit-224 +-A INPUT -i eth0 -j limit-225 +-A INPUT -i eth0 -j limit-226 +-A INPUT -i eth0 -j limit-227 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-55 +-A INPUT -j logdrop-73 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-56 +-A INPUT -j logdrop-74 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -5612,6 +6822,42 @@ COMMIT -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-151 +-A OUTPUT -j limit-150 +-A OUTPUT -j limit-149 +-A OUTPUT -j limit-148 +-A OUTPUT -j limit-147 +-A OUTPUT -j limit-146 +-A OUTPUT -j limit-145 +-A OUTPUT -j limit-144 +-A OUTPUT -j limit-143 +-A OUTPUT -j limit-142 +-A OUTPUT -j limit-141 +-A OUTPUT -j limit-140 +-A OUTPUT -j limit-139 +-A OUTPUT -j limit-138 +-A OUTPUT -j limit-137 +-A OUTPUT -j limit-136 +-A OUTPUT -j limit-135 +-A OUTPUT -j limit-134 +-A OUTPUT -j limit-133 +-A OUTPUT -j limit-132 +-A OUTPUT -j limit-131 +-A OUTPUT -j limit-130 +-A OUTPUT -j limit-129 +-A OUTPUT -j limit-128 +-A OUTPUT -j limit-127 +-A OUTPUT -j limit-126 +-A OUTPUT -j limit-125 +-A OUTPUT -j limit-124 +-A OUTPUT -j limit-123 +-A OUTPUT -j limit-122 +-A OUTPUT -j limit-121 +-A OUTPUT -j limit-120 +-A OUTPUT -j limit-119 +-A OUTPUT -j limit-118 +-A OUTPUT -j limit-117 +-A OUTPUT -j limit-116 -A OUTPUT -j limit-115 -A OUTPUT -j limit-114 -A OUTPUT -j limit-113 @@ -5652,24 +6898,6 @@ COMMIT -A OUTPUT -j limit-78 -A OUTPUT -j limit-77 -A OUTPUT -j limit-76 --A OUTPUT -j limit-75 --A OUTPUT -j limit-74 --A OUTPUT -j limit-73 --A OUTPUT -j limit-72 --A OUTPUT -j limit-71 --A OUTPUT -j limit-70 --A OUTPUT -j limit-69 --A OUTPUT -j limit-68 --A OUTPUT -j limit-67 --A OUTPUT -j limit-66 --A OUTPUT -j limit-65 --A OUTPUT -j limit-64 --A OUTPUT -j limit-63 --A OUTPUT -j limit-62 --A OUTPUT -j limit-61 --A OUTPUT -j limit-60 --A OUTPUT -j limit-59 --A OUTPUT -j limit-58 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -5697,11 +6925,11 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-16 -A OUTPUT -o eth1 -d fc00::/7 -j limit-17 -A OUTPUT -o eth1 -d fc00::/7 -j limit-18 --A OUTPUT -o eth1 -d fc00::/7 -j limit-19 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -A OUTPUT -o eth1 -d fc00::/7 -j limit-20 -A OUTPUT -o eth1 -d fc00::/7 -j limit-21 -A OUTPUT -o eth1 -d fc00::/7 -j limit-22 --A OUTPUT -o eth1 -d fc00::/7 -j limit-23 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -A OUTPUT -o eth1 -d fc00::/7 -j limit-24 -A OUTPUT -o eth1 -d fc00::/7 -j limit-25 -A OUTPUT -o eth1 -d fc00::/7 -j limit-26 @@ -5715,11 +6943,11 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-34 -A OUTPUT -o eth1 -d fc00::/7 -j limit-35 -A OUTPUT -o eth1 -d fc00::/7 -j limit-36 --A OUTPUT -o eth1 -d fc00::/7 -j limit-37 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-38 -A OUTPUT -o eth1 -d fc00::/7 -j limit-39 -A OUTPUT -o eth1 -d fc00::/7 -j limit-40 --A OUTPUT -o eth1 -d fc00::/7 -j limit-41 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-42 -A OUTPUT -o eth1 -d fc00::/7 -j limit-43 -A OUTPUT -o eth1 -d fc00::/7 -j limit-44 @@ -5733,9 +6961,27 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-52 -A OUTPUT -o eth1 -d fc00::/7 -j limit-53 -A OUTPUT -o eth1 -d fc00::/7 -j limit-54 --A OUTPUT -o eth1 -d fc00::/7 -j limit-55 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-56 -A OUTPUT -o eth1 -d fc00::/7 -j limit-57 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-58 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-60 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-61 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-62 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-63 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-64 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-65 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-66 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-67 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-68 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-69 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-70 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-71 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-72 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-73 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-74 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-75 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -5769,6 +7015,24 @@ COMMIT -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-10 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-11 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-12 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-13 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -5805,13 +7069,13 @@ COMMIT -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-55 +-A OUTPUT -j logdrop-73 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-56 +-A OUTPUT -j logdrop-74 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -5832,386 +7096,461 @@ COMMIT -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j RETURN --A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -j DROP --A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN --A limit-101 -m limit --limit 1/second -j LOG --A limit-101 -j DROP --A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j RETURN --A limit-102 -m limit --limit 1/second -j LOG --A limit-102 -j DROP --A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j RETURN --A limit-103 -m limit --limit 1/second -j LOG --A limit-103 -j DROP --A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j RETURN --A limit-104 -m limit --limit 1/second -j LOG --A limit-104 -j DROP --A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN --A limit-105 -m limit --limit 1/second -j LOG --A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j RETURN --A limit-106 -m limit --limit 1/second -j LOG --A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j RETURN --A limit-107 -m limit --limit 1/second -j LOG --A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j RETURN --A limit-108 -j DROP --A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN --A limit-109 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j RETURN --A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j RETURN --A limit-111 -j DROP --A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j RETURN --A limit-112 -j DROP --A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN --A limit-113 -j DROP --A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j RETURN --A limit-114 -j DROP --A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j RETURN --A limit-115 -j DROP --A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-118 -m limit --limit 1/second -j LOG --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-113 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-114 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-115 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-115 -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-117 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 --A limit-124 -m limit --limit 1/second -j LOG --A limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 --A limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 --A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 --A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-130 -m limit --limit 1/second -j LOG --A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-133 -m limit --limit 1/second -j LOG +-A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-136 -j RETURN -A limit-136 -m limit --limit 1/second -j LOG --A limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-136 -j DROP +-A limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-137 -j RETURN +-A limit-137 -m limit --limit 1/second -j LOG +-A limit-137 -j DROP +-A limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-138 -j RETURN +-A limit-138 -m limit --limit 1/second -j LOG +-A limit-138 -j DROP +-A limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-139 -j RETURN +-A limit-139 -m limit --limit 1/second -j LOG +-A limit-139 -j DROP -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-140 -j RETURN +-A limit-140 -m limit --limit 1/second -j LOG +-A limit-140 -j DROP +-A limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-141 -j RETURN +-A limit-141 -m limit --limit 1/second -j LOG +-A limit-141 -j DROP +-A limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-142 -j RETURN -A limit-142 -m limit --limit 1/second -j LOG --A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-148 -m limit --limit 1/second -j LOG --A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-142 -j DROP +-A limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-143 -j RETURN +-A limit-143 -m limit --limit 1/second -j LOG +-A limit-143 -j DROP +-A limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-144 -j RETURN +-A limit-144 -j DROP +-A limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-145 -j RETURN +-A limit-145 -j DROP +-A limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-146 -j RETURN +-A limit-146 -j DROP +-A limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-147 -j RETURN +-A limit-147 -j DROP +-A limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-148 -j RETURN +-A limit-148 -j DROP +-A limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-149 -j RETURN +-A limit-149 -j DROP -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-150 -j RETURN +-A limit-150 -j DROP +-A limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-151 -j RETURN +-A limit-151 -j DROP +-A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 +-A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 -A limit-154 -m limit --limit 1/second -j LOG --A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-158 -j ACCEPT --A limit-158 -m limit --limit 1/second -j LOG --A limit-158 -j DROP --A limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-159 -j RETURN --A limit-159 -m limit --limit 1/second -j LOG --A limit-159 -j DROP +-A limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 +-A limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 +-A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 +-A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-55 +-A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-56 +-A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-160 -j logaccept-4 +-A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-57 -A limit-160 -m limit --limit 1/second -j LOG --A limit-160 -j DROP --A limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-161 -j ACCEPT --A limit-161 -m limit --limit 1/second -j LOG --A limit-161 -j DROP --A limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-162 -j ACCEPT --A limit-162 -m limit --limit 1/second -j LOG --A limit-162 -j DROP --A limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-163 -j RETURN --A limit-163 -m limit --limit 1/second -j LOG --A limit-163 -j DROP --A limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-164 -j logaccept-5 --A limit-164 -m limit --limit 1/second -j LOG --A limit-164 -j DROP --A limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-165 -j ACCEPT --A limit-165 -m limit --limit 1/second -j LOG --A limit-165 -j DROP --A limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-166 -j ACCEPT --A limit-166 -j DROP --A limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-167 -j RETURN --A limit-167 -j DROP --A limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-168 -j logaccept-6 --A limit-168 -j DROP --A limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-169 -j ACCEPT --A limit-169 -j DROP +-A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-58 +-A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-59 +-A limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-60 +-A limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 +-A limit-166 -m limit --limit 1/second -j LOG +-A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 +-A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 +-A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 +-A limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-170 -j ACCEPT --A limit-170 -j DROP --A limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-171 -j RETURN --A limit-171 -j DROP --A limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-172 -j logaccept-7 --A limit-172 -j DROP --A limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-173 -j ACCEPT --A limit-173 -j DROP --A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-170 -j ACCEPT +-A limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-172 -m limit --limit 1/second -j LOG +-A limit-172 -j ACCEPT +-A limit-173 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-173 -m limit --limit 1/second -j LOG +-A limit-174 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-174 -j ACCEPT +-A limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-178 -m limit --limit 1/second -j LOG +-A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-18 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19 +-A limit-18 -j ACCEPT +-A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-184 -m limit --limit 1/second -j LOG +-A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-188 -j ACCEPT +-A limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-190 -m limit --limit 1/second -j LOG +-A limit-190 -j ACCEPT +-A limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-191 -m limit --limit 1/second -j LOG +-A limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-192 -j ACCEPT +-A limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m limit --limit 1/second -j LOG +-A limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-20 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG --A limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-20 -j ACCEPT +-A limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-202 -m limit --limit 1/second -j LOG +-A limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-206 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-206 -j ACCEPT +-A limit-208 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -m limit --limit 1/second -j LOG +-A limit-208 -j ACCEPT +-A limit-209 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-209 -m limit --limit 1/second -j LOG +-A limit-21 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22 +-A limit-21 -m limit --limit 1/second -j LOG +-A limit-210 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-210 -j ACCEPT +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j ACCEPT +-A limit-212 -m limit --limit 1/second -j LOG +-A limit-212 -j DROP +-A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN +-A limit-213 -m limit --limit 1/second -j LOG +-A limit-213 -j DROP +-A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j logaccept-4 +-A limit-214 -m limit --limit 1/second -j LOG +-A limit-214 -j DROP +-A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j ACCEPT +-A limit-215 -m limit --limit 1/second -j LOG +-A limit-215 -j DROP +-A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j ACCEPT +-A limit-216 -m limit --limit 1/second -j LOG +-A limit-216 -j DROP +-A limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN +-A limit-217 -m limit --limit 1/second -j LOG +-A limit-217 -j DROP +-A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j logaccept-5 +-A limit-218 -m limit --limit 1/second -j LOG +-A limit-218 -j DROP +-A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j ACCEPT +-A limit-219 -m limit --limit 1/second -j LOG +-A limit-219 -j DROP +-A limit-22 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23 +-A limit-22 -j ACCEPT +-A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j ACCEPT +-A limit-220 -j DROP +-A limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN +-A limit-221 -j DROP +-A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j logaccept-6 +-A limit-222 -j DROP +-A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j ACCEPT +-A limit-223 -j DROP +-A limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-224 -j ACCEPT +-A limit-224 -j DROP +-A limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-225 -j RETURN +-A limit-225 -j DROP +-A limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-226 -j logaccept-7 +-A limit-226 -j DROP +-A limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-227 -j ACCEPT +-A limit-227 -j DROP +-A limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-32 -m limit --limit 1/second -j LOG --A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-36 -j ACCEPT +-A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG --A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-38 -j ACCEPT +-A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-42 -j ACCEPT --A limit-42 -m limit --limit 1/second -j LOG --A limit-42 -j DROP --A limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-43 -j RETURN --A limit-43 -m limit --limit 1/second -j LOG --A limit-43 -j DROP --A limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-44 -j logaccept-0 +-A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-40 -j ACCEPT +-A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG --A limit-44 -j DROP --A limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-45 -j ACCEPT --A limit-45 -m limit --limit 1/second -j LOG --A limit-45 -j DROP --A limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-46 -j ACCEPT --A limit-46 -m limit --limit 1/second -j LOG --A limit-46 -j DROP --A limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-47 -j RETURN --A limit-47 -m limit --limit 1/second -j LOG --A limit-47 -j DROP --A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j logaccept-1 --A limit-48 -m limit --limit 1/second -j LOG --A limit-48 -j DROP --A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j ACCEPT --A limit-49 -m limit --limit 1/second -j LOG --A limit-49 -j DROP +-A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j ACCEPT --A limit-50 -j DROP --A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN --A limit-51 -j DROP --A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j logaccept-2 --A limit-52 -j DROP --A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j ACCEPT --A limit-53 -j DROP --A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j ACCEPT --A limit-54 -j DROP --A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN --A limit-55 -j DROP --A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j logaccept-3 --A limit-56 -j DROP --A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j ACCEPT --A limit-57 -j DROP --A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 --A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 --A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m limit --limit 1/second -j LOG +-A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-54 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-54 -j ACCEPT +-A limit-56 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-56 -m limit --limit 1/second -j LOG +-A limit-56 -j ACCEPT +-A limit-57 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m limit --limit 1/second -j LOG +-A limit-58 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-58 -j ACCEPT -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 --A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-60 -j ACCEPT +-A limit-60 -m limit --limit 1/second -j LOG +-A limit-60 -j DROP +-A limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-61 -j RETURN +-A limit-61 -m limit --limit 1/second -j LOG +-A limit-61 -j DROP +-A limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-62 -j logaccept-0 +-A limit-62 -m limit --limit 1/second -j LOG +-A limit-62 -j DROP +-A limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-63 -j ACCEPT +-A limit-63 -m limit --limit 1/second -j LOG +-A limit-63 -j DROP +-A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j ACCEPT +-A limit-64 -m limit --limit 1/second -j LOG +-A limit-64 -j DROP +-A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN +-A limit-65 -m limit --limit 1/second -j LOG +-A limit-65 -j DROP +-A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j logaccept-1 +-A limit-66 -m limit --limit 1/second -j LOG +-A limit-66 -j DROP +-A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j ACCEPT +-A limit-67 -m limit --limit 1/second -j LOG +-A limit-67 -j DROP +-A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j ACCEPT +-A limit-68 -j DROP +-A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN +-A limit-69 -j DROP -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j logaccept-2 +-A limit-70 -j DROP +-A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j ACCEPT +-A limit-71 -j DROP +-A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j ACCEPT +-A limit-72 -j DROP +-A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN +-A limit-73 -j DROP +-A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j logaccept-3 +-A limit-74 -j DROP +-A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j ACCEPT +-A limit-75 -j DROP +-A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 -A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 -A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 -A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 -A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 -A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-43 +-A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-45 +-A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-97 -m limit --limit 1/second -j LOG +-A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-47 +-A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-48 -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -6236,6 +7575,12 @@ COMMIT -A logaccept-final-1 -j ACCEPT -A logaccept-final-10 -m limit --limit 1/second -j LOG -A logaccept-final-10 -j ACCEPT +-A logaccept-final-11 -m limit --limit 1/second -j LOG +-A logaccept-final-11 -j ACCEPT +-A logaccept-final-12 -m limit --limit 1/second -j LOG +-A logaccept-final-12 -j ACCEPT +-A logaccept-final-13 -m limit --limit 1/second -j LOG +-A logaccept-final-13 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -6278,16 +7623,12 @@ COMMIT -A logdrop-19 -j DROP -A logdrop-2 -m limit --limit 1/second -j LOG -A logdrop-2 -j DROP --A logdrop-20 -m limit --limit 1/second -j LOG --A logdrop-20 -j DROP -A logdrop-21 -m limit --limit 1/second -j LOG -A logdrop-21 -j DROP -A logdrop-22 -m limit --limit 1/second -j LOG -A logdrop-22 -j DROP -A logdrop-23 -m limit --limit 1/second -j LOG -A logdrop-23 -j DROP --A logdrop-24 -m limit --limit 1/second -j LOG --A logdrop-24 -j DROP -A logdrop-25 -m limit --limit 1/second -j LOG -A logdrop-25 -j DROP -A logdrop-26 -m limit --limit 1/second -j LOG @@ -6358,10 +7699,42 @@ COMMIT -A logdrop-55 -j DROP -A logdrop-56 -m limit --limit 1/second -j LOG -A logdrop-56 -j DROP +-A logdrop-57 -m limit --limit 1/second -j LOG +-A logdrop-57 -j DROP +-A logdrop-58 -m limit --limit 1/second -j LOG +-A logdrop-58 -j DROP +-A logdrop-59 -m limit --limit 1/second -j LOG +-A logdrop-59 -j DROP -A logdrop-6 -m limit --limit 1/second -j LOG -A logdrop-6 -j DROP +-A logdrop-60 -m limit --limit 1/second -j LOG +-A logdrop-60 -j DROP +-A logdrop-61 -m limit --limit 1/second -j LOG +-A logdrop-61 -j DROP +-A logdrop-62 -m limit --limit 1/second -j LOG +-A logdrop-62 -j DROP +-A logdrop-63 -m limit --limit 1/second -j LOG +-A logdrop-63 -j DROP +-A logdrop-64 -m limit --limit 1/second -j LOG +-A logdrop-64 -j DROP +-A logdrop-65 -m limit --limit 1/second -j LOG +-A logdrop-65 -j DROP +-A logdrop-66 -m limit --limit 1/second -j LOG +-A logdrop-66 -j DROP +-A logdrop-67 -m limit --limit 1/second -j LOG +-A logdrop-67 -j DROP +-A logdrop-69 -m limit --limit 1/second -j LOG +-A logdrop-69 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG -A logdrop-7 -j DROP +-A logdrop-70 -m limit --limit 1/second -j LOG +-A logdrop-70 -j DROP +-A logdrop-71 -m limit --limit 1/second -j LOG +-A logdrop-71 -j DROP +-A logdrop-73 -m limit --limit 1/second -j LOG +-A logdrop-73 -j DROP +-A logdrop-74 -m limit --limit 1/second -j LOG +-A logdrop-74 -j DROP -A logdrop-8 -m limit --limit 1/second -j LOG -A logdrop-8 -j DROP -A logdrop-9 -m limit --limit 1/second -j LOG @@ -6421,6 +7794,15 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -6484,6 +7866,24 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack diff --git a/test/output/rules-save b/test/output/rules-save index 5a38be1..32d9e20 100644 --- a/test/output/rules-save +++ b/test/output/rules-save @@ -85,16 +85,62 @@ :limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] -:limit-171 - [0:0] :limit-172 - [0:0] :limit-173 - [0:0] +:limit-174 - [0:0] +:limit-176 - [0:0] +:limit-177 - [0:0] +:limit-178 - [0:0] +:limit-179 - [0:0] :limit-18 - [0:0] -:limit-19 - [0:0] +:limit-180 - [0:0] +:limit-181 - [0:0] +:limit-182 - [0:0] +:limit-183 - [0:0] +:limit-184 - [0:0] +:limit-185 - [0:0] +:limit-186 - [0:0] +:limit-187 - [0:0] +:limit-188 - [0:0] +:limit-190 - [0:0] +:limit-191 - [0:0] +:limit-192 - [0:0] +:limit-194 - [0:0] +:limit-195 - [0:0] +:limit-196 - [0:0] +:limit-197 - [0:0] +:limit-198 - [0:0] +:limit-199 - [0:0] :limit-2 - [0:0] :limit-20 - [0:0] +:limit-200 - [0:0] +:limit-201 - [0:0] +:limit-202 - [0:0] +:limit-203 - [0:0] +:limit-204 - [0:0] +:limit-205 - [0:0] +:limit-206 - [0:0] +:limit-208 - [0:0] +:limit-209 - [0:0] :limit-21 - [0:0] +:limit-210 - [0:0] +:limit-212 - [0:0] +:limit-213 - [0:0] +:limit-214 - [0:0] +:limit-215 - [0:0] +:limit-216 - [0:0] +:limit-217 - [0:0] +:limit-218 - [0:0] +:limit-219 - [0:0] :limit-22 - [0:0] -:limit-23 - [0:0] +:limit-220 - [0:0] +:limit-221 - [0:0] +:limit-222 - [0:0] +:limit-223 - [0:0] +:limit-224 - [0:0] +:limit-225 - [0:0] +:limit-226 - [0:0] +:limit-227 - [0:0] :limit-24 - [0:0] :limit-25 - [0:0] :limit-26 - [0:0] @@ -109,12 +155,10 @@ :limit-34 - [0:0] :limit-35 - [0:0] :limit-36 - [0:0] -:limit-37 - [0:0] :limit-38 - [0:0] :limit-39 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] -:limit-41 - [0:0] :limit-42 - [0:0] :limit-43 - [0:0] :limit-44 - [0:0] @@ -129,11 +173,9 @@ :limit-52 - [0:0] :limit-53 - [0:0] :limit-54 - [0:0] -:limit-55 - [0:0] :limit-56 - [0:0] :limit-57 - [0:0] :limit-58 - [0:0] -:limit-59 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] :limit-61 - [0:0] @@ -190,6 +232,9 @@ :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-10 - [0:0] +:logaccept-final-11 - [0:0] +:logaccept-final-12 - [0:0] +:logaccept-final-13 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] @@ -211,11 +256,9 @@ :logdrop-18 - [0:0] :logdrop-19 - [0:0] :logdrop-2 - [0:0] -:logdrop-20 - [0:0] :logdrop-21 - [0:0] :logdrop-22 - [0:0] :logdrop-23 - [0:0] -:logdrop-24 - [0:0] :logdrop-25 - [0:0] :logdrop-26 - [0:0] :logdrop-27 - [0:0] @@ -251,8 +294,24 @@ :logdrop-54 - [0:0] :logdrop-55 - [0:0] :logdrop-56 - [0:0] +:logdrop-57 - [0:0] +:logdrop-58 - [0:0] +:logdrop-59 - [0:0] :logdrop-6 - [0:0] +:logdrop-60 - [0:0] +:logdrop-61 - [0:0] +:logdrop-62 - [0:0] +:logdrop-63 - [0:0] +:logdrop-64 - [0:0] +:logdrop-65 - [0:0] +:logdrop-66 - [0:0] +:logdrop-67 - [0:0] +:logdrop-69 - [0:0] :logdrop-7 - [0:0] +:logdrop-70 - [0:0] +:logdrop-71 - [0:0] +:logdrop-73 - [0:0] +:logdrop-74 - [0:0] :logdrop-8 - [0:0] :logdrop-9 - [0:0] :logpass-0 - [0:0] @@ -261,6 +320,42 @@ :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-151 +-A FORWARD -j limit-150 +-A FORWARD -j limit-149 +-A FORWARD -j limit-148 +-A FORWARD -j limit-147 +-A FORWARD -j limit-146 +-A FORWARD -j limit-145 +-A FORWARD -j limit-144 +-A FORWARD -j limit-143 +-A FORWARD -j limit-142 +-A FORWARD -j limit-141 +-A FORWARD -j limit-140 +-A FORWARD -j limit-139 +-A FORWARD -j limit-138 +-A FORWARD -j limit-137 +-A FORWARD -j limit-136 +-A FORWARD -j limit-135 +-A FORWARD -j limit-134 +-A FORWARD -j limit-133 +-A FORWARD -j limit-132 +-A FORWARD -j limit-131 +-A FORWARD -j limit-130 +-A FORWARD -j limit-129 +-A FORWARD -j limit-128 +-A FORWARD -j limit-127 +-A FORWARD -j limit-126 +-A FORWARD -j limit-125 +-A FORWARD -j limit-124 +-A FORWARD -j limit-123 +-A FORWARD -j limit-122 +-A FORWARD -j limit-121 +-A FORWARD -j limit-120 +-A FORWARD -j limit-119 +-A FORWARD -j limit-118 +-A FORWARD -j limit-117 +-A FORWARD -j limit-116 -A FORWARD -j limit-115 -A FORWARD -j limit-114 -A FORWARD -j limit-113 @@ -301,24 +396,6 @@ -A FORWARD -j limit-78 -A FORWARD -j limit-77 -A FORWARD -j limit-76 --A FORWARD -j limit-75 --A FORWARD -j limit-74 --A FORWARD -j limit-73 --A FORWARD -j limit-72 --A FORWARD -j limit-71 --A FORWARD -j limit-70 --A FORWARD -j limit-69 --A FORWARD -j limit-68 --A FORWARD -j limit-67 --A FORWARD -j limit-66 --A FORWARD -j limit-65 --A FORWARD -j limit-64 --A FORWARD -j limit-63 --A FORWARD -j limit-62 --A FORWARD -j limit-61 --A FORWARD -j limit-60 --A FORWARD -j limit-59 --A FORWARD -j limit-58 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -345,11 +422,11 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 @@ -363,11 +440,11 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 @@ -381,9 +458,27 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-58 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-60 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-61 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-62 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-63 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-64 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-65 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-66 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-67 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-68 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-69 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-70 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-71 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-72 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-73 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-74 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-75 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -417,16 +512,25 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-10 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-11 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-12 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-13 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-55 +-A FORWARD -j logdrop-73 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-56 +-A FORWARD -j logdrop-74 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -489,6 +593,42 @@ -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-151 +-A INPUT -j limit-150 +-A INPUT -j limit-149 +-A INPUT -j limit-148 +-A INPUT -j limit-147 +-A INPUT -j limit-146 +-A INPUT -j limit-145 +-A INPUT -j limit-144 +-A INPUT -j limit-143 +-A INPUT -j limit-142 +-A INPUT -j limit-141 +-A INPUT -j limit-140 +-A INPUT -j limit-139 +-A INPUT -j limit-138 +-A INPUT -j limit-137 +-A INPUT -j limit-136 +-A INPUT -j limit-135 +-A INPUT -j limit-134 +-A INPUT -j limit-133 +-A INPUT -j limit-132 +-A INPUT -j limit-131 +-A INPUT -j limit-130 +-A INPUT -j limit-129 +-A INPUT -j limit-128 +-A INPUT -j limit-127 +-A INPUT -j limit-126 +-A INPUT -j limit-125 +-A INPUT -j limit-124 +-A INPUT -j limit-123 +-A INPUT -j limit-122 +-A INPUT -j limit-121 +-A INPUT -j limit-120 +-A INPUT -j limit-119 +-A INPUT -j limit-118 +-A INPUT -j limit-117 +-A INPUT -j limit-116 -A INPUT -j limit-115 -A INPUT -j limit-114 -A INPUT -j limit-113 @@ -529,24 +669,6 @@ -A INPUT -j limit-78 -A INPUT -j limit-77 -A INPUT -j limit-76 --A INPUT -j limit-75 --A INPUT -j limit-74 --A INPUT -j limit-73 --A INPUT -j limit-72 --A INPUT -j limit-71 --A INPUT -j limit-70 --A INPUT -j limit-69 --A INPUT -j limit-68 --A INPUT -j limit-67 --A INPUT -j limit-66 --A INPUT -j limit-65 --A INPUT -j limit-64 --A INPUT -j limit-63 --A INPUT -j limit-62 --A INPUT -j limit-61 --A INPUT -j limit-60 --A INPUT -j limit-59 --A INPUT -j limit-58 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -588,42 +710,15 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-10 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-116 --A INPUT -i eth0 -j limit-117 --A INPUT -i eth0 -j limit-118 --A INPUT -i eth0 -j limit-119 --A INPUT -i eth0 -j limit-120 --A INPUT -i eth0 -j limit-121 --A INPUT -i eth0 -j limit-122 --A INPUT -i eth0 -j limit-123 --A INPUT -i eth0 -j limit-124 --A INPUT -i eth0 -j limit-125 --A INPUT -i eth0 -j limit-126 --A INPUT -i eth0 -j limit-127 --A INPUT -i eth0 -j limit-128 --A INPUT -i eth0 -j limit-129 --A INPUT -i eth0 -j limit-130 --A INPUT -i eth0 -j limit-131 --A INPUT -i eth0 -j limit-132 --A INPUT -i eth0 -j limit-133 --A INPUT -i eth0 -j limit-134 --A INPUT -i eth0 -j limit-135 --A INPUT -i eth0 -j limit-136 --A INPUT -i eth0 -j limit-137 --A INPUT -i eth0 -j limit-138 --A INPUT -i eth0 -j limit-139 --A INPUT -i eth0 -j limit-140 --A INPUT -i eth0 -j limit-141 --A INPUT -i eth0 -j limit-142 --A INPUT -i eth0 -j limit-143 --A INPUT -i eth0 -j limit-144 --A INPUT -i eth0 -j limit-145 --A INPUT -i eth0 -j limit-146 --A INPUT -i eth0 -j limit-147 --A INPUT -i eth0 -j limit-148 --A INPUT -i eth0 -j limit-149 --A INPUT -i eth0 -j limit-150 --A INPUT -i eth0 -j limit-151 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-11 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-12 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-13 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-152 -A INPUT -i eth0 -j limit-153 -A INPUT -i eth0 -j limit-154 @@ -643,19 +738,73 @@ -A INPUT -i eth0 -j limit-168 -A INPUT -i eth0 -j limit-169 -A INPUT -i eth0 -j limit-170 --A INPUT -i eth0 -j limit-171 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 -A INPUT -i eth0 -j limit-172 -A INPUT -i eth0 -j limit-173 +-A INPUT -i eth0 -j limit-174 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 +-A INPUT -i eth0 -j limit-176 +-A INPUT -i eth0 -j limit-177 +-A INPUT -i eth0 -j limit-178 +-A INPUT -i eth0 -j limit-179 +-A INPUT -i eth0 -j limit-180 +-A INPUT -i eth0 -j limit-181 +-A INPUT -i eth0 -j limit-182 +-A INPUT -i eth0 -j limit-183 +-A INPUT -i eth0 -j limit-184 +-A INPUT -i eth0 -j limit-185 +-A INPUT -i eth0 -j limit-186 +-A INPUT -i eth0 -j limit-187 +-A INPUT -i eth0 -j limit-188 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-190 +-A INPUT -i eth0 -j limit-191 +-A INPUT -i eth0 -j limit-192 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-194 +-A INPUT -i eth0 -j limit-195 +-A INPUT -i eth0 -j limit-196 +-A INPUT -i eth0 -j limit-197 +-A INPUT -i eth0 -j limit-198 +-A INPUT -i eth0 -j limit-199 +-A INPUT -i eth0 -j limit-200 +-A INPUT -i eth0 -j limit-201 +-A INPUT -i eth0 -j limit-202 +-A INPUT -i eth0 -j limit-203 +-A INPUT -i eth0 -j limit-204 +-A INPUT -i eth0 -j limit-205 +-A INPUT -i eth0 -j limit-206 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-208 +-A INPUT -i eth0 -j limit-209 +-A INPUT -i eth0 -j limit-210 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-212 +-A INPUT -i eth0 -j limit-213 +-A INPUT -i eth0 -j limit-214 +-A INPUT -i eth0 -j limit-215 +-A INPUT -i eth0 -j limit-216 +-A INPUT -i eth0 -j limit-217 +-A INPUT -i eth0 -j limit-218 +-A INPUT -i eth0 -j limit-219 +-A INPUT -i eth0 -j limit-220 +-A INPUT -i eth0 -j limit-221 +-A INPUT -i eth0 -j limit-222 +-A INPUT -i eth0 -j limit-223 +-A INPUT -i eth0 -j limit-224 +-A INPUT -i eth0 -j limit-225 +-A INPUT -i eth0 -j limit-226 +-A INPUT -i eth0 -j limit-227 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-55 +-A INPUT -j logdrop-73 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-56 +-A INPUT -j logdrop-74 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -674,6 +823,42 @@ -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-151 +-A OUTPUT -j limit-150 +-A OUTPUT -j limit-149 +-A OUTPUT -j limit-148 +-A OUTPUT -j limit-147 +-A OUTPUT -j limit-146 +-A OUTPUT -j limit-145 +-A OUTPUT -j limit-144 +-A OUTPUT -j limit-143 +-A OUTPUT -j limit-142 +-A OUTPUT -j limit-141 +-A OUTPUT -j limit-140 +-A OUTPUT -j limit-139 +-A OUTPUT -j limit-138 +-A OUTPUT -j limit-137 +-A OUTPUT -j limit-136 +-A OUTPUT -j limit-135 +-A OUTPUT -j limit-134 +-A OUTPUT -j limit-133 +-A OUTPUT -j limit-132 +-A OUTPUT -j limit-131 +-A OUTPUT -j limit-130 +-A OUTPUT -j limit-129 +-A OUTPUT -j limit-128 +-A OUTPUT -j limit-127 +-A OUTPUT -j limit-126 +-A OUTPUT -j limit-125 +-A OUTPUT -j limit-124 +-A OUTPUT -j limit-123 +-A OUTPUT -j limit-122 +-A OUTPUT -j limit-121 +-A OUTPUT -j limit-120 +-A OUTPUT -j limit-119 +-A OUTPUT -j limit-118 +-A OUTPUT -j limit-117 +-A OUTPUT -j limit-116 -A OUTPUT -j limit-115 -A OUTPUT -j limit-114 -A OUTPUT -j limit-113 @@ -714,24 +899,6 @@ -A OUTPUT -j limit-78 -A OUTPUT -j limit-77 -A OUTPUT -j limit-76 --A OUTPUT -j limit-75 --A OUTPUT -j limit-74 --A OUTPUT -j limit-73 --A OUTPUT -j limit-72 --A OUTPUT -j limit-71 --A OUTPUT -j limit-70 --A OUTPUT -j limit-69 --A OUTPUT -j limit-68 --A OUTPUT -j limit-67 --A OUTPUT -j limit-66 --A OUTPUT -j limit-65 --A OUTPUT -j limit-64 --A OUTPUT -j limit-63 --A OUTPUT -j limit-62 --A OUTPUT -j limit-61 --A OUTPUT -j limit-60 --A OUTPUT -j limit-59 --A OUTPUT -j limit-58 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -759,11 +926,11 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 @@ -777,11 +944,11 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 @@ -795,9 +962,27 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-58 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-60 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-61 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-62 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-63 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-64 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-65 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-66 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-67 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-68 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-69 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-70 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-71 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-72 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-73 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-74 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-75 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -831,6 +1016,24 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-10 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-11 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-12 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-13 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -867,13 +1070,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-55 +-A OUTPUT -j logdrop-73 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-56 +-A OUTPUT -j logdrop-74 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -899,386 +1102,461 @@ -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j RETURN --A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -j DROP --A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN --A limit-101 -m limit --limit 1/second -j LOG --A limit-101 -j DROP --A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j RETURN --A limit-102 -m limit --limit 1/second -j LOG --A limit-102 -j DROP --A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j RETURN --A limit-103 -m limit --limit 1/second -j LOG --A limit-103 -j DROP --A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j RETURN --A limit-104 -m limit --limit 1/second -j LOG --A limit-104 -j DROP --A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN --A limit-105 -m limit --limit 1/second -j LOG --A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j RETURN --A limit-106 -m limit --limit 1/second -j LOG --A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j RETURN --A limit-107 -m limit --limit 1/second -j LOG --A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j RETURN --A limit-108 -j DROP --A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN --A limit-109 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set +-A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set +-A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --set +-A limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --set +-A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set --A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j RETURN --A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j RETURN --A limit-111 -j DROP --A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j RETURN --A limit-112 -j DROP --A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN --A limit-113 -j DROP --A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j RETURN --A limit-114 -j DROP --A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j RETURN --A limit-115 -j DROP --A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-118 -m limit --limit 1/second -j LOG --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-113 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-114 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-115 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-115 -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-117 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set +-A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set --A limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 --A limit-124 -m limit --limit 1/second -j LOG --A limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 --A limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 --A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 --A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-130 -m limit --limit 1/second -j LOG --A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --set --A limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-133 -m limit --limit 1/second -j LOG +-A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-136 -j RETURN -A limit-136 -m limit --limit 1/second -j LOG --A limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --set +-A limit-136 -j DROP +-A limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-137 -j RETURN +-A limit-137 -m limit --limit 1/second -j LOG +-A limit-137 -j DROP +-A limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-138 -j RETURN +-A limit-138 -m limit --limit 1/second -j LOG +-A limit-138 -j DROP +-A limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-139 -j RETURN +-A limit-139 -m limit --limit 1/second -j LOG +-A limit-139 -j DROP -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-140 -j RETURN +-A limit-140 -m limit --limit 1/second -j LOG +-A limit-140 -j DROP +-A limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-141 -j RETURN +-A limit-141 -m limit --limit 1/second -j LOG +-A limit-141 -j DROP +-A limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-142 -j RETURN -A limit-142 -m limit --limit 1/second -j LOG --A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --set --A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-148 -m limit --limit 1/second -j LOG --A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-142 -j DROP +-A limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-143 -j RETURN +-A limit-143 -m limit --limit 1/second -j LOG +-A limit-143 -j DROP +-A limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-144 -j RETURN +-A limit-144 -j DROP +-A limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-145 -j RETURN +-A limit-145 -j DROP +-A limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-146 -j RETURN +-A limit-146 -j DROP +-A limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-147 -j RETURN +-A limit-147 -j DROP +-A limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-148 -j RETURN +-A limit-148 -j DROP +-A limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-149 -j RETURN +-A limit-149 -j DROP -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set --A limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-150 -j RETURN +-A limit-150 -j DROP +-A limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-151 -j RETURN +-A limit-151 -j DROP +-A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 +-A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set +-A limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 -A limit-154 -m limit --limit 1/second -j LOG --A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-158 -j ACCEPT --A limit-158 -m limit --limit 1/second -j LOG --A limit-158 -j DROP --A limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-159 -j RETURN --A limit-159 -m limit --limit 1/second -j LOG --A limit-159 -j DROP +-A limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 +-A limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 +-A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 +-A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set +-A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-55 +-A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-56 +-A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-160 -j logaccept-4 +-A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-57 -A limit-160 -m limit --limit 1/second -j LOG --A limit-160 -j DROP --A limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-161 -j ACCEPT --A limit-161 -m limit --limit 1/second -j LOG --A limit-161 -j DROP --A limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-162 -j ACCEPT --A limit-162 -m limit --limit 1/second -j LOG --A limit-162 -j DROP --A limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-163 -j RETURN --A limit-163 -m limit --limit 1/second -j LOG --A limit-163 -j DROP --A limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-164 -j logaccept-5 --A limit-164 -m limit --limit 1/second -j LOG --A limit-164 -j DROP --A limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-165 -j ACCEPT --A limit-165 -m limit --limit 1/second -j LOG --A limit-165 -j DROP --A limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-166 -j ACCEPT --A limit-166 -j DROP --A limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-167 -j RETURN --A limit-167 -j DROP --A limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-168 -j logaccept-6 --A limit-168 -j DROP --A limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-169 -j ACCEPT --A limit-169 -j DROP +-A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-58 +-A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-59 +-A limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-60 +-A limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --set +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 +-A limit-166 -m limit --limit 1/second -j LOG +-A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 +-A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 +-A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 +-A limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-170 -j ACCEPT --A limit-170 -j DROP --A limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-171 -j RETURN --A limit-171 -j DROP --A limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-172 -j logaccept-7 --A limit-172 -j DROP --A limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-173 -j ACCEPT --A limit-173 -j DROP --A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --set +-A limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-170 -j ACCEPT +-A limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-172 -m limit --limit 1/second -j LOG +-A limit-172 -j ACCEPT +-A limit-173 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-173 -m limit --limit 1/second -j LOG +-A limit-174 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-174 -j ACCEPT +-A limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --set +-A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-178 -m limit --limit 1/second -j LOG +-A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-18 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19 +-A limit-18 -j ACCEPT +-A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set +-A limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-184 -m limit --limit 1/second -j LOG +-A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-188 -j ACCEPT +-A limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-190 -m limit --limit 1/second -j LOG +-A limit-190 -j ACCEPT +-A limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-191 -m limit --limit 1/second -j LOG +-A limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-192 -j ACCEPT +-A limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --set +-A limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m limit --limit 1/second -j LOG +-A limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --set -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-20 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG --A limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set --A limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-20 -j ACCEPT +-A limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-202 -m limit --limit 1/second -j LOG +-A limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-206 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-206 -j ACCEPT +-A limit-208 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -m limit --limit 1/second -j LOG +-A limit-208 -j ACCEPT +-A limit-209 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-209 -m limit --limit 1/second -j LOG +-A limit-21 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22 +-A limit-21 -m limit --limit 1/second -j LOG +-A limit-210 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-210 -j ACCEPT +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j ACCEPT +-A limit-212 -m limit --limit 1/second -j LOG +-A limit-212 -j DROP +-A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN +-A limit-213 -m limit --limit 1/second -j LOG +-A limit-213 -j DROP +-A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j logaccept-4 +-A limit-214 -m limit --limit 1/second -j LOG +-A limit-214 -j DROP +-A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j ACCEPT +-A limit-215 -m limit --limit 1/second -j LOG +-A limit-215 -j DROP +-A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j ACCEPT +-A limit-216 -m limit --limit 1/second -j LOG +-A limit-216 -j DROP +-A limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN +-A limit-217 -m limit --limit 1/second -j LOG +-A limit-217 -j DROP +-A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j logaccept-5 +-A limit-218 -m limit --limit 1/second -j LOG +-A limit-218 -j DROP +-A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j ACCEPT +-A limit-219 -m limit --limit 1/second -j LOG +-A limit-219 -j DROP +-A limit-22 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23 +-A limit-22 -j ACCEPT +-A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j ACCEPT +-A limit-220 -j DROP +-A limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN +-A limit-221 -j DROP +-A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j logaccept-6 +-A limit-222 -j DROP +-A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j ACCEPT +-A limit-223 -j DROP +-A limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-224 -j ACCEPT +-A limit-224 -j DROP +-A limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-225 -j RETURN +-A limit-225 -j DROP +-A limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-226 -j logaccept-7 +-A limit-226 -j DROP +-A limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-227 -j ACCEPT +-A limit-227 -j DROP +-A limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --set +-A limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --set -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set --A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-32 -m limit --limit 1/second -j LOG --A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set --A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-36 -j ACCEPT +-A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG --A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-38 -j ACCEPT +-A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-42 -j ACCEPT --A limit-42 -m limit --limit 1/second -j LOG --A limit-42 -j DROP --A limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-43 -j RETURN --A limit-43 -m limit --limit 1/second -j LOG --A limit-43 -j DROP --A limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-44 -j logaccept-0 +-A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-40 -j ACCEPT +-A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set +-A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG --A limit-44 -j DROP --A limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-45 -j ACCEPT --A limit-45 -m limit --limit 1/second -j LOG --A limit-45 -j DROP --A limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-46 -j ACCEPT --A limit-46 -m limit --limit 1/second -j LOG --A limit-46 -j DROP --A limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-47 -j RETURN --A limit-47 -m limit --limit 1/second -j LOG --A limit-47 -j DROP --A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j logaccept-1 --A limit-48 -m limit --limit 1/second -j LOG --A limit-48 -j DROP --A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j ACCEPT --A limit-49 -m limit --limit 1/second -j LOG --A limit-49 -j DROP +-A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set +-A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set --A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j ACCEPT --A limit-50 -j DROP --A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN --A limit-51 -j DROP --A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j logaccept-2 --A limit-52 -j DROP --A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j ACCEPT --A limit-53 -j DROP --A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j ACCEPT --A limit-54 -j DROP --A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN --A limit-55 -j DROP --A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j logaccept-3 --A limit-56 -j DROP --A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j ACCEPT --A limit-57 -j DROP --A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 --A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set --A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 --A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set +-A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m limit --limit 1/second -j LOG +-A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-54 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-54 -j ACCEPT +-A limit-56 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-56 -m limit --limit 1/second -j LOG +-A limit-56 -j ACCEPT +-A limit-57 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m limit --limit 1/second -j LOG +-A limit-58 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-58 -j ACCEPT -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set --A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set --A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 --A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set --A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set --A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set --A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set +-A limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-60 -j ACCEPT +-A limit-60 -m limit --limit 1/second -j LOG +-A limit-60 -j DROP +-A limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-61 -j RETURN +-A limit-61 -m limit --limit 1/second -j LOG +-A limit-61 -j DROP +-A limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-62 -j logaccept-0 +-A limit-62 -m limit --limit 1/second -j LOG +-A limit-62 -j DROP +-A limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-63 -j ACCEPT +-A limit-63 -m limit --limit 1/second -j LOG +-A limit-63 -j DROP +-A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j ACCEPT +-A limit-64 -m limit --limit 1/second -j LOG +-A limit-64 -j DROP +-A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN +-A limit-65 -m limit --limit 1/second -j LOG +-A limit-65 -j DROP +-A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j logaccept-1 +-A limit-66 -m limit --limit 1/second -j LOG +-A limit-66 -j DROP +-A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j ACCEPT +-A limit-67 -m limit --limit 1/second -j LOG +-A limit-67 -j DROP +-A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j ACCEPT +-A limit-68 -j DROP +-A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN +-A limit-69 -j DROP -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set --A limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j logaccept-2 +-A limit-70 -j DROP +-A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j ACCEPT +-A limit-71 -j DROP +-A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j ACCEPT +-A limit-72 -j DROP +-A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN +-A limit-73 -j DROP +-A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j logaccept-3 +-A limit-74 -j DROP +-A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j ACCEPT +-A limit-75 -j DROP +-A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 -A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 -A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set --A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set --A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 -A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 -A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set --A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 -A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set --A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set --A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set +-A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set +-A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set +-A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set +-A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set +-A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set +-A limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set --A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set --A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set --A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-43 +-A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-45 +-A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-97 -m limit --limit 1/second -j LOG +-A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-47 +-A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-48 -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -1303,6 +1581,12 @@ -A logaccept-final-1 -j ACCEPT -A logaccept-final-10 -m limit --limit 1/second -j LOG -A logaccept-final-10 -j ACCEPT +-A logaccept-final-11 -m limit --limit 1/second -j LOG +-A logaccept-final-11 -j ACCEPT +-A logaccept-final-12 -m limit --limit 1/second -j LOG +-A logaccept-final-12 -j ACCEPT +-A logaccept-final-13 -m limit --limit 1/second -j LOG +-A logaccept-final-13 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -1345,16 +1629,12 @@ -A logdrop-19 -j DROP -A logdrop-2 -m limit --limit 1/second -j LOG -A logdrop-2 -j DROP --A logdrop-20 -m limit --limit 1/second -j LOG --A logdrop-20 -j DROP -A logdrop-21 -m limit --limit 1/second -j LOG -A logdrop-21 -j DROP -A logdrop-22 -m limit --limit 1/second -j LOG -A logdrop-22 -j DROP -A logdrop-23 -m limit --limit 1/second -j LOG -A logdrop-23 -j DROP --A logdrop-24 -m limit --limit 1/second -j LOG --A logdrop-24 -j DROP -A logdrop-25 -m limit --limit 1/second -j LOG -A logdrop-25 -j DROP -A logdrop-26 -m limit --limit 1/second -j LOG @@ -1425,10 +1705,42 @@ -A logdrop-55 -j DROP -A logdrop-56 -m limit --limit 1/second -j LOG -A logdrop-56 -j DROP +-A logdrop-57 -m limit --limit 1/second -j LOG +-A logdrop-57 -j DROP +-A logdrop-58 -m limit --limit 1/second -j LOG +-A logdrop-58 -j DROP +-A logdrop-59 -m limit --limit 1/second -j LOG +-A logdrop-59 -j DROP -A logdrop-6 -m limit --limit 1/second -j LOG -A logdrop-6 -j DROP +-A logdrop-60 -m limit --limit 1/second -j LOG +-A logdrop-60 -j DROP +-A logdrop-61 -m limit --limit 1/second -j LOG +-A logdrop-61 -j DROP +-A logdrop-62 -m limit --limit 1/second -j LOG +-A logdrop-62 -j DROP +-A logdrop-63 -m limit --limit 1/second -j LOG +-A logdrop-63 -j DROP +-A logdrop-64 -m limit --limit 1/second -j LOG +-A logdrop-64 -j DROP +-A logdrop-65 -m limit --limit 1/second -j LOG +-A logdrop-65 -j DROP +-A logdrop-66 -m limit --limit 1/second -j LOG +-A logdrop-66 -j DROP +-A logdrop-67 -m limit --limit 1/second -j LOG +-A logdrop-67 -j DROP +-A logdrop-69 -m limit --limit 1/second -j LOG +-A logdrop-69 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG -A logdrop-7 -j DROP +-A logdrop-70 -m limit --limit 1/second -j LOG +-A logdrop-70 -j DROP +-A logdrop-71 -m limit --limit 1/second -j LOG +-A logdrop-71 -j DROP +-A logdrop-73 -m limit --limit 1/second -j LOG +-A logdrop-73 -j DROP +-A logdrop-74 -m limit --limit 1/second -j LOG +-A logdrop-74 -j DROP -A logdrop-8 -m limit --limit 1/second -j LOG -A logdrop-8 -j DROP -A logdrop-9 -m limit --limit 1/second -j LOG @@ -1505,6 +1817,15 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -1574,6 +1895,24 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack diff --git a/test/output/rules6-save b/test/output/rules6-save index a3fe183..d79f6a9 100644 --- a/test/output/rules6-save +++ b/test/output/rules6-save @@ -85,16 +85,62 @@ :limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] -:limit-171 - [0:0] :limit-172 - [0:0] :limit-173 - [0:0] +:limit-174 - [0:0] +:limit-176 - [0:0] +:limit-177 - [0:0] +:limit-178 - [0:0] +:limit-179 - [0:0] :limit-18 - [0:0] -:limit-19 - [0:0] +:limit-180 - [0:0] +:limit-181 - [0:0] +:limit-182 - [0:0] +:limit-183 - [0:0] +:limit-184 - [0:0] +:limit-185 - [0:0] +:limit-186 - [0:0] +:limit-187 - [0:0] +:limit-188 - [0:0] +:limit-190 - [0:0] +:limit-191 - [0:0] +:limit-192 - [0:0] +:limit-194 - [0:0] +:limit-195 - [0:0] +:limit-196 - [0:0] +:limit-197 - [0:0] +:limit-198 - [0:0] +:limit-199 - [0:0] :limit-2 - [0:0] :limit-20 - [0:0] +:limit-200 - [0:0] +:limit-201 - [0:0] +:limit-202 - [0:0] +:limit-203 - [0:0] +:limit-204 - [0:0] +:limit-205 - [0:0] +:limit-206 - [0:0] +:limit-208 - [0:0] +:limit-209 - [0:0] :limit-21 - [0:0] +:limit-210 - [0:0] +:limit-212 - [0:0] +:limit-213 - [0:0] +:limit-214 - [0:0] +:limit-215 - [0:0] +:limit-216 - [0:0] +:limit-217 - [0:0] +:limit-218 - [0:0] +:limit-219 - [0:0] :limit-22 - [0:0] -:limit-23 - [0:0] +:limit-220 - [0:0] +:limit-221 - [0:0] +:limit-222 - [0:0] +:limit-223 - [0:0] +:limit-224 - [0:0] +:limit-225 - [0:0] +:limit-226 - [0:0] +:limit-227 - [0:0] :limit-24 - [0:0] :limit-25 - [0:0] :limit-26 - [0:0] @@ -109,12 +155,10 @@ :limit-34 - [0:0] :limit-35 - [0:0] :limit-36 - [0:0] -:limit-37 - [0:0] :limit-38 - [0:0] :limit-39 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] -:limit-41 - [0:0] :limit-42 - [0:0] :limit-43 - [0:0] :limit-44 - [0:0] @@ -129,11 +173,9 @@ :limit-52 - [0:0] :limit-53 - [0:0] :limit-54 - [0:0] -:limit-55 - [0:0] :limit-56 - [0:0] :limit-57 - [0:0] :limit-58 - [0:0] -:limit-59 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] :limit-61 - [0:0] @@ -190,6 +232,9 @@ :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-10 - [0:0] +:logaccept-final-11 - [0:0] +:logaccept-final-12 - [0:0] +:logaccept-final-13 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] @@ -211,11 +256,9 @@ :logdrop-18 - [0:0] :logdrop-19 - [0:0] :logdrop-2 - [0:0] -:logdrop-20 - [0:0] :logdrop-21 - [0:0] :logdrop-22 - [0:0] :logdrop-23 - [0:0] -:logdrop-24 - [0:0] :logdrop-25 - [0:0] :logdrop-26 - [0:0] :logdrop-27 - [0:0] @@ -251,8 +294,24 @@ :logdrop-54 - [0:0] :logdrop-55 - [0:0] :logdrop-56 - [0:0] +:logdrop-57 - [0:0] +:logdrop-58 - [0:0] +:logdrop-59 - [0:0] :logdrop-6 - [0:0] +:logdrop-60 - [0:0] +:logdrop-61 - [0:0] +:logdrop-62 - [0:0] +:logdrop-63 - [0:0] +:logdrop-64 - [0:0] +:logdrop-65 - [0:0] +:logdrop-66 - [0:0] +:logdrop-67 - [0:0] +:logdrop-69 - [0:0] :logdrop-7 - [0:0] +:logdrop-70 - [0:0] +:logdrop-71 - [0:0] +:logdrop-73 - [0:0] +:logdrop-74 - [0:0] :logdrop-8 - [0:0] :logdrop-9 - [0:0] :logpass-0 - [0:0] @@ -261,6 +320,42 @@ :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-151 +-A FORWARD -j limit-150 +-A FORWARD -j limit-149 +-A FORWARD -j limit-148 +-A FORWARD -j limit-147 +-A FORWARD -j limit-146 +-A FORWARD -j limit-145 +-A FORWARD -j limit-144 +-A FORWARD -j limit-143 +-A FORWARD -j limit-142 +-A FORWARD -j limit-141 +-A FORWARD -j limit-140 +-A FORWARD -j limit-139 +-A FORWARD -j limit-138 +-A FORWARD -j limit-137 +-A FORWARD -j limit-136 +-A FORWARD -j limit-135 +-A FORWARD -j limit-134 +-A FORWARD -j limit-133 +-A FORWARD -j limit-132 +-A FORWARD -j limit-131 +-A FORWARD -j limit-130 +-A FORWARD -j limit-129 +-A FORWARD -j limit-128 +-A FORWARD -j limit-127 +-A FORWARD -j limit-126 +-A FORWARD -j limit-125 +-A FORWARD -j limit-124 +-A FORWARD -j limit-123 +-A FORWARD -j limit-122 +-A FORWARD -j limit-121 +-A FORWARD -j limit-120 +-A FORWARD -j limit-119 +-A FORWARD -j limit-118 +-A FORWARD -j limit-117 +-A FORWARD -j limit-116 -A FORWARD -j limit-115 -A FORWARD -j limit-114 -A FORWARD -j limit-113 @@ -301,24 +396,6 @@ -A FORWARD -j limit-78 -A FORWARD -j limit-77 -A FORWARD -j limit-76 --A FORWARD -j limit-75 --A FORWARD -j limit-74 --A FORWARD -j limit-73 --A FORWARD -j limit-72 --A FORWARD -j limit-71 --A FORWARD -j limit-70 --A FORWARD -j limit-69 --A FORWARD -j limit-68 --A FORWARD -j limit-67 --A FORWARD -j limit-66 --A FORWARD -j limit-65 --A FORWARD -j limit-64 --A FORWARD -j limit-63 --A FORWARD -j limit-62 --A FORWARD -j limit-61 --A FORWARD -j limit-60 --A FORWARD -j limit-59 --A FORWARD -j limit-58 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -345,11 +422,11 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-16 -A FORWARD -o eth1 -d fc00::/7 -j limit-17 -A FORWARD -o eth1 -d fc00::/7 -j limit-18 --A FORWARD -o eth1 -d fc00::/7 -j limit-19 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -A FORWARD -o eth1 -d fc00::/7 -j limit-20 -A FORWARD -o eth1 -d fc00::/7 -j limit-21 -A FORWARD -o eth1 -d fc00::/7 -j limit-22 --A FORWARD -o eth1 -d fc00::/7 -j limit-23 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -A FORWARD -o eth1 -d fc00::/7 -j limit-24 -A FORWARD -o eth1 -d fc00::/7 -j limit-25 -A FORWARD -o eth1 -d fc00::/7 -j limit-26 @@ -363,11 +440,11 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-34 -A FORWARD -o eth1 -d fc00::/7 -j limit-35 -A FORWARD -o eth1 -d fc00::/7 -j limit-36 --A FORWARD -o eth1 -d fc00::/7 -j limit-37 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-38 -A FORWARD -o eth1 -d fc00::/7 -j limit-39 -A FORWARD -o eth1 -d fc00::/7 -j limit-40 --A FORWARD -o eth1 -d fc00::/7 -j limit-41 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-42 -A FORWARD -o eth1 -d fc00::/7 -j limit-43 -A FORWARD -o eth1 -d fc00::/7 -j limit-44 @@ -381,9 +458,27 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-52 -A FORWARD -o eth1 -d fc00::/7 -j limit-53 -A FORWARD -o eth1 -d fc00::/7 -j limit-54 --A FORWARD -o eth1 -d fc00::/7 -j limit-55 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-56 -A FORWARD -o eth1 -d fc00::/7 -j limit-57 +-A FORWARD -o eth1 -d fc00::/7 -j limit-58 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-60 +-A FORWARD -o eth1 -d fc00::/7 -j limit-61 +-A FORWARD -o eth1 -d fc00::/7 -j limit-62 +-A FORWARD -o eth1 -d fc00::/7 -j limit-63 +-A FORWARD -o eth1 -d fc00::/7 -j limit-64 +-A FORWARD -o eth1 -d fc00::/7 -j limit-65 +-A FORWARD -o eth1 -d fc00::/7 -j limit-66 +-A FORWARD -o eth1 -d fc00::/7 -j limit-67 +-A FORWARD -o eth1 -d fc00::/7 -j limit-68 +-A FORWARD -o eth1 -d fc00::/7 -j limit-69 +-A FORWARD -o eth1 -d fc00::/7 -j limit-70 +-A FORWARD -o eth1 -d fc00::/7 -j limit-71 +-A FORWARD -o eth1 -d fc00::/7 -j limit-72 +-A FORWARD -o eth1 -d fc00::/7 -j limit-73 +-A FORWARD -o eth1 -d fc00::/7 -j limit-74 +-A FORWARD -o eth1 -d fc00::/7 -j limit-75 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -417,16 +512,25 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-10 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-11 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-12 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-13 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-55 +-A FORWARD -j logdrop-73 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-56 +-A FORWARD -j logdrop-74 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -459,6 +563,42 @@ -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-151 +-A INPUT -j limit-150 +-A INPUT -j limit-149 +-A INPUT -j limit-148 +-A INPUT -j limit-147 +-A INPUT -j limit-146 +-A INPUT -j limit-145 +-A INPUT -j limit-144 +-A INPUT -j limit-143 +-A INPUT -j limit-142 +-A INPUT -j limit-141 +-A INPUT -j limit-140 +-A INPUT -j limit-139 +-A INPUT -j limit-138 +-A INPUT -j limit-137 +-A INPUT -j limit-136 +-A INPUT -j limit-135 +-A INPUT -j limit-134 +-A INPUT -j limit-133 +-A INPUT -j limit-132 +-A INPUT -j limit-131 +-A INPUT -j limit-130 +-A INPUT -j limit-129 +-A INPUT -j limit-128 +-A INPUT -j limit-127 +-A INPUT -j limit-126 +-A INPUT -j limit-125 +-A INPUT -j limit-124 +-A INPUT -j limit-123 +-A INPUT -j limit-122 +-A INPUT -j limit-121 +-A INPUT -j limit-120 +-A INPUT -j limit-119 +-A INPUT -j limit-118 +-A INPUT -j limit-117 +-A INPUT -j limit-116 -A INPUT -j limit-115 -A INPUT -j limit-114 -A INPUT -j limit-113 @@ -499,24 +639,6 @@ -A INPUT -j limit-78 -A INPUT -j limit-77 -A INPUT -j limit-76 --A INPUT -j limit-75 --A INPUT -j limit-74 --A INPUT -j limit-73 --A INPUT -j limit-72 --A INPUT -j limit-71 --A INPUT -j limit-70 --A INPUT -j limit-69 --A INPUT -j limit-68 --A INPUT -j limit-67 --A INPUT -j limit-66 --A INPUT -j limit-65 --A INPUT -j limit-64 --A INPUT -j limit-63 --A INPUT -j limit-62 --A INPUT -j limit-61 --A INPUT -j limit-60 --A INPUT -j limit-59 --A INPUT -j limit-58 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -558,42 +680,15 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-10 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-116 --A INPUT -i eth0 -j limit-117 --A INPUT -i eth0 -j limit-118 --A INPUT -i eth0 -j limit-119 --A INPUT -i eth0 -j limit-120 --A INPUT -i eth0 -j limit-121 --A INPUT -i eth0 -j limit-122 --A INPUT -i eth0 -j limit-123 --A INPUT -i eth0 -j limit-124 --A INPUT -i eth0 -j limit-125 --A INPUT -i eth0 -j limit-126 --A INPUT -i eth0 -j limit-127 --A INPUT -i eth0 -j limit-128 --A INPUT -i eth0 -j limit-129 --A INPUT -i eth0 -j limit-130 --A INPUT -i eth0 -j limit-131 --A INPUT -i eth0 -j limit-132 --A INPUT -i eth0 -j limit-133 --A INPUT -i eth0 -j limit-134 --A INPUT -i eth0 -j limit-135 --A INPUT -i eth0 -j limit-136 --A INPUT -i eth0 -j limit-137 --A INPUT -i eth0 -j limit-138 --A INPUT -i eth0 -j limit-139 --A INPUT -i eth0 -j limit-140 --A INPUT -i eth0 -j limit-141 --A INPUT -i eth0 -j limit-142 --A INPUT -i eth0 -j limit-143 --A INPUT -i eth0 -j limit-144 --A INPUT -i eth0 -j limit-145 --A INPUT -i eth0 -j limit-146 --A INPUT -i eth0 -j limit-147 --A INPUT -i eth0 -j limit-148 --A INPUT -i eth0 -j limit-149 --A INPUT -i eth0 -j limit-150 --A INPUT -i eth0 -j limit-151 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-11 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-12 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-13 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-152 -A INPUT -i eth0 -j limit-153 -A INPUT -i eth0 -j limit-154 @@ -613,19 +708,73 @@ -A INPUT -i eth0 -j limit-168 -A INPUT -i eth0 -j limit-169 -A INPUT -i eth0 -j limit-170 --A INPUT -i eth0 -j limit-171 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 -A INPUT -i eth0 -j limit-172 -A INPUT -i eth0 -j limit-173 +-A INPUT -i eth0 -j limit-174 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 +-A INPUT -i eth0 -j limit-176 +-A INPUT -i eth0 -j limit-177 +-A INPUT -i eth0 -j limit-178 +-A INPUT -i eth0 -j limit-179 +-A INPUT -i eth0 -j limit-180 +-A INPUT -i eth0 -j limit-181 +-A INPUT -i eth0 -j limit-182 +-A INPUT -i eth0 -j limit-183 +-A INPUT -i eth0 -j limit-184 +-A INPUT -i eth0 -j limit-185 +-A INPUT -i eth0 -j limit-186 +-A INPUT -i eth0 -j limit-187 +-A INPUT -i eth0 -j limit-188 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-190 +-A INPUT -i eth0 -j limit-191 +-A INPUT -i eth0 -j limit-192 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-194 +-A INPUT -i eth0 -j limit-195 +-A INPUT -i eth0 -j limit-196 +-A INPUT -i eth0 -j limit-197 +-A INPUT -i eth0 -j limit-198 +-A INPUT -i eth0 -j limit-199 +-A INPUT -i eth0 -j limit-200 +-A INPUT -i eth0 -j limit-201 +-A INPUT -i eth0 -j limit-202 +-A INPUT -i eth0 -j limit-203 +-A INPUT -i eth0 -j limit-204 +-A INPUT -i eth0 -j limit-205 +-A INPUT -i eth0 -j limit-206 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-208 +-A INPUT -i eth0 -j limit-209 +-A INPUT -i eth0 -j limit-210 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-212 +-A INPUT -i eth0 -j limit-213 +-A INPUT -i eth0 -j limit-214 +-A INPUT -i eth0 -j limit-215 +-A INPUT -i eth0 -j limit-216 +-A INPUT -i eth0 -j limit-217 +-A INPUT -i eth0 -j limit-218 +-A INPUT -i eth0 -j limit-219 +-A INPUT -i eth0 -j limit-220 +-A INPUT -i eth0 -j limit-221 +-A INPUT -i eth0 -j limit-222 +-A INPUT -i eth0 -j limit-223 +-A INPUT -i eth0 -j limit-224 +-A INPUT -i eth0 -j limit-225 +-A INPUT -i eth0 -j limit-226 +-A INPUT -i eth0 -j limit-227 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-55 +-A INPUT -j logdrop-73 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-56 +-A INPUT -j logdrop-74 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -638,6 +787,42 @@ -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-151 +-A OUTPUT -j limit-150 +-A OUTPUT -j limit-149 +-A OUTPUT -j limit-148 +-A OUTPUT -j limit-147 +-A OUTPUT -j limit-146 +-A OUTPUT -j limit-145 +-A OUTPUT -j limit-144 +-A OUTPUT -j limit-143 +-A OUTPUT -j limit-142 +-A OUTPUT -j limit-141 +-A OUTPUT -j limit-140 +-A OUTPUT -j limit-139 +-A OUTPUT -j limit-138 +-A OUTPUT -j limit-137 +-A OUTPUT -j limit-136 +-A OUTPUT -j limit-135 +-A OUTPUT -j limit-134 +-A OUTPUT -j limit-133 +-A OUTPUT -j limit-132 +-A OUTPUT -j limit-131 +-A OUTPUT -j limit-130 +-A OUTPUT -j limit-129 +-A OUTPUT -j limit-128 +-A OUTPUT -j limit-127 +-A OUTPUT -j limit-126 +-A OUTPUT -j limit-125 +-A OUTPUT -j limit-124 +-A OUTPUT -j limit-123 +-A OUTPUT -j limit-122 +-A OUTPUT -j limit-121 +-A OUTPUT -j limit-120 +-A OUTPUT -j limit-119 +-A OUTPUT -j limit-118 +-A OUTPUT -j limit-117 +-A OUTPUT -j limit-116 -A OUTPUT -j limit-115 -A OUTPUT -j limit-114 -A OUTPUT -j limit-113 @@ -678,24 +863,6 @@ -A OUTPUT -j limit-78 -A OUTPUT -j limit-77 -A OUTPUT -j limit-76 --A OUTPUT -j limit-75 --A OUTPUT -j limit-74 --A OUTPUT -j limit-73 --A OUTPUT -j limit-72 --A OUTPUT -j limit-71 --A OUTPUT -j limit-70 --A OUTPUT -j limit-69 --A OUTPUT -j limit-68 --A OUTPUT -j limit-67 --A OUTPUT -j limit-66 --A OUTPUT -j limit-65 --A OUTPUT -j limit-64 --A OUTPUT -j limit-63 --A OUTPUT -j limit-62 --A OUTPUT -j limit-61 --A OUTPUT -j limit-60 --A OUTPUT -j limit-59 --A OUTPUT -j limit-58 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -723,11 +890,11 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-16 -A OUTPUT -o eth1 -d fc00::/7 -j limit-17 -A OUTPUT -o eth1 -d fc00::/7 -j limit-18 --A OUTPUT -o eth1 -d fc00::/7 -j limit-19 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20 -A OUTPUT -o eth1 -d fc00::/7 -j limit-20 -A OUTPUT -o eth1 -d fc00::/7 -j limit-21 -A OUTPUT -o eth1 -d fc00::/7 -j limit-22 --A OUTPUT -o eth1 -d fc00::/7 -j limit-23 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -A OUTPUT -o eth1 -d fc00::/7 -j limit-24 -A OUTPUT -o eth1 -d fc00::/7 -j limit-25 -A OUTPUT -o eth1 -d fc00::/7 -j limit-26 @@ -741,11 +908,11 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-34 -A OUTPUT -o eth1 -d fc00::/7 -j limit-35 -A OUTPUT -o eth1 -d fc00::/7 -j limit-36 --A OUTPUT -o eth1 -d fc00::/7 -j limit-37 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-38 -A OUTPUT -o eth1 -d fc00::/7 -j limit-39 -A OUTPUT -o eth1 -d fc00::/7 -j limit-40 --A OUTPUT -o eth1 -d fc00::/7 -j limit-41 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-42 -A OUTPUT -o eth1 -d fc00::/7 -j limit-43 -A OUTPUT -o eth1 -d fc00::/7 -j limit-44 @@ -759,9 +926,27 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-52 -A OUTPUT -o eth1 -d fc00::/7 -j limit-53 -A OUTPUT -o eth1 -d fc00::/7 -j limit-54 --A OUTPUT -o eth1 -d fc00::/7 -j limit-55 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-56 -A OUTPUT -o eth1 -d fc00::/7 -j limit-57 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-58 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-60 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-61 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-62 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-63 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-64 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-65 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-66 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-67 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-68 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-69 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-70 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-71 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-72 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-73 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-74 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-75 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -795,6 +980,24 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-10 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-11 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-12 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-13 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -831,13 +1034,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-55 +-A OUTPUT -j logdrop-73 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-56 +-A OUTPUT -j logdrop-74 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -858,386 +1061,461 @@ -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j RETURN --A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -j DROP --A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN --A limit-101 -m limit --limit 1/second -j LOG --A limit-101 -j DROP --A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j RETURN --A limit-102 -m limit --limit 1/second -j LOG --A limit-102 -j DROP --A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j RETURN --A limit-103 -m limit --limit 1/second -j LOG --A limit-103 -j DROP --A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j RETURN --A limit-104 -m limit --limit 1/second -j LOG --A limit-104 -j DROP --A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN --A limit-105 -m limit --limit 1/second -j LOG --A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j RETURN --A limit-106 -m limit --limit 1/second -j LOG --A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j RETURN --A limit-107 -m limit --limit 1/second -j LOG --A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j RETURN --A limit-108 -j DROP --A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN --A limit-109 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j RETURN --A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j RETURN --A limit-111 -j DROP --A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j RETURN --A limit-112 -j DROP --A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN --A limit-113 -j DROP --A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j RETURN --A limit-114 -j DROP --A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j RETURN --A limit-115 -j DROP --A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-118 -m limit --limit 1/second -j LOG --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-113 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-114 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-115 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-115 -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-117 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 --A limit-124 -m limit --limit 1/second -j LOG --A limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 --A limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 --A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 --A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-130 -m limit --limit 1/second -j LOG --A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-133 -m limit --limit 1/second -j LOG +-A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-136 -j RETURN -A limit-136 -m limit --limit 1/second -j LOG --A limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-136 -j DROP +-A limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-137 -j RETURN +-A limit-137 -m limit --limit 1/second -j LOG +-A limit-137 -j DROP +-A limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-138 -j RETURN +-A limit-138 -m limit --limit 1/second -j LOG +-A limit-138 -j DROP +-A limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-139 -j RETURN +-A limit-139 -m limit --limit 1/second -j LOG +-A limit-139 -j DROP -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-140 -j RETURN +-A limit-140 -m limit --limit 1/second -j LOG +-A limit-140 -j DROP +-A limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-141 -j RETURN +-A limit-141 -m limit --limit 1/second -j LOG +-A limit-141 -j DROP +-A limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-142 -j RETURN -A limit-142 -m limit --limit 1/second -j LOG --A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-148 -m limit --limit 1/second -j LOG --A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-142 -j DROP +-A limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-143 -j RETURN +-A limit-143 -m limit --limit 1/second -j LOG +-A limit-143 -j DROP +-A limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-144 -j RETURN +-A limit-144 -j DROP +-A limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-145 -j RETURN +-A limit-145 -j DROP +-A limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-146 -j RETURN +-A limit-146 -j DROP +-A limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-147 -j RETURN +-A limit-147 -j DROP +-A limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-148 -j RETURN +-A limit-148 -j DROP +-A limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-149 -j RETURN +-A limit-149 -j DROP -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-150 -j RETURN +-A limit-150 -j DROP +-A limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-151 -j RETURN +-A limit-151 -j DROP +-A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 +-A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 -A limit-154 -m limit --limit 1/second -j LOG --A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-158 -j ACCEPT --A limit-158 -m limit --limit 1/second -j LOG --A limit-158 -j DROP --A limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-159 -j RETURN --A limit-159 -m limit --limit 1/second -j LOG --A limit-159 -j DROP +-A limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 +-A limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 +-A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 +-A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-55 +-A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-56 +-A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-160 -j logaccept-4 +-A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-57 -A limit-160 -m limit --limit 1/second -j LOG --A limit-160 -j DROP --A limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-161 -j ACCEPT --A limit-161 -m limit --limit 1/second -j LOG --A limit-161 -j DROP --A limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-162 -j ACCEPT --A limit-162 -m limit --limit 1/second -j LOG --A limit-162 -j DROP --A limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-163 -j RETURN --A limit-163 -m limit --limit 1/second -j LOG --A limit-163 -j DROP --A limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-164 -j logaccept-5 --A limit-164 -m limit --limit 1/second -j LOG --A limit-164 -j DROP --A limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-165 -j ACCEPT --A limit-165 -m limit --limit 1/second -j LOG --A limit-165 -j DROP --A limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-166 -j ACCEPT --A limit-166 -j DROP --A limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-167 -j RETURN --A limit-167 -j DROP --A limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-168 -j logaccept-6 --A limit-168 -j DROP --A limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-169 -j ACCEPT --A limit-169 -j DROP +-A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-58 +-A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-59 +-A limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-60 +-A limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 +-A limit-166 -m limit --limit 1/second -j LOG +-A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 +-A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 +-A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 +-A limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-170 -j ACCEPT --A limit-170 -j DROP --A limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-171 -j RETURN --A limit-171 -j DROP --A limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-172 -j logaccept-7 --A limit-172 -j DROP --A limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-173 -j ACCEPT --A limit-173 -j DROP --A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-170 -j ACCEPT +-A limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-172 -m limit --limit 1/second -j LOG +-A limit-172 -j ACCEPT +-A limit-173 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-173 -m limit --limit 1/second -j LOG +-A limit-174 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-174 -j ACCEPT +-A limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-178 -m limit --limit 1/second -j LOG +-A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-18 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19 +-A limit-18 -j ACCEPT +-A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-184 -m limit --limit 1/second -j LOG +-A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-188 -j ACCEPT +-A limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-190 -m limit --limit 1/second -j LOG +-A limit-190 -j ACCEPT +-A limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-191 -m limit --limit 1/second -j LOG +-A limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-192 -j ACCEPT +-A limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m limit --limit 1/second -j LOG +-A limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-20 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG --A limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-20 -j ACCEPT +-A limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-202 -m limit --limit 1/second -j LOG +-A limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-206 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-206 -j ACCEPT +-A limit-208 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -m limit --limit 1/second -j LOG +-A limit-208 -j ACCEPT +-A limit-209 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-209 -m limit --limit 1/second -j LOG +-A limit-21 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22 +-A limit-21 -m limit --limit 1/second -j LOG +-A limit-210 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-210 -j ACCEPT +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j ACCEPT +-A limit-212 -m limit --limit 1/second -j LOG +-A limit-212 -j DROP +-A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN +-A limit-213 -m limit --limit 1/second -j LOG +-A limit-213 -j DROP +-A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j logaccept-4 +-A limit-214 -m limit --limit 1/second -j LOG +-A limit-214 -j DROP +-A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j ACCEPT +-A limit-215 -m limit --limit 1/second -j LOG +-A limit-215 -j DROP +-A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j ACCEPT +-A limit-216 -m limit --limit 1/second -j LOG +-A limit-216 -j DROP +-A limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN +-A limit-217 -m limit --limit 1/second -j LOG +-A limit-217 -j DROP +-A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j logaccept-5 +-A limit-218 -m limit --limit 1/second -j LOG +-A limit-218 -j DROP +-A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j ACCEPT +-A limit-219 -m limit --limit 1/second -j LOG +-A limit-219 -j DROP +-A limit-22 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23 +-A limit-22 -j ACCEPT +-A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j ACCEPT +-A limit-220 -j DROP +-A limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN +-A limit-221 -j DROP +-A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j logaccept-6 +-A limit-222 -j DROP +-A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j ACCEPT +-A limit-223 -j DROP +-A limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-224 -j ACCEPT +-A limit-224 -j DROP +-A limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-225 -j RETURN +-A limit-225 -j DROP +-A limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-226 -j logaccept-7 +-A limit-226 -j DROP +-A limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-227 -j ACCEPT +-A limit-227 -j DROP +-A limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-32 -m limit --limit 1/second -j LOG --A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-36 -j ACCEPT +-A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG --A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-38 -j ACCEPT +-A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-42 -j ACCEPT --A limit-42 -m limit --limit 1/second -j LOG --A limit-42 -j DROP --A limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-43 -j RETURN --A limit-43 -m limit --limit 1/second -j LOG --A limit-43 -j DROP --A limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-44 -j logaccept-0 +-A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-40 -j ACCEPT +-A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG --A limit-44 -j DROP --A limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-45 -j ACCEPT --A limit-45 -m limit --limit 1/second -j LOG --A limit-45 -j DROP --A limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-46 -j ACCEPT --A limit-46 -m limit --limit 1/second -j LOG --A limit-46 -j DROP --A limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-47 -j RETURN --A limit-47 -m limit --limit 1/second -j LOG --A limit-47 -j DROP --A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j logaccept-1 --A limit-48 -m limit --limit 1/second -j LOG --A limit-48 -j DROP --A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j ACCEPT --A limit-49 -m limit --limit 1/second -j LOG --A limit-49 -j DROP +-A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j ACCEPT --A limit-50 -j DROP --A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN --A limit-51 -j DROP --A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j logaccept-2 --A limit-52 -j DROP --A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j ACCEPT --A limit-53 -j DROP --A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j ACCEPT --A limit-54 -j DROP --A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN --A limit-55 -j DROP --A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j logaccept-3 --A limit-56 -j DROP --A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j ACCEPT --A limit-57 -j DROP --A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 --A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 --A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m limit --limit 1/second -j LOG +-A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-54 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-54 -j ACCEPT +-A limit-56 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-56 -m limit --limit 1/second -j LOG +-A limit-56 -j ACCEPT +-A limit-57 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m limit --limit 1/second -j LOG +-A limit-58 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-58 -j ACCEPT -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 --A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-60 -j ACCEPT +-A limit-60 -m limit --limit 1/second -j LOG +-A limit-60 -j DROP +-A limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-61 -j RETURN +-A limit-61 -m limit --limit 1/second -j LOG +-A limit-61 -j DROP +-A limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-62 -j logaccept-0 +-A limit-62 -m limit --limit 1/second -j LOG +-A limit-62 -j DROP +-A limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-63 -j ACCEPT +-A limit-63 -m limit --limit 1/second -j LOG +-A limit-63 -j DROP +-A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j ACCEPT +-A limit-64 -m limit --limit 1/second -j LOG +-A limit-64 -j DROP +-A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN +-A limit-65 -m limit --limit 1/second -j LOG +-A limit-65 -j DROP +-A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j logaccept-1 +-A limit-66 -m limit --limit 1/second -j LOG +-A limit-66 -j DROP +-A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j ACCEPT +-A limit-67 -m limit --limit 1/second -j LOG +-A limit-67 -j DROP +-A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j ACCEPT +-A limit-68 -j DROP +-A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN +-A limit-69 -j DROP -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j logaccept-2 +-A limit-70 -j DROP +-A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j ACCEPT +-A limit-71 -j DROP +-A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j ACCEPT +-A limit-72 -j DROP +-A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN +-A limit-73 -j DROP +-A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j logaccept-3 +-A limit-74 -j DROP +-A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j ACCEPT +-A limit-75 -j DROP +-A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 -A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 -A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 -A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 -A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 -A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-43 +-A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-45 +-A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-97 -m limit --limit 1/second -j LOG +-A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-47 +-A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-48 -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -1262,6 +1540,12 @@ -A logaccept-final-1 -j ACCEPT -A logaccept-final-10 -m limit --limit 1/second -j LOG -A logaccept-final-10 -j ACCEPT +-A logaccept-final-11 -m limit --limit 1/second -j LOG +-A logaccept-final-11 -j ACCEPT +-A logaccept-final-12 -m limit --limit 1/second -j LOG +-A logaccept-final-12 -j ACCEPT +-A logaccept-final-13 -m limit --limit 1/second -j LOG +-A logaccept-final-13 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -1304,16 +1588,12 @@ -A logdrop-19 -j DROP -A logdrop-2 -m limit --limit 1/second -j LOG -A logdrop-2 -j DROP --A logdrop-20 -m limit --limit 1/second -j LOG --A logdrop-20 -j DROP -A logdrop-21 -m limit --limit 1/second -j LOG -A logdrop-21 -j DROP -A logdrop-22 -m limit --limit 1/second -j LOG -A logdrop-22 -j DROP -A logdrop-23 -m limit --limit 1/second -j LOG -A logdrop-23 -j DROP --A logdrop-24 -m limit --limit 1/second -j LOG --A logdrop-24 -j DROP -A logdrop-25 -m limit --limit 1/second -j LOG -A logdrop-25 -j DROP -A logdrop-26 -m limit --limit 1/second -j LOG @@ -1384,10 +1664,42 @@ -A logdrop-55 -j DROP -A logdrop-56 -m limit --limit 1/second -j LOG -A logdrop-56 -j DROP +-A logdrop-57 -m limit --limit 1/second -j LOG +-A logdrop-57 -j DROP +-A logdrop-58 -m limit --limit 1/second -j LOG +-A logdrop-58 -j DROP +-A logdrop-59 -m limit --limit 1/second -j LOG +-A logdrop-59 -j DROP -A logdrop-6 -m limit --limit 1/second -j LOG -A logdrop-6 -j DROP +-A logdrop-60 -m limit --limit 1/second -j LOG +-A logdrop-60 -j DROP +-A logdrop-61 -m limit --limit 1/second -j LOG +-A logdrop-61 -j DROP +-A logdrop-62 -m limit --limit 1/second -j LOG +-A logdrop-62 -j DROP +-A logdrop-63 -m limit --limit 1/second -j LOG +-A logdrop-63 -j DROP +-A logdrop-64 -m limit --limit 1/second -j LOG +-A logdrop-64 -j DROP +-A logdrop-65 -m limit --limit 1/second -j LOG +-A logdrop-65 -j DROP +-A logdrop-66 -m limit --limit 1/second -j LOG +-A logdrop-66 -j DROP +-A logdrop-67 -m limit --limit 1/second -j LOG +-A logdrop-67 -j DROP +-A logdrop-69 -m limit --limit 1/second -j LOG +-A logdrop-69 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG -A logdrop-7 -j DROP +-A logdrop-70 -m limit --limit 1/second -j LOG +-A logdrop-70 -j DROP +-A logdrop-71 -m limit --limit 1/second -j LOG +-A logdrop-71 -j DROP +-A logdrop-73 -m limit --limit 1/second -j LOG +-A logdrop-73 -j DROP +-A logdrop-74 -m limit --limit 1/second -j LOG +-A logdrop-74 -j DROP -A logdrop-8 -m limit --limit 1/second -j LOG -A logdrop-8 -j DROP -A logdrop-9 -m limit --limit 1/second -j LOG @@ -1447,6 +1759,15 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -1510,6 +1831,24 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack |