diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 16:36:10 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 16:36:10 +0300 |
commit | a4b108a3572907619ff5cda527e98ac0013eae14 (patch) | |
tree | 9875e8fa6797d4be012c1aef1ff8781755f02017 /test | |
parent | 093ab9d40d00913e097707fc77f1a64e48c7898a (diff) | |
download | awall-a4b108a3572907619ff5cda527e98ac0013eae14.tar.bz2 awall-a4b108a3572907619ff5cda527e98ac0013eae14.tar.xz |
test: filter-limit: interval
Diffstat (limited to 'test')
-rw-r--r-- | test/mandatory/filter-limit.lua | 26 | ||||
-rw-r--r-- | test/output/dump | 17512 | ||||
-rw-r--r-- | test/output/rules-save | 3960 | ||||
-rw-r--r-- | test/output/rules6-save | 3960 |
4 files changed, 19281 insertions, 6177 deletions
diff --git a/test/mandatory/filter-limit.lua b/test/mandatory/filter-limit.lua index 02cd815..dea2c0c 100644 --- a/test/mandatory/filter-limit.lua +++ b/test/mandatory/filter-limit.lua @@ -30,23 +30,25 @@ function add(limit_type, filter) local count = high_rate and 150 or 1 add_limit(count) - for _, log in ipairs{true, false, 'none'} do - local limit = {count=count} - if log ~= true then limit.log = log end + for _, interval in ipairs{false, 5} do + for _, log in ipairs{true, false, 'none'} do + local limit = {count=count, interval=interval or nil} + if log ~= true then limit.log = log end - add_limit(limit) + add_limit(limit) - if not high_rate then - limit.name = 'foo' + if not high_rate then + limit.name = 'foo' - for _, addr in ipairs{false, 'dest'} do - limit.addr = addr or nil + for _, addr in ipairs{false, 'dest'} do + limit.addr = addr or nil - limit.update = nil - add_limit(limit) + limit.update = nil + add_limit(limit) - limit.update = false - add_limit(limit) + limit.update = false + add_limit(limit) + end end end end diff --git a/test/output/dump b/test/output/dump index 51191b7..6e2da36 100644 --- a/test/output/dump +++ b/test/output/dump @@ -1246,230 +1246,1458 @@ Filter 102 {"action":"pass","conn-limit":{"addr":"dest", inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 103 {"conn-limit":150,"out":"B"} +Filter 103 {"conn-limit":{"count":1,"interval":5},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-96 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-96 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-96 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-96 - inet/filter/limit-96 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-96 -j ACCEPT - inet6/filter/limit-96 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-96 -j ACCEPT - inet/filter/limit-96 -m limit --limit 1/second -j LOG - inet6/filter/limit-96 -m limit --limit 1/second -j LOG - inet/filter/limit-96 -j DROP - inet6/filter/limit-96 -j DROP + inet/filter/limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-37 + inet6/filter/limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-37 + inet/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet/filter/logdrop-37 -j DROP + inet6/filter/logdrop-37 -j DROP + inet/filter/limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 104 {"action":"pass","conn-limit":150,"out":"B"} +Filter 104 {"action":"pass","conn-limit":{"count":1,"interval":5},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-97 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-97 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-97 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-97 - inet/filter/limit-97 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-97 -j RETURN - inet6/filter/limit-97 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-97 -j RETURN - inet/filter/limit-97 -m limit --limit 1/second -j LOG - inet6/filter/limit-97 -m limit --limit 1/second -j LOG - inet/filter/limit-97 -j DROP - inet6/filter/limit-97 -j DROP + inet/filter/limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-38 + inet6/filter/limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-38 + inet/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet/filter/logdrop-38 -j DROP + inet6/filter/logdrop-38 -j DROP + inet/filter/limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 105 {"conn-limit":150,"log":true,"out":"B"} +Filter 105 {"conn-limit":{"count":1,"interval":5},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-98 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-98 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-98 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-98 - inet/filter/limit-98 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-98 -j logaccept-0 - inet6/filter/limit-98 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-98 -j logaccept-0 - inet/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-0 -j ACCEPT - inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-39 + inet6/filter/limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-39 + inet/filter/logdrop-39 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-39 -m limit --limit 1/second -j LOG + inet/filter/logdrop-39 -j DROP + inet6/filter/logdrop-39 -j DROP inet/filter/limit-98 -m limit --limit 1/second -j LOG inet6/filter/limit-98 -m limit --limit 1/second -j LOG - inet/filter/limit-98 -j DROP - inet6/filter/limit-98 -j DROP + inet/filter/limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 106 {"conn-limit":150,"log":"none","out":"B"} +Filter 106 {"action":"pass","conn-limit":{"count":1,"interval":5},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-99 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-99 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-99 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-99 - inet/filter/limit-99 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-99 -j ACCEPT - inet6/filter/limit-99 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-99 -j ACCEPT - inet/filter/limit-99 -m limit --limit 1/second -j LOG - inet6/filter/limit-99 -m limit --limit 1/second -j LOG - inet/filter/limit-99 -j DROP - inet6/filter/limit-99 -j DROP + inet/filter/limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-40 + inet6/filter/limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-40 + inet/filter/logdrop-40 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-40 -m limit --limit 1/second -j LOG + inet/filter/logdrop-40 -j DROP + inet6/filter/logdrop-40 -j DROP + inet/filter/limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 107 {"conn-limit":{"count":150},"out":"B"} +Filter 107 {"conn-limit":{"count":1,"interval":5},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-100 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-100 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-100 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-100 - inet/filter/limit-100 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j ACCEPT - inet6/filter/limit-100 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j ACCEPT - inet/filter/limit-100 -m limit --limit 1/second -j LOG - inet6/filter/limit-100 -m limit --limit 1/second -j LOG - inet/filter/limit-100 -j DROP - inet6/filter/limit-100 -j DROP + inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-41 + inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-41 + inet/filter/logdrop-41 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-41 -m limit --limit 1/second -j LOG + inet/filter/logdrop-41 -j DROP + inet6/filter/logdrop-41 -j DROP + inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 108 {"action":"pass","conn-limit":{"count":150},"out":"B"} +Filter 108 {"action":"pass","conn-limit":{"count":1,"interval":5},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-101 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-101 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-101 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-101 - inet/filter/limit-101 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN - inet6/filter/limit-101 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN - inet/filter/limit-101 -m limit --limit 1/second -j LOG - inet6/filter/limit-101 -m limit --limit 1/second -j LOG - inet/filter/limit-101 -j DROP - inet6/filter/limit-101 -j DROP + inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-42 + inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-42 + inet/filter/logdrop-42 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-42 -m limit --limit 1/second -j LOG + inet/filter/logdrop-42 -j DROP + inet6/filter/logdrop-42 -j DROP + inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 109 {"conn-limit":{"count":150},"log":true,"out":"B"} +Filter 109 {"conn-limit":{"count":1,"interval":5,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-102 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-102 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-102 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-102 - inet/filter/limit-102 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j logaccept-1 - inet6/filter/limit-102 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j logaccept-1 - inet/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-1 -j ACCEPT - inet6/filter/logaccept-1 -j ACCEPT - inet/filter/limit-102 -m limit --limit 1/second -j LOG - inet6/filter/limit-102 -m limit --limit 1/second -j LOG - inet/filter/limit-102 -j DROP - inet6/filter/limit-102 -j DROP + inet/filter/limit-102 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-43 + inet6/filter/limit-102 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-43 + inet/filter/logdrop-43 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-43 -m limit --limit 1/second -j LOG + inet/filter/logdrop-43 -j DROP + inet6/filter/logdrop-43 -j DROP + inet/filter/limit-102 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-102 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 110 {"conn-limit":{"count":150},"log":"none","out":"B"} +Filter 110 {"action":"pass","conn-limit":{"count":1,"interval":5,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-103 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-103 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-103 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-103 - inet/filter/limit-103 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j ACCEPT - inet6/filter/limit-103 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j ACCEPT - inet/filter/limit-103 -m limit --limit 1/second -j LOG - inet6/filter/limit-103 -m limit --limit 1/second -j LOG - inet/filter/limit-103 -j DROP - inet6/filter/limit-103 -j DROP + inet/filter/limit-103 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-44 + inet6/filter/limit-103 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-44 + inet/filter/logdrop-44 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG + inet/filter/logdrop-44 -j DROP + inet6/filter/logdrop-44 -j DROP + inet/filter/limit-103 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-103 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 111 {"conn-limit":{"count":150,"log":false},"out":"B"} +Filter 111 {"conn-limit":{"count":1,"interval":5,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-104 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-104 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-104 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-104 - inet/filter/limit-104 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT - inet6/filter/limit-104 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT - inet/filter/limit-104 -j DROP - inet6/filter/limit-104 -j DROP + inet/filter/limit-104 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-45 + inet6/filter/limit-104 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-45 + inet/filter/logdrop-45 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-45 -m limit --limit 1/second -j LOG + inet/filter/logdrop-45 -j DROP + inet6/filter/logdrop-45 -j DROP + inet/filter/limit-104 -m limit --limit 1/second -j LOG + inet6/filter/limit-104 -m limit --limit 1/second -j LOG + inet/filter/limit-104 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-104 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 112 {"action":"pass","conn-limit":{"count":150,"log":false},"out":"B"} +Filter 112 {"action":"pass","conn-limit":{"count":1,"interval":5,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-105 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-105 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-105 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-105 - inet/filter/limit-105 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN - inet6/filter/limit-105 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN - inet/filter/limit-105 -j DROP - inet6/filter/limit-105 -j DROP + inet/filter/limit-105 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-46 + inet6/filter/limit-105 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-46 + inet/filter/logdrop-46 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-46 -m limit --limit 1/second -j LOG + inet/filter/logdrop-46 -j DROP + inet6/filter/logdrop-46 -j DROP + inet/filter/limit-105 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-105 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 113 {"conn-limit":{"count":150,"log":false},"log":true,"out":"B"} +Filter 113 {"conn-limit":{"count":1,"interval":5,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-106 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-106 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-106 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-106 - inet/filter/limit-106 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-2 - inet6/filter/limit-106 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-2 - inet/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-2 -j ACCEPT - inet6/filter/logaccept-2 -j ACCEPT - inet/filter/limit-106 -j DROP - inet6/filter/limit-106 -j DROP + inet/filter/limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-47 + inet6/filter/limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-47 + inet/filter/logdrop-47 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-47 -m limit --limit 1/second -j LOG + inet/filter/logdrop-47 -j DROP + inet6/filter/logdrop-47 -j DROP + inet/filter/limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 114 {"conn-limit":{"count":150,"log":false},"log":"none","out":"B"} +Filter 114 {"action":"pass","conn-limit":{"count":1,"interval":5,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-107 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-107 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-107 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-107 - inet/filter/limit-107 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT - inet6/filter/limit-107 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT - inet/filter/limit-107 -j DROP - inet6/filter/limit-107 -j DROP + inet/filter/limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-48 + inet6/filter/limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-48 + inet/filter/logdrop-48 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-48 -m limit --limit 1/second -j LOG + inet/filter/logdrop-48 -j DROP + inet6/filter/logdrop-48 -j DROP + inet/filter/limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 115 {"conn-limit":{"count":150,"log":"none"},"out":"B"} +Filter 115 {"conn-limit":{"count":1,"interval":5,"name":"foo","update":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-108 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-108 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-108 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-108 - inet/filter/limit-108 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT - inet6/filter/limit-108 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT - inet/filter/limit-108 -j DROP - inet6/filter/limit-108 -j DROP + inet/filter/limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-49 + inet6/filter/limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-49 + inet/filter/logdrop-49 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-49 -m limit --limit 1/second -j LOG + inet/filter/logdrop-49 -j DROP + inet6/filter/logdrop-49 -j DROP + inet/filter/limit-108 -j ACCEPT + inet6/filter/limit-108 -j ACCEPT -Filter 116 {"action":"pass","conn-limit":{"count":150,"log":"none"},"out":"B"} +Filter 116 {"action":"pass","conn-limit":{"count":1,"interval":5,"name":"foo","update":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-109 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-109 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-109 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-109 - inet/filter/limit-109 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN - inet6/filter/limit-109 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN - inet/filter/limit-109 -j DROP - inet6/filter/limit-109 -j DROP + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-50 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-50 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-50 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -Filter 117 {"conn-limit":{"count":150,"log":"none"},"log":true,"out":"B"} +Filter 117 {"conn-limit":{"count":1,"interval":5,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-110 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-110 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-110 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-110 - inet/filter/limit-110 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-3 - inet6/filter/limit-110 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-3 - inet/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-3 -j ACCEPT - inet6/filter/logaccept-3 -j ACCEPT - inet/filter/limit-110 -j DROP - inet6/filter/limit-110 -j DROP + inet/filter/limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-51 + inet6/filter/limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-51 + inet/filter/logdrop-51 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-51 -m limit --limit 1/second -j LOG + inet/filter/logdrop-51 -j DROP + inet6/filter/logdrop-51 -j DROP + inet/filter/limit-110 -m limit --limit 1/second -j LOG + inet6/filter/limit-110 -m limit --limit 1/second -j LOG + inet/filter/limit-110 -j ACCEPT + inet6/filter/limit-110 -j ACCEPT -Filter 118 {"conn-limit":{"count":150,"log":"none"},"log":"none","out":"B"} +Filter 118 {"action":"pass","conn-limit":{"count":1,"interval":5,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-111 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-111 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-111 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-111 - inet/filter/limit-111 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT - inet6/filter/limit-111 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT - inet/filter/limit-111 -j DROP - inet6/filter/limit-111 -j DROP - -Filter 119 {"flow-limit":1} -(filter-limit) - inet/filter/FORWARD -j limit-112 - inet6/filter/FORWARD -j limit-112 - inet/filter/INPUT -j limit-112 - inet6/filter/INPUT -j limit-112 - inet/filter/OUTPUT -j limit-112 - inet6/filter/OUTPUT -j limit-112 - inet/filter/limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 - inet6/filter/limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 - inet/filter/logdrop-37 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG - inet/filter/logdrop-37 -j DROP - inet6/filter/logdrop-37 -j DROP - inet/filter/limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-52 + inet6/filter/limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-52 + inet/filter/logdrop-52 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-52 -m limit --limit 1/second -j LOG + inet/filter/logdrop-52 -j DROP + inet6/filter/logdrop-52 -j DROP + inet/filter/limit-111 -m limit --limit 1/second -j LOG + inet6/filter/limit-111 -m limit --limit 1/second -j LOG + +Filter 119 {"conn-limit":{"count":1,"interval":5,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-112 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-112 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-112 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-112 + inet/filter/limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-53 + inet6/filter/limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-53 + inet/filter/logdrop-53 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-53 -m limit --limit 1/second -j LOG + inet/filter/logdrop-53 -j DROP + inet6/filter/logdrop-53 -j DROP + inet/filter/limit-112 -j ACCEPT + inet6/filter/limit-112 -j ACCEPT + +Filter 120 {"action":"pass","conn-limit":{"count":1,"interval":5,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-54 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-54 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-54 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-54 + +Filter 121 {"conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-114 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-114 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-114 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-114 + inet/filter/limit-114 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-55 + inet6/filter/limit-114 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-55 + inet/filter/logdrop-55 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-55 -m limit --limit 1/second -j LOG + inet/filter/logdrop-55 -j DROP + inet6/filter/logdrop-55 -j DROP + inet/filter/limit-114 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-114 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 122 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-115 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-115 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-115 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-115 + inet/filter/limit-115 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-56 + inet6/filter/limit-115 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-56 + inet/filter/logdrop-56 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG + inet/filter/logdrop-56 -j DROP + inet6/filter/logdrop-56 -j DROP + inet/filter/limit-115 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-115 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 123 {"conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-116 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-116 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-116 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-116 + inet/filter/limit-116 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-57 + inet6/filter/limit-116 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-57 + inet/filter/logdrop-57 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-57 -m limit --limit 1/second -j LOG + inet/filter/logdrop-57 -j DROP + inet6/filter/logdrop-57 -j DROP + inet/filter/limit-116 -m limit --limit 1/second -j LOG + inet6/filter/limit-116 -m limit --limit 1/second -j LOG + inet/filter/limit-116 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-116 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 124 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-117 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-117 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-117 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-117 + inet/filter/limit-117 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-58 + inet6/filter/limit-117 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-58 + inet/filter/logdrop-58 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-58 -m limit --limit 1/second -j LOG + inet/filter/logdrop-58 -j DROP + inet6/filter/logdrop-58 -j DROP + inet/filter/limit-117 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-117 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 125 {"conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-118 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-118 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-118 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-118 + inet/filter/limit-118 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-59 + inet6/filter/limit-118 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-59 + inet/filter/logdrop-59 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-59 -m limit --limit 1/second -j LOG + inet/filter/logdrop-59 -j DROP + inet6/filter/logdrop-59 -j DROP + inet/filter/limit-118 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-118 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 126 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-119 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-119 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-119 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-119 + inet/filter/limit-119 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-60 + inet6/filter/limit-119 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-60 + inet/filter/logdrop-60 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-60 -m limit --limit 1/second -j LOG + inet/filter/logdrop-60 -j DROP + inet6/filter/logdrop-60 -j DROP + inet/filter/limit-119 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-119 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 127 {"conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-120 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-120 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-120 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-120 + inet/filter/limit-120 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-61 + inet6/filter/limit-120 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-61 + inet/filter/logdrop-61 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-61 -m limit --limit 1/second -j LOG + inet/filter/logdrop-61 -j DROP + inet6/filter/logdrop-61 -j DROP + inet/filter/limit-120 -j ACCEPT + inet6/filter/limit-120 -j ACCEPT + +Filter 128 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-62 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-62 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-62 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-62 + +Filter 129 {"conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-122 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-122 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-122 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-122 + inet/filter/limit-122 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-63 + inet6/filter/limit-122 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-63 + inet/filter/logdrop-63 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-63 -m limit --limit 1/second -j LOG + inet/filter/logdrop-63 -j DROP + inet6/filter/logdrop-63 -j DROP + inet/filter/limit-122 -m limit --limit 1/second -j LOG + inet6/filter/limit-122 -m limit --limit 1/second -j LOG + inet/filter/limit-122 -j ACCEPT + inet6/filter/limit-122 -j ACCEPT + +Filter 130 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-123 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-123 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-123 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-123 + inet/filter/limit-123 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-64 + inet6/filter/limit-123 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-64 + inet/filter/logdrop-64 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-64 -m limit --limit 1/second -j LOG + inet/filter/logdrop-64 -j DROP + inet6/filter/logdrop-64 -j DROP + inet/filter/limit-123 -m limit --limit 1/second -j LOG + inet6/filter/limit-123 -m limit --limit 1/second -j LOG + +Filter 131 {"conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-124 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-124 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-124 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-124 + inet/filter/limit-124 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-65 + inet6/filter/limit-124 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-65 + inet/filter/logdrop-65 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-65 -m limit --limit 1/second -j LOG + inet/filter/logdrop-65 -j DROP + inet6/filter/logdrop-65 -j DROP + inet/filter/limit-124 -j ACCEPT + inet6/filter/limit-124 -j ACCEPT + +Filter 132 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-66 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-66 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-66 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-66 + +Filter 133 {"conn-limit":{"count":1,"interval":5,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-126 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-126 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-126 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-126 + inet/filter/limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 134 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-127 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-127 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-127 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-127 + inet/filter/limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 135 {"conn-limit":{"count":1,"interval":5,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-128 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-128 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-128 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-128 + inet/filter/limit-128 -m recent --name limit-128 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-128 -m recent --name limit-128 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-128 -m limit --limit 1/second -j LOG + inet6/filter/limit-128 -m limit --limit 1/second -j LOG + inet/filter/limit-128 -m recent --name limit-128 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-128 -m recent --name limit-128 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 136 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-129 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-129 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-129 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-129 + inet/filter/limit-129 -m recent --name limit-129 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-129 -m recent --name limit-129 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-129 -m recent --name limit-129 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-129 -m recent --name limit-129 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 137 {"conn-limit":{"count":1,"interval":5,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-130 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-130 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-130 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-130 + inet/filter/limit-130 -m recent --name limit-130 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-130 -m recent --name limit-130 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-130 -m recent --name limit-130 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-130 -m recent --name limit-130 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 138 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-131 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-131 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-131 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-131 + inet/filter/limit-131 -m recent --name limit-131 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-131 -m recent --name limit-131 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-131 -m recent --name limit-131 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-131 -m recent --name limit-131 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 139 {"conn-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-132 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-132 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-132 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-132 + inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 140 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-133 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-133 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-133 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-133 + inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 141 {"conn-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-134 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-134 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-134 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-134 + inet/filter/limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-134 -m limit --limit 1/second -j LOG + inet6/filter/limit-134 -m limit --limit 1/second -j LOG + inet/filter/limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 142 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-135 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-135 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-135 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-135 + inet/filter/limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 143 {"conn-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-136 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-136 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-136 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-136 + inet/filter/limit-136 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-136 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-136 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-136 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 144 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-137 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-137 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-137 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-137 + inet/filter/limit-137 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-137 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-137 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-137 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 145 {"conn-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-138 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-138 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-138 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-138 + inet/filter/limit-138 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-138 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-138 -j ACCEPT + inet6/filter/limit-138 -j ACCEPT + +Filter 146 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 147 {"conn-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-140 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-140 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-140 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-140 + inet/filter/limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-140 -m limit --limit 1/second -j LOG + inet6/filter/limit-140 -m limit --limit 1/second -j LOG + inet/filter/limit-140 -j ACCEPT + inet6/filter/limit-140 -j ACCEPT + +Filter 148 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-141 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-141 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-141 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-141 + inet/filter/limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-141 -m limit --limit 1/second -j LOG + inet6/filter/limit-141 -m limit --limit 1/second -j LOG + +Filter 149 {"conn-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-142 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-142 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-142 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-142 + inet/filter/limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-142 -j ACCEPT + inet6/filter/limit-142 -j ACCEPT + +Filter 150 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 151 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-144 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-144 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-144 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-144 + inet/filter/limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 152 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-145 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-145 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-145 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-145 + inet/filter/limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 153 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-146 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-146 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-146 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-146 + inet/filter/limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-146 -m limit --limit 1/second -j LOG + inet6/filter/limit-146 -m limit --limit 1/second -j LOG + inet/filter/limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 154 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-147 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-147 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-147 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-147 + inet/filter/limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 155 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-148 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-148 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-148 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-148 + inet/filter/limit-148 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-148 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-148 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-148 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 156 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-149 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-149 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-149 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-149 + inet/filter/limit-149 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-149 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-149 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-149 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 157 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-150 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-150 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-150 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-150 + inet/filter/limit-150 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-150 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-150 -j ACCEPT + inet6/filter/limit-150 -j ACCEPT + +Filter 158 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 159 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-152 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-152 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-152 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-152 + inet/filter/limit-152 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-152 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-152 -m limit --limit 1/second -j LOG + inet6/filter/limit-152 -m limit --limit 1/second -j LOG + inet/filter/limit-152 -j ACCEPT + inet6/filter/limit-152 -j ACCEPT + +Filter 160 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-153 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-153 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-153 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-153 + inet/filter/limit-153 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-153 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-153 -m limit --limit 1/second -j LOG + inet6/filter/limit-153 -m limit --limit 1/second -j LOG + +Filter 161 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-154 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-154 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-154 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-154 + inet/filter/limit-154 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-154 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-154 -j ACCEPT + inet6/filter/limit-154 -j ACCEPT + +Filter 162 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 163 {"conn-limit":{"count":1,"interval":5,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-156 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-156 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-156 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-156 + inet/filter/limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 164 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-157 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-157 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-157 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-157 + inet/filter/limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 165 {"conn-limit":{"count":1,"interval":5,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-158 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-158 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-158 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-158 + inet/filter/limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-158 -m limit --limit 1/second -j LOG + inet6/filter/limit-158 -m limit --limit 1/second -j LOG + inet/filter/limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 166 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-159 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-159 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-159 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-159 + inet/filter/limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 167 {"conn-limit":{"count":1,"interval":5,"log":"none"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-160 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-160 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-160 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-160 + inet/filter/limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 168 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-161 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-161 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-161 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-161 + inet/filter/limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 169 {"conn-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-162 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-162 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-162 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-162 + inet/filter/limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 170 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-163 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-163 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-163 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-163 + inet/filter/limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 171 {"conn-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-164 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-164 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-164 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-164 + inet/filter/limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-164 -m limit --limit 1/second -j LOG + inet6/filter/limit-164 -m limit --limit 1/second -j LOG + inet/filter/limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 172 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-165 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-165 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-165 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-165 + inet/filter/limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 173 {"conn-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-166 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-166 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-166 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-166 + inet/filter/limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 174 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-167 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-167 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-167 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-167 + inet/filter/limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 175 {"conn-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-168 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-168 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-168 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-168 + inet/filter/limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-168 -j ACCEPT + inet6/filter/limit-168 -j ACCEPT + +Filter 176 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 177 {"conn-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-170 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-170 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-170 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-170 + inet/filter/limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-170 -m limit --limit 1/second -j LOG + inet6/filter/limit-170 -m limit --limit 1/second -j LOG + inet/filter/limit-170 -j ACCEPT + inet6/filter/limit-170 -j ACCEPT + +Filter 178 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-171 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-171 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-171 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-171 + inet/filter/limit-171 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-171 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-171 -m limit --limit 1/second -j LOG + inet6/filter/limit-171 -m limit --limit 1/second -j LOG + +Filter 179 {"conn-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-172 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-172 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-172 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-172 + inet/filter/limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-172 -j ACCEPT + inet6/filter/limit-172 -j ACCEPT + +Filter 180 {"action":"pass","conn-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 181 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-174 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-174 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-174 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-174 + inet/filter/limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 182 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-175 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-175 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-175 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-175 + inet/filter/limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 183 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-176 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-176 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-176 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-176 + inet/filter/limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-176 -m limit --limit 1/second -j LOG + inet6/filter/limit-176 -m limit --limit 1/second -j LOG + inet/filter/limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 184 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-177 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-177 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-177 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-177 + inet/filter/limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 185 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-178 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-178 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-178 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-178 + inet/filter/limit-178 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-178 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-178 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-178 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 186 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-179 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-179 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-179 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-179 + inet/filter/limit-179 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-179 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-179 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-179 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 187 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-180 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-180 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-180 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-180 + inet/filter/limit-180 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-180 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-180 -j ACCEPT + inet6/filter/limit-180 -j ACCEPT + +Filter 188 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 189 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-182 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-182 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-182 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-182 + inet/filter/limit-182 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-182 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-182 -m limit --limit 1/second -j LOG + inet6/filter/limit-182 -m limit --limit 1/second -j LOG + inet/filter/limit-182 -j ACCEPT + inet6/filter/limit-182 -j ACCEPT + +Filter 190 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-183 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-183 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-183 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-183 + inet/filter/limit-183 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-183 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-183 -m limit --limit 1/second -j LOG + inet6/filter/limit-183 -m limit --limit 1/second -j LOG + +Filter 191 {"conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-184 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-184 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-184 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-184 + inet/filter/limit-184 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-184 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-184 -j ACCEPT + inet6/filter/limit-184 -j ACCEPT + +Filter 192 {"action":"pass","conn-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 193 {"conn-limit":150,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-186 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-186 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-186 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-186 + inet/filter/limit-186 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-186 -j ACCEPT + inet6/filter/limit-186 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-186 -j ACCEPT + inet/filter/limit-186 -m limit --limit 1/second -j LOG + inet6/filter/limit-186 -m limit --limit 1/second -j LOG + inet/filter/limit-186 -j DROP + inet6/filter/limit-186 -j DROP + +Filter 194 {"action":"pass","conn-limit":150,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-187 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-187 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-187 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-187 + inet/filter/limit-187 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-187 -j RETURN + inet6/filter/limit-187 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-187 -j RETURN + inet/filter/limit-187 -m limit --limit 1/second -j LOG + inet6/filter/limit-187 -m limit --limit 1/second -j LOG + inet/filter/limit-187 -j DROP + inet6/filter/limit-187 -j DROP + +Filter 195 {"conn-limit":150,"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-188 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-188 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-188 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-188 + inet/filter/limit-188 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-188 -j logaccept-0 + inet6/filter/limit-188 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-188 -j logaccept-0 + inet/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-0 -j ACCEPT + inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-188 -m limit --limit 1/second -j LOG + inet6/filter/limit-188 -m limit --limit 1/second -j LOG + inet/filter/limit-188 -j DROP + inet6/filter/limit-188 -j DROP + +Filter 196 {"conn-limit":150,"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-189 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-189 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-189 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-189 + inet/filter/limit-189 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-189 -j ACCEPT + inet6/filter/limit-189 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-189 -j ACCEPT + inet/filter/limit-189 -m limit --limit 1/second -j LOG + inet6/filter/limit-189 -m limit --limit 1/second -j LOG + inet/filter/limit-189 -j DROP + inet6/filter/limit-189 -j DROP + +Filter 197 {"conn-limit":{"count":150},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-190 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-190 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-190 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-190 + inet/filter/limit-190 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-190 -j ACCEPT + inet6/filter/limit-190 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-190 -j ACCEPT + inet/filter/limit-190 -m limit --limit 1/second -j LOG + inet6/filter/limit-190 -m limit --limit 1/second -j LOG + inet/filter/limit-190 -j DROP + inet6/filter/limit-190 -j DROP + +Filter 198 {"action":"pass","conn-limit":{"count":150},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-191 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-191 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-191 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-191 + inet/filter/limit-191 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-191 -j RETURN + inet6/filter/limit-191 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-191 -j RETURN + inet/filter/limit-191 -m limit --limit 1/second -j LOG + inet6/filter/limit-191 -m limit --limit 1/second -j LOG + inet/filter/limit-191 -j DROP + inet6/filter/limit-191 -j DROP + +Filter 199 {"conn-limit":{"count":150},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-192 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-192 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-192 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-192 + inet/filter/limit-192 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-192 -j logaccept-1 + inet6/filter/limit-192 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-192 -j logaccept-1 + inet/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-1 -j ACCEPT + inet6/filter/logaccept-1 -j ACCEPT + inet/filter/limit-192 -m limit --limit 1/second -j LOG + inet6/filter/limit-192 -m limit --limit 1/second -j LOG + inet/filter/limit-192 -j DROP + inet6/filter/limit-192 -j DROP + +Filter 200 {"conn-limit":{"count":150},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-193 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-193 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-193 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-193 + inet/filter/limit-193 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-193 -j ACCEPT + inet6/filter/limit-193 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-193 -j ACCEPT + inet/filter/limit-193 -m limit --limit 1/second -j LOG + inet6/filter/limit-193 -m limit --limit 1/second -j LOG + inet/filter/limit-193 -j DROP + inet6/filter/limit-193 -j DROP + +Filter 201 {"conn-limit":{"count":150,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-194 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-194 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-194 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-194 + inet/filter/limit-194 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-194 -j ACCEPT + inet6/filter/limit-194 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-194 -j ACCEPT + inet/filter/limit-194 -j DROP + inet6/filter/limit-194 -j DROP + +Filter 202 {"action":"pass","conn-limit":{"count":150,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-195 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-195 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-195 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-195 + inet/filter/limit-195 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-195 -j RETURN + inet6/filter/limit-195 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-195 -j RETURN + inet/filter/limit-195 -j DROP + inet6/filter/limit-195 -j DROP + +Filter 203 {"conn-limit":{"count":150,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-196 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-196 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-196 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-196 + inet/filter/limit-196 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-196 -j logaccept-2 + inet6/filter/limit-196 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-196 -j logaccept-2 + inet/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-2 -j ACCEPT + inet6/filter/logaccept-2 -j ACCEPT + inet/filter/limit-196 -j DROP + inet6/filter/limit-196 -j DROP + +Filter 204 {"conn-limit":{"count":150,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-197 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-197 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-197 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-197 + inet/filter/limit-197 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-197 -j ACCEPT + inet6/filter/limit-197 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-197 -j ACCEPT + inet/filter/limit-197 -j DROP + inet6/filter/limit-197 -j DROP + +Filter 205 {"conn-limit":{"count":150,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-198 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-198 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-198 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-198 + inet/filter/limit-198 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-198 -j ACCEPT + inet6/filter/limit-198 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-198 -j ACCEPT + inet/filter/limit-198 -j DROP + inet6/filter/limit-198 -j DROP + +Filter 206 {"action":"pass","conn-limit":{"count":150,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-199 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-199 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-199 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-199 + inet/filter/limit-199 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-199 -j RETURN + inet6/filter/limit-199 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-199 -j RETURN + inet/filter/limit-199 -j DROP + inet6/filter/limit-199 -j DROP + +Filter 207 {"conn-limit":{"count":150,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-200 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-200 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-200 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-200 + inet/filter/limit-200 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-200 -j logaccept-3 + inet6/filter/limit-200 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-200 -j logaccept-3 + inet/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-3 -j ACCEPT + inet6/filter/logaccept-3 -j ACCEPT + inet/filter/limit-200 -j DROP + inet6/filter/limit-200 -j DROP + +Filter 208 {"conn-limit":{"count":150,"log":"none"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-201 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-201 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-201 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-201 + inet/filter/limit-201 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-201 -j ACCEPT + inet6/filter/limit-201 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-201 -j ACCEPT + inet/filter/limit-201 -j DROP + inet6/filter/limit-201 -j DROP + +Filter 209 {"conn-limit":{"count":150,"interval":5},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-202 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-202 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-202 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-202 + inet/filter/limit-202 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-202 -j ACCEPT + inet6/filter/limit-202 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-202 -j ACCEPT + inet/filter/limit-202 -m limit --limit 1/second -j LOG + inet6/filter/limit-202 -m limit --limit 1/second -j LOG + inet/filter/limit-202 -j DROP + inet6/filter/limit-202 -j DROP + +Filter 210 {"action":"pass","conn-limit":{"count":150,"interval":5},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-203 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-203 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-203 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-203 + inet/filter/limit-203 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-203 -j RETURN + inet6/filter/limit-203 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-203 -j RETURN + inet/filter/limit-203 -m limit --limit 1/second -j LOG + inet6/filter/limit-203 -m limit --limit 1/second -j LOG + inet/filter/limit-203 -j DROP + inet6/filter/limit-203 -j DROP + +Filter 211 {"conn-limit":{"count":150,"interval":5},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-204 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-204 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-204 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-204 + inet/filter/limit-204 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-204 -j logaccept-4 + inet6/filter/limit-204 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-204 -j logaccept-4 + inet/filter/logaccept-4 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG + inet/filter/logaccept-4 -j ACCEPT + inet6/filter/logaccept-4 -j ACCEPT + inet/filter/limit-204 -m limit --limit 1/second -j LOG + inet6/filter/limit-204 -m limit --limit 1/second -j LOG + inet/filter/limit-204 -j DROP + inet6/filter/limit-204 -j DROP + +Filter 212 {"conn-limit":{"count":150,"interval":5},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-205 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-205 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-205 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-205 + inet/filter/limit-205 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-205 -j ACCEPT + inet6/filter/limit-205 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-205 -j ACCEPT + inet/filter/limit-205 -m limit --limit 1/second -j LOG + inet6/filter/limit-205 -m limit --limit 1/second -j LOG + inet/filter/limit-205 -j DROP + inet6/filter/limit-205 -j DROP + +Filter 213 {"conn-limit":{"count":150,"interval":5,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-206 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-206 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-206 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-206 + inet/filter/limit-206 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-206 -j ACCEPT + inet6/filter/limit-206 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-206 -j ACCEPT + inet/filter/limit-206 -j DROP + inet6/filter/limit-206 -j DROP + +Filter 214 {"action":"pass","conn-limit":{"count":150,"interval":5,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-207 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-207 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-207 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-207 + inet/filter/limit-207 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-207 -j RETURN + inet6/filter/limit-207 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-207 -j RETURN + inet/filter/limit-207 -j DROP + inet6/filter/limit-207 -j DROP + +Filter 215 {"conn-limit":{"count":150,"interval":5,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-208 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-208 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-208 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-208 + inet/filter/limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j logaccept-5 + inet6/filter/limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j logaccept-5 + inet/filter/logaccept-5 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-5 -m limit --limit 1/second -j LOG + inet/filter/logaccept-5 -j ACCEPT + inet6/filter/logaccept-5 -j ACCEPT + inet/filter/limit-208 -j DROP + inet6/filter/limit-208 -j DROP + +Filter 216 {"conn-limit":{"count":150,"interval":5,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-209 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-209 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-209 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-209 + inet/filter/limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j ACCEPT + inet6/filter/limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j ACCEPT + inet/filter/limit-209 -j DROP + inet6/filter/limit-209 -j DROP + +Filter 217 {"conn-limit":{"count":150,"interval":5,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-210 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-210 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-210 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-210 + inet/filter/limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j ACCEPT + inet6/filter/limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j ACCEPT + inet/filter/limit-210 -j DROP + inet6/filter/limit-210 -j DROP + +Filter 218 {"action":"pass","conn-limit":{"count":150,"interval":5,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-211 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-211 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-211 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-211 + inet/filter/limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN + inet6/filter/limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN + inet/filter/limit-211 -j DROP + inet6/filter/limit-211 -j DROP + +Filter 219 {"conn-limit":{"count":150,"interval":5,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-212 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-212 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-212 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-212 + inet/filter/limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j logaccept-6 + inet6/filter/limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j logaccept-6 + inet/filter/logaccept-6 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG + inet/filter/logaccept-6 -j ACCEPT + inet6/filter/logaccept-6 -j ACCEPT + inet/filter/limit-212 -j DROP + inet6/filter/limit-212 -j DROP + +Filter 220 {"conn-limit":{"count":150,"interval":5,"log":"none"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-213 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-213 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-213 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-213 + inet/filter/limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j ACCEPT + inet6/filter/limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j ACCEPT + inet/filter/limit-213 -j DROP + inet6/filter/limit-213 -j DROP + +Filter 221 {"flow-limit":1} +(filter-limit) + inet/filter/FORWARD -j limit-214 + inet6/filter/FORWARD -j limit-214 + inet/filter/INPUT -j limit-214 + inet6/filter/INPUT -j limit-214 + inet/filter/OUTPUT -j limit-214 + inet6/filter/OUTPUT -j limit-214 + inet/filter/limit-214 -m recent --name limit-214 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-67 + inet6/filter/limit-214 -m recent --name limit-214 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-67 + inet/filter/logdrop-67 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-67 -m limit --limit 1/second -j LOG + inet/filter/logdrop-67 -j DROP + inet6/filter/logdrop-67 -j DROP + inet/filter/limit-214 -m recent --name limit-214 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-214 -m recent --name limit-214 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1477,39 +2705,39 @@ Filter 119 {"flow-limit":1} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 120 {"action":"pass","flow-limit":1} +Filter 222 {"action":"pass","flow-limit":1} (filter-limit) - inet/filter/FORWARD -j limit-113 - inet6/filter/FORWARD -j limit-113 - inet/filter/INPUT -j limit-113 - inet6/filter/INPUT -j limit-113 - inet/filter/OUTPUT -j limit-113 - inet6/filter/OUTPUT -j limit-113 - inet/filter/limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 - inet6/filter/limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 - inet/filter/logdrop-38 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG - inet/filter/logdrop-38 -j DROP - inet6/filter/logdrop-38 -j DROP - inet/filter/limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 121 {"flow-limit":1,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-114 - inet6/filter/FORWARD -j limit-114 - inet/filter/INPUT -j limit-114 - inet6/filter/INPUT -j limit-114 - inet/filter/OUTPUT -j limit-114 - inet6/filter/OUTPUT -j limit-114 - inet/filter/limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 - inet6/filter/limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 - inet/filter/logdrop-39 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-39 -m limit --limit 1/second -j LOG - inet/filter/logdrop-39 -j DROP - inet6/filter/logdrop-39 -j DROP - inet/filter/limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-215 + inet6/filter/FORWARD -j limit-215 + inet/filter/INPUT -j limit-215 + inet6/filter/INPUT -j limit-215 + inet/filter/OUTPUT -j limit-215 + inet6/filter/OUTPUT -j limit-215 + inet/filter/limit-215 -m recent --name limit-215 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-68 + inet6/filter/limit-215 -m recent --name limit-215 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-68 + inet/filter/logdrop-68 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-68 -m limit --limit 1/second -j LOG + inet/filter/logdrop-68 -j DROP + inet6/filter/logdrop-68 -j DROP + inet/filter/limit-215 -m recent --name limit-215 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-215 -m recent --name limit-215 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 223 {"flow-limit":1,"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-216 + inet6/filter/FORWARD -j limit-216 + inet/filter/INPUT -j limit-216 + inet6/filter/INPUT -j limit-216 + inet/filter/OUTPUT -j limit-216 + inet6/filter/OUTPUT -j limit-216 + inet/filter/limit-216 -m recent --name limit-216 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-69 + inet6/filter/limit-216 -m recent --name limit-216 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-69 + inet/filter/logdrop-69 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-69 -m limit --limit 1/second -j LOG + inet/filter/logdrop-69 -j DROP + inet6/filter/logdrop-69 -j DROP + inet/filter/limit-216 -m recent --name limit-216 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-216 -m recent --name limit-216 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-0 inet6/filter/FORWARD -j logaccept-final-0 inet/filter/INPUT -j logaccept-final-0 @@ -1521,39 +2749,39 @@ Filter 121 {"flow-limit":1,"log":true} inet/filter/logaccept-final-0 -j ACCEPT inet6/filter/logaccept-final-0 -j ACCEPT -Filter 122 {"action":"pass","flow-limit":1,"log":true} +Filter 224 {"action":"pass","flow-limit":1,"log":true} (filter-limit) - inet/filter/FORWARD -j limit-115 - inet6/filter/FORWARD -j limit-115 - inet/filter/INPUT -j limit-115 - inet6/filter/INPUT -j limit-115 - inet/filter/OUTPUT -j limit-115 - inet6/filter/OUTPUT -j limit-115 - inet/filter/limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 - inet6/filter/limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 - inet/filter/logdrop-40 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-40 -m limit --limit 1/second -j LOG - inet/filter/logdrop-40 -j DROP - inet6/filter/logdrop-40 -j DROP - inet/filter/limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 123 {"flow-limit":1,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-116 - inet6/filter/FORWARD -j limit-116 - inet/filter/INPUT -j limit-116 - inet6/filter/INPUT -j limit-116 - inet/filter/OUTPUT -j limit-116 - inet6/filter/OUTPUT -j limit-116 - inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 - inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 - inet/filter/logdrop-41 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-41 -m limit --limit 1/second -j LOG - inet/filter/logdrop-41 -j DROP - inet6/filter/logdrop-41 -j DROP - inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-217 + inet6/filter/FORWARD -j limit-217 + inet/filter/INPUT -j limit-217 + inet6/filter/INPUT -j limit-217 + inet/filter/OUTPUT -j limit-217 + inet6/filter/OUTPUT -j limit-217 + inet/filter/limit-217 -m recent --name limit-217 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-70 + inet6/filter/limit-217 -m recent --name limit-217 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-70 + inet/filter/logdrop-70 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-70 -m limit --limit 1/second -j LOG + inet/filter/logdrop-70 -j DROP + inet6/filter/logdrop-70 -j DROP + inet/filter/limit-217 -m recent --name limit-217 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-217 -m recent --name limit-217 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 225 {"flow-limit":1,"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-218 + inet6/filter/FORWARD -j limit-218 + inet/filter/INPUT -j limit-218 + inet6/filter/INPUT -j limit-218 + inet/filter/OUTPUT -j limit-218 + inet6/filter/OUTPUT -j limit-218 + inet/filter/limit-218 -m recent --name limit-218 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-71 + inet6/filter/limit-218 -m recent --name limit-218 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-71 + inet/filter/logdrop-71 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-71 -m limit --limit 1/second -j LOG + inet/filter/logdrop-71 -j DROP + inet6/filter/logdrop-71 -j DROP + inet/filter/limit-218 -m recent --name limit-218 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-218 -m recent --name limit-218 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1561,39 +2789,39 @@ Filter 123 {"flow-limit":1,"log":"none"} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 124 {"action":"pass","flow-limit":1,"log":"none"} +Filter 226 {"action":"pass","flow-limit":1,"log":"none"} (filter-limit) - inet/filter/FORWARD -j limit-117 - inet6/filter/FORWARD -j limit-117 - inet/filter/INPUT -j limit-117 - inet6/filter/INPUT -j limit-117 - inet/filter/OUTPUT -j limit-117 - inet6/filter/OUTPUT -j limit-117 - inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 - inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 - inet/filter/logdrop-42 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-42 -m limit --limit 1/second -j LOG - inet/filter/logdrop-42 -j DROP - inet6/filter/logdrop-42 -j DROP - inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 125 {"flow-limit":{"count":1}} -(filter-limit) - inet/filter/FORWARD -j limit-118 - inet6/filter/FORWARD -j limit-118 - inet/filter/INPUT -j limit-118 - inet6/filter/INPUT -j limit-118 - inet/filter/OUTPUT -j limit-118 - inet6/filter/OUTPUT -j limit-118 - inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 - inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 - inet/filter/logdrop-43 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-43 -m limit --limit 1/second -j LOG - inet/filter/logdrop-43 -j DROP - inet6/filter/logdrop-43 -j DROP - inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-219 + inet6/filter/FORWARD -j limit-219 + inet/filter/INPUT -j limit-219 + inet6/filter/INPUT -j limit-219 + inet/filter/OUTPUT -j limit-219 + inet6/filter/OUTPUT -j limit-219 + inet/filter/limit-219 -m recent --name limit-219 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-72 + inet6/filter/limit-219 -m recent --name limit-219 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-72 + inet/filter/logdrop-72 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-72 -m limit --limit 1/second -j LOG + inet/filter/logdrop-72 -j DROP + inet6/filter/logdrop-72 -j DROP + inet/filter/limit-219 -m recent --name limit-219 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-219 -m recent --name limit-219 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 227 {"flow-limit":{"count":1}} +(filter-limit) + inet/filter/FORWARD -j limit-220 + inet6/filter/FORWARD -j limit-220 + inet/filter/INPUT -j limit-220 + inet6/filter/INPUT -j limit-220 + inet/filter/OUTPUT -j limit-220 + inet6/filter/OUTPUT -j limit-220 + inet/filter/limit-220 -m recent --name limit-220 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 + inet6/filter/limit-220 -m recent --name limit-220 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 + inet/filter/logdrop-73 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-73 -m limit --limit 1/second -j LOG + inet/filter/logdrop-73 -j DROP + inet6/filter/logdrop-73 -j DROP + inet/filter/limit-220 -m recent --name limit-220 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-220 -m recent --name limit-220 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1601,39 +2829,39 @@ Filter 125 {"flow-limit":{"count":1}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 126 {"action":"pass","flow-limit":{"count":1}} +Filter 228 {"action":"pass","flow-limit":{"count":1}} (filter-limit) - inet/filter/FORWARD -j limit-119 - inet6/filter/FORWARD -j limit-119 - inet/filter/INPUT -j limit-119 - inet6/filter/INPUT -j limit-119 - inet/filter/OUTPUT -j limit-119 - inet6/filter/OUTPUT -j limit-119 - inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 - inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 - inet/filter/logdrop-44 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG - inet/filter/logdrop-44 -j DROP - inet6/filter/logdrop-44 -j DROP - inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 127 {"flow-limit":{"count":1},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-120 - inet6/filter/FORWARD -j limit-120 - inet/filter/INPUT -j limit-120 - inet6/filter/INPUT -j limit-120 - inet/filter/OUTPUT -j limit-120 - inet6/filter/OUTPUT -j limit-120 - inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 - inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 - inet/filter/logdrop-45 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-45 -m limit --limit 1/second -j LOG - inet/filter/logdrop-45 -j DROP - inet6/filter/logdrop-45 -j DROP - inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-221 + inet6/filter/FORWARD -j limit-221 + inet/filter/INPUT -j limit-221 + inet6/filter/INPUT -j limit-221 + inet/filter/OUTPUT -j limit-221 + inet6/filter/OUTPUT -j limit-221 + inet/filter/limit-221 -m recent --name limit-221 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 + inet6/filter/limit-221 -m recent --name limit-221 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 + inet/filter/logdrop-74 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-74 -m limit --limit 1/second -j LOG + inet/filter/logdrop-74 -j DROP + inet6/filter/logdrop-74 -j DROP + inet/filter/limit-221 -m recent --name limit-221 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-221 -m recent --name limit-221 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 229 {"flow-limit":{"count":1},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-222 + inet6/filter/FORWARD -j limit-222 + inet/filter/INPUT -j limit-222 + inet6/filter/INPUT -j limit-222 + inet/filter/OUTPUT -j limit-222 + inet6/filter/OUTPUT -j limit-222 + inet/filter/limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 + inet6/filter/limit-222 -m recent --name limit-222 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 + inet/filter/logdrop-75 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-75 -m limit --limit 1/second -j LOG + inet/filter/logdrop-75 -j DROP + inet6/filter/logdrop-75 -j DROP + inet/filter/limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-222 -m recent --name limit-222 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-1 inet6/filter/FORWARD -j logaccept-final-1 inet/filter/INPUT -j logaccept-final-1 @@ -1645,39 +2873,39 @@ Filter 127 {"flow-limit":{"count":1},"log":true} inet/filter/logaccept-final-1 -j ACCEPT inet6/filter/logaccept-final-1 -j ACCEPT -Filter 128 {"action":"pass","flow-limit":{"count":1},"log":true} +Filter 230 {"action":"pass","flow-limit":{"count":1},"log":true} (filter-limit) - inet/filter/FORWARD -j limit-121 - inet6/filter/FORWARD -j limit-121 - inet/filter/INPUT -j limit-121 - inet6/filter/INPUT -j limit-121 - inet/filter/OUTPUT -j limit-121 - inet6/filter/OUTPUT -j limit-121 - inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 - inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 - inet/filter/logdrop-46 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-46 -m limit --limit 1/second -j LOG - inet/filter/logdrop-46 -j DROP - inet6/filter/logdrop-46 -j DROP - inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 129 {"flow-limit":{"count":1},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-122 - inet6/filter/FORWARD -j limit-122 - inet/filter/INPUT -j limit-122 - inet6/filter/INPUT -j limit-122 - inet/filter/OUTPUT -j limit-122 - inet6/filter/OUTPUT -j limit-122 - inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 - inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 - inet/filter/logdrop-47 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-47 -m limit --limit 1/second -j LOG - inet/filter/logdrop-47 -j DROP - inet6/filter/logdrop-47 -j DROP - inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-223 + inet6/filter/FORWARD -j limit-223 + inet/filter/INPUT -j limit-223 + inet6/filter/INPUT -j limit-223 + inet/filter/OUTPUT -j limit-223 + inet6/filter/OUTPUT -j limit-223 + inet/filter/limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 + inet6/filter/limit-223 -m recent --name limit-223 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 + inet/filter/logdrop-76 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-76 -m limit --limit 1/second -j LOG + inet/filter/logdrop-76 -j DROP + inet6/filter/logdrop-76 -j DROP + inet/filter/limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-223 -m recent --name limit-223 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 231 {"flow-limit":{"count":1},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-224 + inet6/filter/FORWARD -j limit-224 + inet/filter/INPUT -j limit-224 + inet6/filter/INPUT -j limit-224 + inet/filter/OUTPUT -j limit-224 + inet6/filter/OUTPUT -j limit-224 + inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 + inet6/filter/limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 + inet/filter/logdrop-77 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-77 -m limit --limit 1/second -j LOG + inet/filter/logdrop-77 -j DROP + inet6/filter/logdrop-77 -j DROP + inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1685,39 +2913,39 @@ Filter 129 {"flow-limit":{"count":1},"log":"none"} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 130 {"action":"pass","flow-limit":{"count":1},"log":"none"} +Filter 232 {"action":"pass","flow-limit":{"count":1},"log":"none"} (filter-limit) - inet/filter/FORWARD -j limit-123 - inet6/filter/FORWARD -j limit-123 - inet/filter/INPUT -j limit-123 - inet6/filter/INPUT -j limit-123 - inet/filter/OUTPUT -j limit-123 - inet6/filter/OUTPUT -j limit-123 - inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 - inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 - inet/filter/logdrop-48 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-48 -m limit --limit 1/second -j LOG - inet/filter/logdrop-48 -j DROP - inet6/filter/logdrop-48 -j DROP - inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 131 {"flow-limit":{"count":1,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-124 - inet6/filter/FORWARD -j limit-124 - inet/filter/INPUT -j limit-124 - inet6/filter/INPUT -j limit-124 - inet/filter/OUTPUT -j limit-124 - inet6/filter/OUTPUT -j limit-124 - inet/filter/limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 - inet6/filter/limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 - inet/filter/logdrop-49 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-49 -m limit --limit 1/second -j LOG - inet/filter/logdrop-49 -j DROP - inet6/filter/logdrop-49 -j DROP - inet/filter/limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-225 + inet6/filter/FORWARD -j limit-225 + inet/filter/INPUT -j limit-225 + inet6/filter/INPUT -j limit-225 + inet/filter/OUTPUT -j limit-225 + inet6/filter/OUTPUT -j limit-225 + inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 + inet6/filter/limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 + inet/filter/logdrop-78 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-78 -m limit --limit 1/second -j LOG + inet/filter/logdrop-78 -j DROP + inet6/filter/logdrop-78 -j DROP + inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 233 {"flow-limit":{"count":1,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-226 + inet6/filter/FORWARD -j limit-226 + inet/filter/INPUT -j limit-226 + inet6/filter/INPUT -j limit-226 + inet/filter/OUTPUT -j limit-226 + inet6/filter/OUTPUT -j limit-226 + inet/filter/limit-226 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 + inet6/filter/limit-226 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 + inet/filter/logdrop-79 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-79 -m limit --limit 1/second -j LOG + inet/filter/logdrop-79 -j DROP + inet6/filter/logdrop-79 -j DROP + inet/filter/limit-226 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-226 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1725,39 +2953,39 @@ Filter 131 {"flow-limit":{"count":1,"name":"foo"}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 132 {"action":"pass","flow-limit":{"count":1,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-125 - inet6/filter/FORWARD -j limit-125 - inet/filter/INPUT -j limit-125 - inet6/filter/INPUT -j limit-125 - inet/filter/OUTPUT -j limit-125 - inet6/filter/OUTPUT -j limit-125 - inet/filter/limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 - inet6/filter/limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 - inet/filter/logdrop-50 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-50 -m limit --limit 1/second -j LOG - inet/filter/logdrop-50 -j DROP - inet6/filter/logdrop-50 -j DROP - inet/filter/limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 133 {"flow-limit":{"count":1,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-126 - inet6/filter/FORWARD -j limit-126 - inet/filter/INPUT -j limit-126 - inet6/filter/INPUT -j limit-126 - inet/filter/OUTPUT -j limit-126 - inet6/filter/OUTPUT -j limit-126 - inet/filter/limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 - inet6/filter/limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 - inet/filter/logdrop-51 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-51 -m limit --limit 1/second -j LOG - inet/filter/logdrop-51 -j DROP - inet6/filter/logdrop-51 -j DROP - inet/filter/limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 234 {"action":"pass","flow-limit":{"count":1,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-227 + inet6/filter/FORWARD -j limit-227 + inet/filter/INPUT -j limit-227 + inet6/filter/INPUT -j limit-227 + inet/filter/OUTPUT -j limit-227 + inet6/filter/OUTPUT -j limit-227 + inet/filter/limit-227 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 + inet6/filter/limit-227 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 + inet/filter/logdrop-80 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-80 -m limit --limit 1/second -j LOG + inet/filter/logdrop-80 -j DROP + inet6/filter/logdrop-80 -j DROP + inet/filter/limit-227 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-227 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 235 {"flow-limit":{"count":1,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-228 + inet6/filter/FORWARD -j limit-228 + inet/filter/INPUT -j limit-228 + inet6/filter/INPUT -j limit-228 + inet/filter/OUTPUT -j limit-228 + inet6/filter/OUTPUT -j limit-228 + inet/filter/limit-228 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 + inet6/filter/limit-228 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 + inet/filter/logdrop-81 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-81 -m limit --limit 1/second -j LOG + inet/filter/logdrop-81 -j DROP + inet6/filter/logdrop-81 -j DROP + inet/filter/limit-228 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-228 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-2 inet6/filter/FORWARD -j logaccept-final-2 inet/filter/INPUT -j logaccept-final-2 @@ -1769,39 +2997,39 @@ Filter 133 {"flow-limit":{"count":1,"name":"foo"},"log": inet/filter/logaccept-final-2 -j ACCEPT inet6/filter/logaccept-final-2 -j ACCEPT -Filter 134 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":true} +Filter 236 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":true} (filter-limit) - inet/filter/FORWARD -j limit-127 - inet6/filter/FORWARD -j limit-127 - inet/filter/INPUT -j limit-127 - inet6/filter/INPUT -j limit-127 - inet/filter/OUTPUT -j limit-127 - inet6/filter/OUTPUT -j limit-127 - inet/filter/limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 - inet6/filter/limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 - inet/filter/logdrop-52 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-52 -m limit --limit 1/second -j LOG - inet/filter/logdrop-52 -j DROP - inet6/filter/logdrop-52 -j DROP - inet/filter/limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 135 {"flow-limit":{"count":1,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-128 - inet6/filter/FORWARD -j limit-128 - inet/filter/INPUT -j limit-128 - inet6/filter/INPUT -j limit-128 - inet/filter/OUTPUT -j limit-128 - inet6/filter/OUTPUT -j limit-128 - inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 - inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 - inet/filter/logdrop-53 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-53 -m limit --limit 1/second -j LOG - inet/filter/logdrop-53 -j DROP - inet6/filter/logdrop-53 -j DROP - inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-229 + inet6/filter/FORWARD -j limit-229 + inet/filter/INPUT -j limit-229 + inet6/filter/INPUT -j limit-229 + inet/filter/OUTPUT -j limit-229 + inet6/filter/OUTPUT -j limit-229 + inet/filter/limit-229 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 + inet6/filter/limit-229 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 + inet/filter/logdrop-82 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-82 -m limit --limit 1/second -j LOG + inet/filter/logdrop-82 -j DROP + inet6/filter/logdrop-82 -j DROP + inet/filter/limit-229 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-229 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 237 {"flow-limit":{"count":1,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-230 + inet6/filter/FORWARD -j limit-230 + inet/filter/INPUT -j limit-230 + inet6/filter/INPUT -j limit-230 + inet/filter/OUTPUT -j limit-230 + inet6/filter/OUTPUT -j limit-230 + inet/filter/limit-230 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 + inet6/filter/limit-230 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 + inet/filter/logdrop-83 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-83 -m limit --limit 1/second -j LOG + inet/filter/logdrop-83 -j DROP + inet6/filter/logdrop-83 -j DROP + inet/filter/limit-230 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-230 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1809,37 +3037,37 @@ Filter 135 {"flow-limit":{"count":1,"name":"foo"},"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 136 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-129 - inet6/filter/FORWARD -j limit-129 - inet/filter/INPUT -j limit-129 - inet6/filter/INPUT -j limit-129 - inet/filter/OUTPUT -j limit-129 - inet6/filter/OUTPUT -j limit-129 - inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 - inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 - inet/filter/logdrop-54 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-54 -m limit --limit 1/second -j LOG - inet/filter/logdrop-54 -j DROP - inet6/filter/logdrop-54 -j DROP - inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 137 {"flow-limit":{"count":1,"name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-130 - inet6/filter/FORWARD -j limit-130 - inet/filter/INPUT -j limit-130 - inet6/filter/INPUT -j limit-130 - inet/filter/OUTPUT -j limit-130 - inet6/filter/OUTPUT -j limit-130 - inet/filter/limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-55 - inet6/filter/limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-55 - inet/filter/logdrop-55 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-55 -m limit --limit 1/second -j LOG - inet/filter/logdrop-55 -j DROP - inet6/filter/logdrop-55 -j DROP +Filter 238 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-231 + inet6/filter/FORWARD -j limit-231 + inet/filter/INPUT -j limit-231 + inet6/filter/INPUT -j limit-231 + inet/filter/OUTPUT -j limit-231 + inet6/filter/OUTPUT -j limit-231 + inet/filter/limit-231 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 + inet6/filter/limit-231 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 + inet/filter/logdrop-84 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-84 -m limit --limit 1/second -j LOG + inet/filter/logdrop-84 -j DROP + inet6/filter/logdrop-84 -j DROP + inet/filter/limit-231 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-231 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 239 {"flow-limit":{"count":1,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-232 + inet6/filter/FORWARD -j limit-232 + inet/filter/INPUT -j limit-232 + inet6/filter/INPUT -j limit-232 + inet/filter/OUTPUT -j limit-232 + inet6/filter/OUTPUT -j limit-232 + inet/filter/limit-232 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-85 + inet6/filter/limit-232 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-85 + inet/filter/logdrop-85 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-85 -m limit --limit 1/second -j LOG + inet/filter/logdrop-85 -j DROP + inet6/filter/logdrop-85 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1847,35 +3075,35 @@ Filter 137 {"flow-limit":{"count":1,"name":"foo","update inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 138 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false}} +Filter 240 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false}} (filter-limit) - inet/filter/FORWARD -j limit-131 - inet6/filter/FORWARD -j limit-131 - inet/filter/INPUT -j limit-131 - inet6/filter/INPUT -j limit-131 - inet/filter/OUTPUT -j limit-131 - inet6/filter/OUTPUT -j limit-131 - inet/filter/limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-56 - inet6/filter/limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-56 - inet/filter/logdrop-56 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG - inet/filter/logdrop-56 -j DROP - inet6/filter/logdrop-56 -j DROP + inet/filter/FORWARD -j limit-233 + inet6/filter/FORWARD -j limit-233 + inet/filter/INPUT -j limit-233 + inet6/filter/INPUT -j limit-233 + inet/filter/OUTPUT -j limit-233 + inet6/filter/OUTPUT -j limit-233 + inet/filter/limit-233 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-86 + inet6/filter/limit-233 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-86 + inet/filter/logdrop-86 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-86 -m limit --limit 1/second -j LOG + inet/filter/logdrop-86 -j DROP + inet6/filter/logdrop-86 -j DROP -Filter 139 {"flow-limit":{"count":1,"name":"foo","update":false},"log":true} +Filter 241 {"flow-limit":{"count":1,"name":"foo","update":false},"log":true} (filter-limit) - inet/filter/FORWARD -j limit-132 - inet6/filter/FORWARD -j limit-132 - inet/filter/INPUT -j limit-132 - inet6/filter/INPUT -j limit-132 - inet/filter/OUTPUT -j limit-132 - inet6/filter/OUTPUT -j limit-132 - inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-57 - inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-57 - inet/filter/logdrop-57 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-57 -m limit --limit 1/second -j LOG - inet/filter/logdrop-57 -j DROP - inet6/filter/logdrop-57 -j DROP + inet/filter/FORWARD -j limit-234 + inet6/filter/FORWARD -j limit-234 + inet/filter/INPUT -j limit-234 + inet6/filter/INPUT -j limit-234 + inet/filter/OUTPUT -j limit-234 + inet6/filter/OUTPUT -j limit-234 + inet/filter/limit-234 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-87 + inet6/filter/limit-234 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-87 + inet/filter/logdrop-87 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-87 -m limit --limit 1/second -j LOG + inet/filter/logdrop-87 -j DROP + inet6/filter/logdrop-87 -j DROP inet/filter/FORWARD -j logaccept-final-3 inet6/filter/FORWARD -j logaccept-final-3 inet/filter/INPUT -j logaccept-final-3 @@ -1887,37 +3115,37 @@ Filter 139 {"flow-limit":{"count":1,"name":"foo","update inet/filter/logaccept-final-3 -j ACCEPT inet6/filter/logaccept-final-3 -j ACCEPT -Filter 140 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":true} +Filter 242 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":true} (filter-limit) - inet/filter/FORWARD -j limit-133 - inet6/filter/FORWARD -j limit-133 - inet/filter/INPUT -j limit-133 - inet6/filter/INPUT -j limit-133 - inet/filter/OUTPUT -j limit-133 - inet6/filter/OUTPUT -j limit-133 - inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-58 - inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-58 - inet/filter/logdrop-58 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-58 -m limit --limit 1/second -j LOG - inet/filter/logdrop-58 -j DROP - inet6/filter/logdrop-58 -j DROP - inet/filter/limit-133 -m limit --limit 1/second -j LOG - inet6/filter/limit-133 -m limit --limit 1/second -j LOG - -Filter 141 {"flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-134 - inet6/filter/FORWARD -j limit-134 - inet/filter/INPUT -j limit-134 - inet6/filter/INPUT -j limit-134 - inet/filter/OUTPUT -j limit-134 - inet6/filter/OUTPUT -j limit-134 - inet/filter/limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-59 - inet6/filter/limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-59 - inet/filter/logdrop-59 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-59 -m limit --limit 1/second -j LOG - inet/filter/logdrop-59 -j DROP - inet6/filter/logdrop-59 -j DROP + inet/filter/FORWARD -j limit-235 + inet6/filter/FORWARD -j limit-235 + inet/filter/INPUT -j limit-235 + inet6/filter/INPUT -j limit-235 + inet/filter/OUTPUT -j limit-235 + inet6/filter/OUTPUT -j limit-235 + inet/filter/limit-235 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-88 + inet6/filter/limit-235 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-88 + inet/filter/logdrop-88 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-88 -m limit --limit 1/second -j LOG + inet/filter/logdrop-88 -j DROP + inet6/filter/logdrop-88 -j DROP + inet/filter/limit-235 -m limit --limit 1/second -j LOG + inet6/filter/limit-235 -m limit --limit 1/second -j LOG + +Filter 243 {"flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-236 + inet6/filter/FORWARD -j limit-236 + inet/filter/INPUT -j limit-236 + inet6/filter/INPUT -j limit-236 + inet/filter/OUTPUT -j limit-236 + inet6/filter/OUTPUT -j limit-236 + inet/filter/limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-89 + inet6/filter/limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-89 + inet/filter/logdrop-89 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-89 -m limit --limit 1/second -j LOG + inet/filter/logdrop-89 -j DROP + inet6/filter/logdrop-89 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1925,37 +3153,37 @@ Filter 141 {"flow-limit":{"count":1,"name":"foo","update inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 142 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} +Filter 244 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} (filter-limit) - inet/filter/FORWARD -j limit-135 - inet6/filter/FORWARD -j limit-135 - inet/filter/INPUT -j limit-135 - inet6/filter/INPUT -j limit-135 - inet/filter/OUTPUT -j limit-135 - inet6/filter/OUTPUT -j limit-135 - inet/filter/limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-60 - inet6/filter/limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-60 - inet/filter/logdrop-60 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-60 -m limit --limit 1/second -j LOG - inet/filter/logdrop-60 -j DROP - inet6/filter/logdrop-60 -j DROP + inet/filter/FORWARD -j limit-237 + inet6/filter/FORWARD -j limit-237 + inet/filter/INPUT -j limit-237 + inet6/filter/INPUT -j limit-237 + inet/filter/OUTPUT -j limit-237 + inet6/filter/OUTPUT -j limit-237 + inet/filter/limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-90 + inet6/filter/limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-90 + inet/filter/logdrop-90 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-90 -m limit --limit 1/second -j LOG + inet/filter/logdrop-90 -j DROP + inet6/filter/logdrop-90 -j DROP -Filter 143 {"flow-limit":{"addr":"dest","count":1,"name":"foo"}} +Filter 245 {"flow-limit":{"addr":"dest","count":1,"name":"foo"}} (filter-limit) - inet/filter/FORWARD -j limit-136 - inet6/filter/FORWARD -j limit-136 - inet/filter/INPUT -j limit-136 - inet6/filter/INPUT -j limit-136 - inet/filter/OUTPUT -j limit-136 - inet6/filter/OUTPUT -j limit-136 - inet/filter/limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 - inet6/filter/limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 - inet/filter/logdrop-61 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-61 -m limit --limit 1/second -j LOG - inet/filter/logdrop-61 -j DROP - inet6/filter/logdrop-61 -j DROP - inet/filter/limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-238 + inet6/filter/FORWARD -j limit-238 + inet/filter/INPUT -j limit-238 + inet6/filter/INPUT -j limit-238 + inet/filter/OUTPUT -j limit-238 + inet6/filter/OUTPUT -j limit-238 + inet/filter/limit-238 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-91 + inet6/filter/limit-238 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-91 + inet/filter/logdrop-91 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-91 -m limit --limit 1/second -j LOG + inet/filter/logdrop-91 -j DROP + inet6/filter/logdrop-91 -j DROP + inet/filter/limit-238 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-238 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1963,39 +3191,39 @@ Filter 143 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 144 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-137 - inet6/filter/FORWARD -j limit-137 - inet/filter/INPUT -j limit-137 - inet6/filter/INPUT -j limit-137 - inet/filter/OUTPUT -j limit-137 - inet6/filter/OUTPUT -j limit-137 - inet/filter/limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 - inet6/filter/limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 - inet/filter/logdrop-62 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-62 -m limit --limit 1/second -j LOG - inet/filter/logdrop-62 -j DROP - inet6/filter/logdrop-62 -j DROP - inet/filter/limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 145 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-138 - inet6/filter/FORWARD -j limit-138 - inet/filter/INPUT -j limit-138 - inet6/filter/INPUT -j limit-138 - inet/filter/OUTPUT -j limit-138 - inet6/filter/OUTPUT -j limit-138 - inet/filter/limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 - inet6/filter/limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 - inet/filter/logdrop-63 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-63 -m limit --limit 1/second -j LOG - inet/filter/logdrop-63 -j DROP - inet6/filter/logdrop-63 -j DROP - inet/filter/limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 246 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-239 + inet6/filter/FORWARD -j limit-239 + inet/filter/INPUT -j limit-239 + inet6/filter/INPUT -j limit-239 + inet/filter/OUTPUT -j limit-239 + inet6/filter/OUTPUT -j limit-239 + inet/filter/limit-239 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-92 + inet6/filter/limit-239 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-92 + inet/filter/logdrop-92 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-92 -m limit --limit 1/second -j LOG + inet/filter/logdrop-92 -j DROP + inet6/filter/logdrop-92 -j DROP + inet/filter/limit-239 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-239 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 247 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-240 + inet6/filter/FORWARD -j limit-240 + inet/filter/INPUT -j limit-240 + inet6/filter/INPUT -j limit-240 + inet/filter/OUTPUT -j limit-240 + inet6/filter/OUTPUT -j limit-240 + inet/filter/limit-240 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-93 + inet6/filter/limit-240 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-93 + inet/filter/logdrop-93 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-93 -m limit --limit 1/second -j LOG + inet/filter/logdrop-93 -j DROP + inet6/filter/logdrop-93 -j DROP + inet/filter/limit-240 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-240 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-4 inet6/filter/FORWARD -j logaccept-final-4 inet/filter/INPUT -j logaccept-final-4 @@ -2007,39 +3235,39 @@ Filter 145 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/logaccept-final-4 -j ACCEPT inet6/filter/logaccept-final-4 -j ACCEPT -Filter 146 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":true} +Filter 248 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":true} (filter-limit) - inet/filter/FORWARD -j limit-139 - inet6/filter/FORWARD -j limit-139 - inet/filter/INPUT -j limit-139 - inet6/filter/INPUT -j limit-139 - inet/filter/OUTPUT -j limit-139 - inet6/filter/OUTPUT -j limit-139 - inet/filter/limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 - inet6/filter/limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 - inet/filter/logdrop-64 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-64 -m limit --limit 1/second -j LOG - inet/filter/logdrop-64 -j DROP - inet6/filter/logdrop-64 -j DROP - inet/filter/limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 147 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-140 - inet6/filter/FORWARD -j limit-140 - inet/filter/INPUT -j limit-140 - inet6/filter/INPUT -j limit-140 - inet/filter/OUTPUT -j limit-140 - inet6/filter/OUTPUT -j limit-140 - inet/filter/limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 - inet6/filter/limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 - inet/filter/logdrop-65 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-65 -m limit --limit 1/second -j LOG - inet/filter/logdrop-65 -j DROP - inet6/filter/logdrop-65 -j DROP - inet/filter/limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j limit-241 + inet6/filter/FORWARD -j limit-241 + inet/filter/INPUT -j limit-241 + inet6/filter/INPUT -j limit-241 + inet/filter/OUTPUT -j limit-241 + inet6/filter/OUTPUT -j limit-241 + inet/filter/limit-241 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-94 + inet6/filter/limit-241 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-94 + inet/filter/logdrop-94 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-94 -m limit --limit 1/second -j LOG + inet/filter/logdrop-94 -j DROP + inet6/filter/logdrop-94 -j DROP + inet/filter/limit-241 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-241 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 249 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-242 + inet6/filter/FORWARD -j limit-242 + inet/filter/INPUT -j limit-242 + inet6/filter/INPUT -j limit-242 + inet/filter/OUTPUT -j limit-242 + inet6/filter/OUTPUT -j limit-242 + inet/filter/limit-242 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-95 + inet6/filter/limit-242 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-95 + inet/filter/logdrop-95 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-95 -m limit --limit 1/second -j LOG + inet/filter/logdrop-95 -j DROP + inet6/filter/logdrop-95 -j DROP + inet/filter/limit-242 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-242 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2047,37 +3275,37 @@ Filter 147 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 148 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-141 - inet6/filter/FORWARD -j limit-141 - inet/filter/INPUT -j limit-141 - inet6/filter/INPUT -j limit-141 - inet/filter/OUTPUT -j limit-141 - inet6/filter/OUTPUT -j limit-141 - inet/filter/limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 - inet6/filter/limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 - inet/filter/logdrop-66 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-66 -m limit --limit 1/second -j LOG - inet/filter/logdrop-66 -j DROP - inet6/filter/logdrop-66 -j DROP - inet/filter/limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 149 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-142 - inet6/filter/FORWARD -j limit-142 - inet/filter/INPUT -j limit-142 - inet6/filter/INPUT -j limit-142 - inet/filter/OUTPUT -j limit-142 - inet6/filter/OUTPUT -j limit-142 - inet/filter/limit-142 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 - inet6/filter/limit-142 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 - inet/filter/logdrop-67 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-67 -m limit --limit 1/second -j LOG - inet/filter/logdrop-67 -j DROP - inet6/filter/logdrop-67 -j DROP +Filter 250 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-243 + inet6/filter/FORWARD -j limit-243 + inet/filter/INPUT -j limit-243 + inet6/filter/INPUT -j limit-243 + inet/filter/OUTPUT -j limit-243 + inet6/filter/OUTPUT -j limit-243 + inet/filter/limit-243 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-96 + inet6/filter/limit-243 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-96 + inet/filter/logdrop-96 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-96 -m limit --limit 1/second -j LOG + inet/filter/logdrop-96 -j DROP + inet6/filter/logdrop-96 -j DROP + inet/filter/limit-243 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-243 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 251 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-244 + inet6/filter/FORWARD -j limit-244 + inet/filter/INPUT -j limit-244 + inet6/filter/INPUT -j limit-244 + inet/filter/OUTPUT -j limit-244 + inet6/filter/OUTPUT -j limit-244 + inet/filter/limit-244 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-97 + inet6/filter/limit-244 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-97 + inet/filter/logdrop-97 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-97 -m limit --limit 1/second -j LOG + inet/filter/logdrop-97 -j DROP + inet6/filter/logdrop-97 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2085,35 +3313,35 @@ Filter 149 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 150 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false}} +Filter 252 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false}} (filter-limit) - inet/filter/FORWARD -j limit-143 - inet6/filter/FORWARD -j limit-143 - inet/filter/INPUT -j limit-143 - inet6/filter/INPUT -j limit-143 - inet/filter/OUTPUT -j limit-143 - inet6/filter/OUTPUT -j limit-143 - inet/filter/limit-143 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 - inet6/filter/limit-143 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 - inet/filter/logdrop-68 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-68 -m limit --limit 1/second -j LOG - inet/filter/logdrop-68 -j DROP - inet6/filter/logdrop-68 -j DROP + inet/filter/FORWARD -j limit-245 + inet6/filter/FORWARD -j limit-245 + inet/filter/INPUT -j limit-245 + inet6/filter/INPUT -j limit-245 + inet/filter/OUTPUT -j limit-245 + inet6/filter/OUTPUT -j limit-245 + inet/filter/limit-245 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-98 + inet6/filter/limit-245 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-98 + inet/filter/logdrop-98 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-98 -m limit --limit 1/second -j LOG + inet/filter/logdrop-98 -j DROP + inet6/filter/logdrop-98 -j DROP -Filter 151 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":true} +Filter 253 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":true} (filter-limit) - inet/filter/FORWARD -j limit-144 - inet6/filter/FORWARD -j limit-144 - inet/filter/INPUT -j limit-144 - inet6/filter/INPUT -j limit-144 - inet/filter/OUTPUT -j limit-144 - inet6/filter/OUTPUT -j limit-144 - inet/filter/limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 - inet6/filter/limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 - inet/filter/logdrop-69 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-69 -m limit --limit 1/second -j LOG - inet/filter/logdrop-69 -j DROP - inet6/filter/logdrop-69 -j DROP + inet/filter/FORWARD -j limit-246 + inet6/filter/FORWARD -j limit-246 + inet/filter/INPUT -j limit-246 + inet6/filter/INPUT -j limit-246 + inet/filter/OUTPUT -j limit-246 + inet6/filter/OUTPUT -j limit-246 + inet/filter/limit-246 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-99 + inet6/filter/limit-246 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-99 + inet/filter/logdrop-99 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-99 -m limit --limit 1/second -j LOG + inet/filter/logdrop-99 -j DROP + inet6/filter/logdrop-99 -j DROP inet/filter/FORWARD -j logaccept-final-5 inet6/filter/FORWARD -j logaccept-final-5 inet/filter/INPUT -j logaccept-final-5 @@ -2125,37 +3353,37 @@ Filter 151 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/logaccept-final-5 -j ACCEPT inet6/filter/logaccept-final-5 -j ACCEPT -Filter 152 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":true} +Filter 254 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":true} (filter-limit) - inet/filter/FORWARD -j limit-145 - inet6/filter/FORWARD -j limit-145 - inet/filter/INPUT -j limit-145 - inet6/filter/INPUT -j limit-145 - inet/filter/OUTPUT -j limit-145 - inet6/filter/OUTPUT -j limit-145 - inet/filter/limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 - inet6/filter/limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 - inet/filter/logdrop-70 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-70 -m limit --limit 1/second -j LOG - inet/filter/logdrop-70 -j DROP - inet6/filter/logdrop-70 -j DROP - inet/filter/limit-145 -m limit --limit 1/second -j LOG - inet6/filter/limit-145 -m limit --limit 1/second -j LOG - -Filter 153 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-146 - inet6/filter/FORWARD -j limit-146 - inet/filter/INPUT -j limit-146 - inet6/filter/INPUT -j limit-146 - inet/filter/OUTPUT -j limit-146 - inet6/filter/OUTPUT -j limit-146 - inet/filter/limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 - inet6/filter/limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 - inet/filter/logdrop-71 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-71 -m limit --limit 1/second -j LOG - inet/filter/logdrop-71 -j DROP - inet6/filter/logdrop-71 -j DROP + inet/filter/FORWARD -j limit-247 + inet6/filter/FORWARD -j limit-247 + inet/filter/INPUT -j limit-247 + inet6/filter/INPUT -j limit-247 + inet/filter/OUTPUT -j limit-247 + inet6/filter/OUTPUT -j limit-247 + inet/filter/limit-247 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-100 + inet6/filter/limit-247 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-100 + inet/filter/logdrop-100 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-100 -m limit --limit 1/second -j LOG + inet/filter/logdrop-100 -j DROP + inet6/filter/logdrop-100 -j DROP + inet/filter/limit-247 -m limit --limit 1/second -j LOG + inet6/filter/limit-247 -m limit --limit 1/second -j LOG + +Filter 255 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-248 + inet6/filter/FORWARD -j limit-248 + inet/filter/INPUT -j limit-248 + inet6/filter/INPUT -j limit-248 + inet/filter/OUTPUT -j limit-248 + inet6/filter/OUTPUT -j limit-248 + inet/filter/limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-101 + inet6/filter/limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-101 + inet/filter/logdrop-101 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-101 -m limit --limit 1/second -j LOG + inet/filter/logdrop-101 -j DROP + inet6/filter/logdrop-101 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2163,33 +3391,33 @@ Filter 153 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 154 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":"none"} +Filter 256 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":"none"} (filter-limit) - inet/filter/FORWARD -j limit-147 - inet6/filter/FORWARD -j limit-147 - inet/filter/INPUT -j limit-147 - inet6/filter/INPUT -j limit-147 - inet/filter/OUTPUT -j limit-147 - inet6/filter/OUTPUT -j limit-147 - inet/filter/limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 - inet6/filter/limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 - inet/filter/logdrop-72 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-72 -m limit --limit 1/second -j LOG - inet/filter/logdrop-72 -j DROP - inet6/filter/logdrop-72 -j DROP + inet/filter/FORWARD -j limit-249 + inet6/filter/FORWARD -j limit-249 + inet/filter/INPUT -j limit-249 + inet6/filter/INPUT -j limit-249 + inet/filter/OUTPUT -j limit-249 + inet6/filter/OUTPUT -j limit-249 + inet/filter/limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-102 + inet6/filter/limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-102 + inet/filter/logdrop-102 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-102 -m limit --limit 1/second -j LOG + inet/filter/logdrop-102 -j DROP + inet6/filter/logdrop-102 -j DROP -Filter 155 {"flow-limit":{"count":1,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-148 - inet6/filter/FORWARD -j limit-148 - inet/filter/INPUT -j limit-148 - inet6/filter/INPUT -j limit-148 - inet/filter/OUTPUT -j limit-148 - inet6/filter/OUTPUT -j limit-148 - inet/filter/limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 257 {"flow-limit":{"count":1,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-250 + inet6/filter/FORWARD -j limit-250 + inet/filter/INPUT -j limit-250 + inet6/filter/INPUT -j limit-250 + inet/filter/OUTPUT -j limit-250 + inet6/filter/OUTPUT -j limit-250 + inet/filter/limit-250 -m recent --name limit-250 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-250 -m recent --name limit-250 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-250 -m recent --name limit-250 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-250 -m recent --name limit-250 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2197,31 +3425,31 @@ Filter 155 {"flow-limit":{"count":1,"log":false}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 156 {"action":"pass","flow-limit":{"count":1,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-149 - inet6/filter/FORWARD -j limit-149 - inet/filter/INPUT -j limit-149 - inet6/filter/INPUT -j limit-149 - inet/filter/OUTPUT -j limit-149 - inet6/filter/OUTPUT -j limit-149 - inet/filter/limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 157 {"flow-limit":{"count":1,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-150 - inet6/filter/FORWARD -j limit-150 - inet/filter/INPUT -j limit-150 - inet6/filter/INPUT -j limit-150 - inet/filter/OUTPUT -j limit-150 - inet6/filter/OUTPUT -j limit-150 - inet/filter/limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 258 {"action":"pass","flow-limit":{"count":1,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-251 + inet6/filter/FORWARD -j limit-251 + inet/filter/INPUT -j limit-251 + inet6/filter/INPUT -j limit-251 + inet/filter/OUTPUT -j limit-251 + inet6/filter/OUTPUT -j limit-251 + inet/filter/limit-251 -m recent --name limit-251 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-251 -m recent --name limit-251 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-251 -m recent --name limit-251 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-251 -m recent --name limit-251 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 259 {"flow-limit":{"count":1,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-252 + inet6/filter/FORWARD -j limit-252 + inet/filter/INPUT -j limit-252 + inet6/filter/INPUT -j limit-252 + inet/filter/OUTPUT -j limit-252 + inet6/filter/OUTPUT -j limit-252 + inet/filter/limit-252 -m recent --name limit-252 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-252 -m recent --name limit-252 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-252 -m recent --name limit-252 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-252 -m recent --name limit-252 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-6 inet6/filter/FORWARD -j logaccept-final-6 inet/filter/INPUT -j logaccept-final-6 @@ -2233,31 +3461,31 @@ Filter 157 {"flow-limit":{"count":1,"log":false},"log":t inet/filter/logaccept-final-6 -j ACCEPT inet6/filter/logaccept-final-6 -j ACCEPT -Filter 158 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-151 - inet6/filter/FORWARD -j limit-151 - inet/filter/INPUT -j limit-151 - inet6/filter/INPUT -j limit-151 - inet/filter/OUTPUT -j limit-151 - inet6/filter/OUTPUT -j limit-151 - inet/filter/limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 159 {"flow-limit":{"count":1,"log":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-152 - inet6/filter/FORWARD -j limit-152 - inet/filter/INPUT -j limit-152 - inet6/filter/INPUT -j limit-152 - inet/filter/OUTPUT -j limit-152 - inet6/filter/OUTPUT -j limit-152 - inet/filter/limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 260 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-253 + inet6/filter/FORWARD -j limit-253 + inet/filter/INPUT -j limit-253 + inet6/filter/INPUT -j limit-253 + inet/filter/OUTPUT -j limit-253 + inet6/filter/OUTPUT -j limit-253 + inet/filter/limit-253 -m recent --name limit-253 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-253 -m recent --name limit-253 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-253 -m recent --name limit-253 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-253 -m recent --name limit-253 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 261 {"flow-limit":{"count":1,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-254 + inet6/filter/FORWARD -j limit-254 + inet/filter/INPUT -j limit-254 + inet6/filter/INPUT -j limit-254 + inet/filter/OUTPUT -j limit-254 + inet6/filter/OUTPUT -j limit-254 + inet/filter/limit-254 -m recent --name limit-254 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-254 -m recent --name limit-254 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-254 -m recent --name limit-254 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-254 -m recent --name limit-254 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2265,31 +3493,31 @@ Filter 159 {"flow-limit":{"count":1,"log":false},"log":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 160 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-153 - inet6/filter/FORWARD -j limit-153 - inet/filter/INPUT -j limit-153 - inet6/filter/INPUT -j limit-153 - inet/filter/OUTPUT -j limit-153 - inet6/filter/OUTPUT -j limit-153 - inet/filter/limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 161 {"flow-limit":{"count":1,"log":false,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-154 - inet6/filter/FORWARD -j limit-154 - inet/filter/INPUT -j limit-154 - inet6/filter/INPUT -j limit-154 - inet/filter/OUTPUT -j limit-154 - inet6/filter/OUTPUT -j limit-154 - inet/filter/limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 262 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-255 + inet6/filter/FORWARD -j limit-255 + inet/filter/INPUT -j limit-255 + inet6/filter/INPUT -j limit-255 + inet/filter/OUTPUT -j limit-255 + inet6/filter/OUTPUT -j limit-255 + inet/filter/limit-255 -m recent --name limit-255 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-255 -m recent --name limit-255 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-255 -m recent --name limit-255 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-255 -m recent --name limit-255 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 263 {"flow-limit":{"count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-256 + inet6/filter/FORWARD -j limit-256 + inet/filter/INPUT -j limit-256 + inet6/filter/INPUT -j limit-256 + inet/filter/OUTPUT -j limit-256 + inet6/filter/OUTPUT -j limit-256 + inet/filter/limit-256 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-256 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-256 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-256 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2297,31 +3525,31 @@ Filter 161 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 162 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-155 - inet6/filter/FORWARD -j limit-155 - inet/filter/INPUT -j limit-155 - inet6/filter/INPUT -j limit-155 - inet/filter/OUTPUT -j limit-155 - inet6/filter/OUTPUT -j limit-155 - inet/filter/limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 163 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-156 - inet6/filter/FORWARD -j limit-156 - inet/filter/INPUT -j limit-156 - inet6/filter/INPUT -j limit-156 - inet/filter/OUTPUT -j limit-156 - inet6/filter/OUTPUT -j limit-156 - inet/filter/limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 264 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-257 + inet6/filter/FORWARD -j limit-257 + inet/filter/INPUT -j limit-257 + inet6/filter/INPUT -j limit-257 + inet/filter/OUTPUT -j limit-257 + inet6/filter/OUTPUT -j limit-257 + inet/filter/limit-257 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-257 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-257 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-257 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 265 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-258 + inet6/filter/FORWARD -j limit-258 + inet/filter/INPUT -j limit-258 + inet6/filter/INPUT -j limit-258 + inet/filter/OUTPUT -j limit-258 + inet6/filter/OUTPUT -j limit-258 + inet/filter/limit-258 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-258 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-258 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-258 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-7 inet6/filter/FORWARD -j logaccept-final-7 inet/filter/INPUT -j logaccept-final-7 @@ -2333,31 +3561,31 @@ Filter 163 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/logaccept-final-7 -j ACCEPT inet6/filter/logaccept-final-7 -j ACCEPT -Filter 164 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-157 - inet6/filter/FORWARD -j limit-157 - inet/filter/INPUT -j limit-157 - inet6/filter/INPUT -j limit-157 - inet/filter/OUTPUT -j limit-157 - inet6/filter/OUTPUT -j limit-157 - inet/filter/limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 165 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-158 - inet6/filter/FORWARD -j limit-158 - inet/filter/INPUT -j limit-158 - inet6/filter/INPUT -j limit-158 - inet/filter/OUTPUT -j limit-158 - inet6/filter/OUTPUT -j limit-158 - inet/filter/limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 266 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-259 + inet6/filter/FORWARD -j limit-259 + inet/filter/INPUT -j limit-259 + inet6/filter/INPUT -j limit-259 + inet/filter/OUTPUT -j limit-259 + inet6/filter/OUTPUT -j limit-259 + inet/filter/limit-259 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-259 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-259 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-259 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 267 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-260 + inet6/filter/FORWARD -j limit-260 + inet/filter/INPUT -j limit-260 + inet6/filter/INPUT -j limit-260 + inet/filter/OUTPUT -j limit-260 + inet6/filter/OUTPUT -j limit-260 + inet/filter/limit-260 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-260 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-260 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-260 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2365,29 +3593,29 @@ Filter 165 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 166 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-159 - inet6/filter/FORWARD -j limit-159 - inet/filter/INPUT -j limit-159 - inet6/filter/INPUT -j limit-159 - inet/filter/OUTPUT -j limit-159 - inet6/filter/OUTPUT -j limit-159 - inet/filter/limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 167 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-160 - inet6/filter/FORWARD -j limit-160 - inet/filter/INPUT -j limit-160 - inet6/filter/INPUT -j limit-160 - inet/filter/OUTPUT -j limit-160 - inet6/filter/OUTPUT -j limit-160 - inet/filter/limit-160 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-160 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 268 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-261 + inet6/filter/FORWARD -j limit-261 + inet/filter/INPUT -j limit-261 + inet6/filter/INPUT -j limit-261 + inet/filter/OUTPUT -j limit-261 + inet6/filter/OUTPUT -j limit-261 + inet/filter/limit-261 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-261 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-261 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-261 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 269 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-262 + inet6/filter/FORWARD -j limit-262 + inet/filter/INPUT -j limit-262 + inet6/filter/INPUT -j limit-262 + inet/filter/OUTPUT -j limit-262 + inet6/filter/OUTPUT -j limit-262 + inet/filter/limit-262 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-262 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2395,27 +3623,27 @@ Filter 167 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 168 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-161 - inet6/filter/FORWARD -j limit-161 - inet/filter/INPUT -j limit-161 - inet6/filter/INPUT -j limit-161 - inet/filter/OUTPUT -j limit-161 - inet6/filter/OUTPUT -j limit-161 - inet/filter/limit-161 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-161 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - -Filter 169 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-162 - inet6/filter/FORWARD -j limit-162 - inet/filter/INPUT -j limit-162 - inet6/filter/INPUT -j limit-162 - inet/filter/OUTPUT -j limit-162 - inet6/filter/OUTPUT -j limit-162 - inet/filter/limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 270 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-263 + inet6/filter/FORWARD -j limit-263 + inet/filter/INPUT -j limit-263 + inet6/filter/INPUT -j limit-263 + inet/filter/OUTPUT -j limit-263 + inet6/filter/OUTPUT -j limit-263 + inet/filter/limit-263 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-263 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 271 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-264 + inet6/filter/FORWARD -j limit-264 + inet/filter/INPUT -j limit-264 + inet6/filter/INPUT -j limit-264 + inet/filter/OUTPUT -j limit-264 + inet6/filter/OUTPUT -j limit-264 + inet/filter/limit-264 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-264 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j logaccept-final-8 inet6/filter/FORWARD -j logaccept-final-8 inet/filter/INPUT -j logaccept-final-8 @@ -2427,29 +3655,29 @@ Filter 169 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/logaccept-final-8 -j ACCEPT inet6/filter/logaccept-final-8 -j ACCEPT -Filter 170 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-163 - inet6/filter/FORWARD -j limit-163 - inet/filter/INPUT -j limit-163 - inet6/filter/INPUT -j limit-163 - inet/filter/OUTPUT -j limit-163 - inet6/filter/OUTPUT -j limit-163 - inet/filter/limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-163 -m limit --limit 1/second -j LOG - inet6/filter/limit-163 -m limit --limit 1/second -j LOG - -Filter 171 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-164 - inet6/filter/FORWARD -j limit-164 - inet/filter/INPUT -j limit-164 - inet6/filter/INPUT -j limit-164 - inet/filter/OUTPUT -j limit-164 - inet6/filter/OUTPUT -j limit-164 - inet/filter/limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 272 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-265 + inet6/filter/FORWARD -j limit-265 + inet/filter/INPUT -j limit-265 + inet6/filter/INPUT -j limit-265 + inet/filter/OUTPUT -j limit-265 + inet6/filter/OUTPUT -j limit-265 + inet/filter/limit-265 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-265 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-265 -m limit --limit 1/second -j LOG + inet6/filter/limit-265 -m limit --limit 1/second -j LOG + +Filter 273 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-266 + inet6/filter/FORWARD -j limit-266 + inet/filter/INPUT -j limit-266 + inet6/filter/INPUT -j limit-266 + inet/filter/OUTPUT -j limit-266 + inet6/filter/OUTPUT -j limit-266 + inet/filter/limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2457,29 +3685,29 @@ Filter 171 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 172 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-165 - inet6/filter/FORWARD -j limit-165 - inet/filter/INPUT -j limit-165 - inet6/filter/INPUT -j limit-165 - inet/filter/OUTPUT -j limit-165 - inet6/filter/OUTPUT -j limit-165 - inet/filter/limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - -Filter 173 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-166 - inet6/filter/FORWARD -j limit-166 - inet/filter/INPUT -j limit-166 - inet6/filter/INPUT -j limit-166 - inet/filter/OUTPUT -j limit-166 - inet6/filter/OUTPUT -j limit-166 - inet/filter/limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 274 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-267 + inet6/filter/FORWARD -j limit-267 + inet/filter/INPUT -j limit-267 + inet6/filter/INPUT -j limit-267 + inet/filter/OUTPUT -j limit-267 + inet6/filter/OUTPUT -j limit-267 + inet/filter/limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 275 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-268 + inet6/filter/FORWARD -j limit-268 + inet/filter/INPUT -j limit-268 + inet6/filter/INPUT -j limit-268 + inet/filter/OUTPUT -j limit-268 + inet6/filter/OUTPUT -j limit-268 + inet/filter/limit-268 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-268 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-268 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-268 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2487,31 +3715,31 @@ Filter 173 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 174 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-167 - inet6/filter/FORWARD -j limit-167 - inet/filter/INPUT -j limit-167 - inet6/filter/INPUT -j limit-167 - inet/filter/OUTPUT -j limit-167 - inet6/filter/OUTPUT -j limit-167 - inet/filter/limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 175 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-168 - inet6/filter/FORWARD -j limit-168 - inet/filter/INPUT -j limit-168 - inet6/filter/INPUT -j limit-168 - inet/filter/OUTPUT -j limit-168 - inet6/filter/OUTPUT -j limit-168 - inet/filter/limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 276 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-269 + inet6/filter/FORWARD -j limit-269 + inet/filter/INPUT -j limit-269 + inet6/filter/INPUT -j limit-269 + inet/filter/OUTPUT -j limit-269 + inet6/filter/OUTPUT -j limit-269 + inet/filter/limit-269 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-269 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-269 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-269 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 277 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-270 + inet6/filter/FORWARD -j limit-270 + inet/filter/INPUT -j limit-270 + inet6/filter/INPUT -j limit-270 + inet/filter/OUTPUT -j limit-270 + inet6/filter/OUTPUT -j limit-270 + inet/filter/limit-270 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-270 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-270 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-270 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-9 inet6/filter/FORWARD -j logaccept-final-9 inet/filter/INPUT -j logaccept-final-9 @@ -2523,31 +3751,31 @@ Filter 175 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/logaccept-final-9 -j ACCEPT inet6/filter/logaccept-final-9 -j ACCEPT -Filter 176 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-169 - inet6/filter/FORWARD -j limit-169 - inet/filter/INPUT -j limit-169 - inet6/filter/INPUT -j limit-169 - inet/filter/OUTPUT -j limit-169 - inet6/filter/OUTPUT -j limit-169 - inet/filter/limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 177 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-170 - inet6/filter/FORWARD -j limit-170 - inet/filter/INPUT -j limit-170 - inet6/filter/INPUT -j limit-170 - inet/filter/OUTPUT -j limit-170 - inet6/filter/OUTPUT -j limit-170 - inet/filter/limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 278 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-271 + inet6/filter/FORWARD -j limit-271 + inet/filter/INPUT -j limit-271 + inet6/filter/INPUT -j limit-271 + inet/filter/OUTPUT -j limit-271 + inet6/filter/OUTPUT -j limit-271 + inet/filter/limit-271 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-271 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-271 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-271 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 279 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-272 + inet6/filter/FORWARD -j limit-272 + inet/filter/INPUT -j limit-272 + inet6/filter/INPUT -j limit-272 + inet/filter/OUTPUT -j limit-272 + inet6/filter/OUTPUT -j limit-272 + inet/filter/limit-272 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-272 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-272 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-272 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2555,29 +3783,29 @@ Filter 177 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 178 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-171 - inet6/filter/FORWARD -j limit-171 - inet/filter/INPUT -j limit-171 - inet6/filter/INPUT -j limit-171 - inet/filter/OUTPUT -j limit-171 - inet6/filter/OUTPUT -j limit-171 - inet/filter/limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 179 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-172 - inet6/filter/FORWARD -j limit-172 - inet/filter/INPUT -j limit-172 - inet6/filter/INPUT -j limit-172 - inet/filter/OUTPUT -j limit-172 - inet6/filter/OUTPUT -j limit-172 - inet/filter/limit-172 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-172 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 280 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-273 + inet6/filter/FORWARD -j limit-273 + inet/filter/INPUT -j limit-273 + inet6/filter/INPUT -j limit-273 + inet/filter/OUTPUT -j limit-273 + inet6/filter/OUTPUT -j limit-273 + inet/filter/limit-273 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-273 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-273 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-273 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 281 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-274 + inet6/filter/FORWARD -j limit-274 + inet/filter/INPUT -j limit-274 + inet6/filter/INPUT -j limit-274 + inet/filter/OUTPUT -j limit-274 + inet6/filter/OUTPUT -j limit-274 + inet/filter/limit-274 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-274 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2585,27 +3813,27 @@ Filter 179 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 180 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-173 - inet6/filter/FORWARD -j limit-173 - inet/filter/INPUT -j limit-173 - inet6/filter/INPUT -j limit-173 - inet/filter/OUTPUT -j limit-173 - inet6/filter/OUTPUT -j limit-173 - inet/filter/limit-173 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-173 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - -Filter 181 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-174 - inet6/filter/FORWARD -j limit-174 - inet/filter/INPUT -j limit-174 - inet6/filter/INPUT -j limit-174 - inet/filter/OUTPUT -j limit-174 - inet6/filter/OUTPUT -j limit-174 - inet/filter/limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 282 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-275 + inet6/filter/FORWARD -j limit-275 + inet/filter/INPUT -j limit-275 + inet6/filter/INPUT -j limit-275 + inet/filter/OUTPUT -j limit-275 + inet6/filter/OUTPUT -j limit-275 + inet/filter/limit-275 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-275 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 283 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-276 + inet6/filter/FORWARD -j limit-276 + inet/filter/INPUT -j limit-276 + inet6/filter/INPUT -j limit-276 + inet/filter/OUTPUT -j limit-276 + inet6/filter/OUTPUT -j limit-276 + inet/filter/limit-276 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-276 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j logaccept-final-10 inet6/filter/FORWARD -j logaccept-final-10 inet/filter/INPUT -j logaccept-final-10 @@ -2617,29 +3845,29 @@ Filter 181 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/logaccept-final-10 -j ACCEPT inet6/filter/logaccept-final-10 -j ACCEPT -Filter 182 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-175 - inet6/filter/FORWARD -j limit-175 - inet/filter/INPUT -j limit-175 - inet6/filter/INPUT -j limit-175 - inet/filter/OUTPUT -j limit-175 - inet6/filter/OUTPUT -j limit-175 - inet/filter/limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-175 -m limit --limit 1/second -j LOG - inet6/filter/limit-175 -m limit --limit 1/second -j LOG - -Filter 183 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-176 - inet6/filter/FORWARD -j limit-176 - inet/filter/INPUT -j limit-176 - inet6/filter/INPUT -j limit-176 - inet/filter/OUTPUT -j limit-176 - inet6/filter/OUTPUT -j limit-176 - inet/filter/limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 284 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-277 + inet6/filter/FORWARD -j limit-277 + inet/filter/INPUT -j limit-277 + inet6/filter/INPUT -j limit-277 + inet/filter/OUTPUT -j limit-277 + inet6/filter/OUTPUT -j limit-277 + inet/filter/limit-277 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-277 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-277 -m limit --limit 1/second -j LOG + inet6/filter/limit-277 -m limit --limit 1/second -j LOG + +Filter 285 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-278 + inet6/filter/FORWARD -j limit-278 + inet/filter/INPUT -j limit-278 + inet6/filter/INPUT -j limit-278 + inet/filter/OUTPUT -j limit-278 + inet6/filter/OUTPUT -j limit-278 + inet/filter/limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2647,29 +3875,29 @@ Filter 183 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 184 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-177 - inet6/filter/FORWARD -j limit-177 - inet/filter/INPUT -j limit-177 - inet6/filter/INPUT -j limit-177 - inet/filter/OUTPUT -j limit-177 - inet6/filter/OUTPUT -j limit-177 - inet/filter/limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - -Filter 185 {"flow-limit":{"count":1,"log":"none"}} -(filter-limit) - inet/filter/FORWARD -j limit-178 - inet6/filter/FORWARD -j limit-178 - inet/filter/INPUT -j limit-178 - inet6/filter/INPUT -j limit-178 - inet/filter/OUTPUT -j limit-178 - inet6/filter/OUTPUT -j limit-178 - inet/filter/limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 286 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-279 + inet6/filter/FORWARD -j limit-279 + inet/filter/INPUT -j limit-279 + inet6/filter/INPUT -j limit-279 + inet/filter/OUTPUT -j limit-279 + inet6/filter/OUTPUT -j limit-279 + inet/filter/limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 287 {"flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-280 + inet6/filter/FORWARD -j limit-280 + inet/filter/INPUT -j limit-280 + inet6/filter/INPUT -j limit-280 + inet/filter/OUTPUT -j limit-280 + inet6/filter/OUTPUT -j limit-280 + inet/filter/limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-280 -m recent --name limit-280 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-280 -m recent --name limit-280 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2677,31 +3905,31 @@ Filter 185 {"flow-limit":{"count":1,"log":"none"}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 186 {"action":"pass","flow-limit":{"count":1,"log":"none"}} -(filter-limit) - inet/filter/FORWARD -j limit-179 - inet6/filter/FORWARD -j limit-179 - inet/filter/INPUT -j limit-179 - inet6/filter/INPUT -j limit-179 - inet/filter/OUTPUT -j limit-179 - inet6/filter/OUTPUT -j limit-179 - inet/filter/limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 187 {"flow-limit":{"count":1,"log":"none"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-180 - inet6/filter/FORWARD -j limit-180 - inet/filter/INPUT -j limit-180 - inet6/filter/INPUT -j limit-180 - inet/filter/OUTPUT -j limit-180 - inet6/filter/OUTPUT -j limit-180 - inet/filter/limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 288 {"action":"pass","flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-281 + inet6/filter/FORWARD -j limit-281 + inet/filter/INPUT -j limit-281 + inet6/filter/INPUT -j limit-281 + inet/filter/OUTPUT -j limit-281 + inet6/filter/OUTPUT -j limit-281 + inet/filter/limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-281 -m recent --name limit-281 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-281 -m recent --name limit-281 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 289 {"flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-282 + inet6/filter/FORWARD -j limit-282 + inet/filter/INPUT -j limit-282 + inet6/filter/INPUT -j limit-282 + inet/filter/OUTPUT -j limit-282 + inet6/filter/OUTPUT -j limit-282 + inet/filter/limit-282 -m recent --name limit-282 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-282 -m recent --name limit-282 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-282 -m recent --name limit-282 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-282 -m recent --name limit-282 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-11 inet6/filter/FORWARD -j logaccept-final-11 inet/filter/INPUT -j logaccept-final-11 @@ -2713,31 +3941,31 @@ Filter 187 {"flow-limit":{"count":1,"log":"none"},"log": inet/filter/logaccept-final-11 -j ACCEPT inet6/filter/logaccept-final-11 -j ACCEPT -Filter 188 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-181 - inet6/filter/FORWARD -j limit-181 - inet/filter/INPUT -j limit-181 - inet6/filter/INPUT -j limit-181 - inet/filter/OUTPUT -j limit-181 - inet6/filter/OUTPUT -j limit-181 - inet/filter/limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 189 {"flow-limit":{"count":1,"log":"none"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-182 - inet6/filter/FORWARD -j limit-182 - inet/filter/INPUT -j limit-182 - inet6/filter/INPUT -j limit-182 - inet/filter/OUTPUT -j limit-182 - inet6/filter/OUTPUT -j limit-182 - inet/filter/limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 290 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-283 + inet6/filter/FORWARD -j limit-283 + inet/filter/INPUT -j limit-283 + inet6/filter/INPUT -j limit-283 + inet/filter/OUTPUT -j limit-283 + inet6/filter/OUTPUT -j limit-283 + inet/filter/limit-283 -m recent --name limit-283 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-283 -m recent --name limit-283 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-283 -m recent --name limit-283 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-283 -m recent --name limit-283 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 291 {"flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-284 + inet6/filter/FORWARD -j limit-284 + inet/filter/INPUT -j limit-284 + inet6/filter/INPUT -j limit-284 + inet/filter/OUTPUT -j limit-284 + inet6/filter/OUTPUT -j limit-284 + inet/filter/limit-284 -m recent --name limit-284 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-284 -m recent --name limit-284 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-284 -m recent --name limit-284 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-284 -m recent --name limit-284 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2745,31 +3973,31 @@ Filter 189 {"flow-limit":{"count":1,"log":"none"},"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 190 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-183 - inet6/filter/FORWARD -j limit-183 - inet/filter/INPUT -j limit-183 - inet6/filter/INPUT -j limit-183 - inet/filter/OUTPUT -j limit-183 - inet6/filter/OUTPUT -j limit-183 - inet/filter/limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 191 {"flow-limit":{"count":1,"log":"none","name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-184 - inet6/filter/FORWARD -j limit-184 - inet/filter/INPUT -j limit-184 - inet6/filter/INPUT -j limit-184 - inet/filter/OUTPUT -j limit-184 - inet6/filter/OUTPUT -j limit-184 - inet/filter/limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 292 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-285 + inet6/filter/FORWARD -j limit-285 + inet/filter/INPUT -j limit-285 + inet6/filter/INPUT -j limit-285 + inet/filter/OUTPUT -j limit-285 + inet6/filter/OUTPUT -j limit-285 + inet/filter/limit-285 -m recent --name limit-285 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-285 -m recent --name limit-285 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-285 -m recent --name limit-285 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-285 -m recent --name limit-285 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 293 {"flow-limit":{"count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-286 + inet6/filter/FORWARD -j limit-286 + inet/filter/INPUT -j limit-286 + inet6/filter/INPUT -j limit-286 + inet/filter/OUTPUT -j limit-286 + inet6/filter/OUTPUT -j limit-286 + inet/filter/limit-286 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-286 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-286 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-286 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2777,31 +4005,31 @@ Filter 191 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 192 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-185 - inet6/filter/FORWARD -j limit-185 - inet/filter/INPUT -j limit-185 - inet6/filter/INPUT -j limit-185 - inet/filter/OUTPUT -j limit-185 - inet6/filter/OUTPUT -j limit-185 - inet/filter/limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 193 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-186 - inet6/filter/FORWARD -j limit-186 - inet/filter/INPUT -j limit-186 - inet6/filter/INPUT -j limit-186 - inet/filter/OUTPUT -j limit-186 - inet6/filter/OUTPUT -j limit-186 - inet/filter/limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 294 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-287 + inet6/filter/FORWARD -j limit-287 + inet/filter/INPUT -j limit-287 + inet6/filter/INPUT -j limit-287 + inet/filter/OUTPUT -j limit-287 + inet6/filter/OUTPUT -j limit-287 + inet/filter/limit-287 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-287 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-287 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-287 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 295 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-288 + inet6/filter/FORWARD -j limit-288 + inet/filter/INPUT -j limit-288 + inet6/filter/INPUT -j limit-288 + inet/filter/OUTPUT -j limit-288 + inet6/filter/OUTPUT -j limit-288 + inet/filter/limit-288 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-288 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-288 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-288 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-12 inet6/filter/FORWARD -j logaccept-final-12 inet/filter/INPUT -j logaccept-final-12 @@ -2813,31 +4041,31 @@ Filter 193 {"flow-limit":{"count":1,"log":"none","name": inet/filter/logaccept-final-12 -j ACCEPT inet6/filter/logaccept-final-12 -j ACCEPT -Filter 194 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-187 - inet6/filter/FORWARD -j limit-187 - inet/filter/INPUT -j limit-187 - inet6/filter/INPUT -j limit-187 - inet/filter/OUTPUT -j limit-187 - inet6/filter/OUTPUT -j limit-187 - inet/filter/limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 195 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-188 - inet6/filter/FORWARD -j limit-188 - inet/filter/INPUT -j limit-188 - inet6/filter/INPUT -j limit-188 - inet/filter/OUTPUT -j limit-188 - inet6/filter/OUTPUT -j limit-188 - inet/filter/limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 296 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-289 + inet6/filter/FORWARD -j limit-289 + inet/filter/INPUT -j limit-289 + inet6/filter/INPUT -j limit-289 + inet/filter/OUTPUT -j limit-289 + inet6/filter/OUTPUT -j limit-289 + inet/filter/limit-289 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-289 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-289 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-289 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 297 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-290 + inet6/filter/FORWARD -j limit-290 + inet/filter/INPUT -j limit-290 + inet6/filter/INPUT -j limit-290 + inet/filter/OUTPUT -j limit-290 + inet6/filter/OUTPUT -j limit-290 + inet/filter/limit-290 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-290 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-290 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-290 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2845,29 +4073,29 @@ Filter 195 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 196 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-189 - inet6/filter/FORWARD -j limit-189 - inet/filter/INPUT -j limit-189 - inet6/filter/INPUT -j limit-189 - inet/filter/OUTPUT -j limit-189 - inet6/filter/OUTPUT -j limit-189 - inet/filter/limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 197 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-190 - inet6/filter/FORWARD -j limit-190 - inet/filter/INPUT -j limit-190 - inet6/filter/INPUT -j limit-190 - inet/filter/OUTPUT -j limit-190 - inet6/filter/OUTPUT -j limit-190 - inet/filter/limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 298 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-291 + inet6/filter/FORWARD -j limit-291 + inet/filter/INPUT -j limit-291 + inet6/filter/INPUT -j limit-291 + inet/filter/OUTPUT -j limit-291 + inet6/filter/OUTPUT -j limit-291 + inet/filter/limit-291 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-291 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-291 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-291 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 299 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-292 + inet6/filter/FORWARD -j limit-292 + inet/filter/INPUT -j limit-292 + inet6/filter/INPUT -j limit-292 + inet/filter/OUTPUT -j limit-292 + inet6/filter/OUTPUT -j limit-292 + inet/filter/limit-292 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-292 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2875,27 +4103,27 @@ Filter 197 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 198 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-191 - inet6/filter/FORWARD -j limit-191 - inet/filter/INPUT -j limit-191 - inet6/filter/INPUT -j limit-191 - inet/filter/OUTPUT -j limit-191 - inet6/filter/OUTPUT -j limit-191 - inet/filter/limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - -Filter 199 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-192 - inet6/filter/FORWARD -j limit-192 - inet/filter/INPUT -j limit-192 - inet6/filter/INPUT -j limit-192 - inet/filter/OUTPUT -j limit-192 - inet6/filter/OUTPUT -j limit-192 - inet/filter/limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 300 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-293 + inet6/filter/FORWARD -j limit-293 + inet/filter/INPUT -j limit-293 + inet6/filter/INPUT -j limit-293 + inet/filter/OUTPUT -j limit-293 + inet6/filter/OUTPUT -j limit-293 + inet/filter/limit-293 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-293 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 301 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-294 + inet6/filter/FORWARD -j limit-294 + inet/filter/INPUT -j limit-294 + inet6/filter/INPUT -j limit-294 + inet/filter/OUTPUT -j limit-294 + inet6/filter/OUTPUT -j limit-294 + inet/filter/limit-294 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-294 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j logaccept-final-13 inet6/filter/FORWARD -j logaccept-final-13 inet/filter/INPUT -j logaccept-final-13 @@ -2907,29 +4135,29 @@ Filter 199 {"flow-limit":{"count":1,"log":"none","name": inet/filter/logaccept-final-13 -j ACCEPT inet6/filter/logaccept-final-13 -j ACCEPT -Filter 200 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-193 - inet6/filter/FORWARD -j limit-193 - inet/filter/INPUT -j limit-193 - inet6/filter/INPUT -j limit-193 - inet/filter/OUTPUT -j limit-193 - inet6/filter/OUTPUT -j limit-193 - inet/filter/limit-193 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-193 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-193 -m limit --limit 1/second -j LOG - inet6/filter/limit-193 -m limit --limit 1/second -j LOG - -Filter 201 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-194 - inet6/filter/FORWARD -j limit-194 - inet/filter/INPUT -j limit-194 - inet6/filter/INPUT -j limit-194 - inet/filter/OUTPUT -j limit-194 - inet6/filter/OUTPUT -j limit-194 - inet/filter/limit-194 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-194 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 302 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-295 + inet6/filter/FORWARD -j limit-295 + inet/filter/INPUT -j limit-295 + inet6/filter/INPUT -j limit-295 + inet/filter/OUTPUT -j limit-295 + inet6/filter/OUTPUT -j limit-295 + inet/filter/limit-295 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-295 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-295 -m limit --limit 1/second -j LOG + inet6/filter/limit-295 -m limit --limit 1/second -j LOG + +Filter 303 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-296 + inet6/filter/FORWARD -j limit-296 + inet/filter/INPUT -j limit-296 + inet6/filter/INPUT -j limit-296 + inet/filter/OUTPUT -j limit-296 + inet6/filter/OUTPUT -j limit-296 + inet/filter/limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2937,29 +4165,29 @@ Filter 201 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 202 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-195 - inet6/filter/FORWARD -j limit-195 - inet/filter/INPUT -j limit-195 - inet6/filter/INPUT -j limit-195 - inet/filter/OUTPUT -j limit-195 - inet6/filter/OUTPUT -j limit-195 - inet/filter/limit-195 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-195 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - -Filter 203 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-196 - inet6/filter/FORWARD -j limit-196 - inet/filter/INPUT -j limit-196 - inet6/filter/INPUT -j limit-196 - inet/filter/OUTPUT -j limit-196 - inet6/filter/OUTPUT -j limit-196 - inet/filter/limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 304 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-297 + inet6/filter/FORWARD -j limit-297 + inet/filter/INPUT -j limit-297 + inet6/filter/INPUT -j limit-297 + inet/filter/OUTPUT -j limit-297 + inet6/filter/OUTPUT -j limit-297 + inet/filter/limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 305 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-298 + inet6/filter/FORWARD -j limit-298 + inet/filter/INPUT -j limit-298 + inet6/filter/INPUT -j limit-298 + inet/filter/OUTPUT -j limit-298 + inet6/filter/OUTPUT -j limit-298 + inet/filter/limit-298 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-298 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-298 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-298 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2967,31 +4195,31 @@ Filter 203 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 204 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-197 - inet6/filter/FORWARD -j limit-197 - inet/filter/INPUT -j limit-197 - inet6/filter/INPUT -j limit-197 - inet/filter/OUTPUT -j limit-197 - inet6/filter/OUTPUT -j limit-197 - inet/filter/limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 205 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-198 - inet6/filter/FORWARD -j limit-198 - inet/filter/INPUT -j limit-198 - inet6/filter/INPUT -j limit-198 - inet/filter/OUTPUT -j limit-198 - inet6/filter/OUTPUT -j limit-198 - inet/filter/limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 306 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-299 + inet6/filter/FORWARD -j limit-299 + inet/filter/INPUT -j limit-299 + inet6/filter/INPUT -j limit-299 + inet/filter/OUTPUT -j limit-299 + inet6/filter/OUTPUT -j limit-299 + inet/filter/limit-299 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-299 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-299 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-299 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 307 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-300 + inet6/filter/FORWARD -j limit-300 + inet/filter/INPUT -j limit-300 + inet6/filter/INPUT -j limit-300 + inet/filter/OUTPUT -j limit-300 + inet6/filter/OUTPUT -j limit-300 + inet/filter/limit-300 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-300 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-300 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-300 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-14 inet6/filter/FORWARD -j logaccept-final-14 inet/filter/INPUT -j logaccept-final-14 @@ -3003,31 +4231,31 @@ Filter 205 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/logaccept-final-14 -j ACCEPT inet6/filter/logaccept-final-14 -j ACCEPT -Filter 206 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-199 - inet6/filter/FORWARD -j limit-199 - inet/filter/INPUT -j limit-199 - inet6/filter/INPUT -j limit-199 - inet/filter/OUTPUT -j limit-199 - inet6/filter/OUTPUT -j limit-199 - inet/filter/limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 207 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-200 - inet6/filter/FORWARD -j limit-200 - inet/filter/INPUT -j limit-200 - inet6/filter/INPUT -j limit-200 - inet/filter/OUTPUT -j limit-200 - inet6/filter/OUTPUT -j limit-200 - inet/filter/limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 308 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-301 + inet6/filter/FORWARD -j limit-301 + inet/filter/INPUT -j limit-301 + inet6/filter/INPUT -j limit-301 + inet/filter/OUTPUT -j limit-301 + inet6/filter/OUTPUT -j limit-301 + inet/filter/limit-301 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-301 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-301 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-301 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 309 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-302 + inet6/filter/FORWARD -j limit-302 + inet/filter/INPUT -j limit-302 + inet6/filter/INPUT -j limit-302 + inet/filter/OUTPUT -j limit-302 + inet6/filter/OUTPUT -j limit-302 + inet/filter/limit-302 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-302 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-302 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-302 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3035,29 +4263,29 @@ Filter 207 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 208 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-201 - inet6/filter/FORWARD -j limit-201 - inet/filter/INPUT -j limit-201 - inet6/filter/INPUT -j limit-201 - inet/filter/OUTPUT -j limit-201 - inet6/filter/OUTPUT -j limit-201 - inet/filter/limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 209 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-202 - inet6/filter/FORWARD -j limit-202 - inet/filter/INPUT -j limit-202 - inet6/filter/INPUT -j limit-202 - inet/filter/OUTPUT -j limit-202 - inet6/filter/OUTPUT -j limit-202 - inet/filter/limit-202 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-202 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 310 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-303 + inet6/filter/FORWARD -j limit-303 + inet/filter/INPUT -j limit-303 + inet6/filter/INPUT -j limit-303 + inet/filter/OUTPUT -j limit-303 + inet6/filter/OUTPUT -j limit-303 + inet/filter/limit-303 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-303 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-303 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-303 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 311 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-304 + inet6/filter/FORWARD -j limit-304 + inet/filter/INPUT -j limit-304 + inet6/filter/INPUT -j limit-304 + inet/filter/OUTPUT -j limit-304 + inet6/filter/OUTPUT -j limit-304 + inet/filter/limit-304 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-304 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3065,27 +4293,27 @@ Filter 209 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 210 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-203 - inet6/filter/FORWARD -j limit-203 - inet/filter/INPUT -j limit-203 - inet6/filter/INPUT -j limit-203 - inet/filter/OUTPUT -j limit-203 - inet6/filter/OUTPUT -j limit-203 - inet/filter/limit-203 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-203 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - -Filter 211 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-204 - inet6/filter/FORWARD -j limit-204 - inet/filter/INPUT -j limit-204 - inet6/filter/INPUT -j limit-204 - inet/filter/OUTPUT -j limit-204 - inet6/filter/OUTPUT -j limit-204 - inet/filter/limit-204 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-204 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 312 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-305 + inet6/filter/FORWARD -j limit-305 + inet/filter/INPUT -j limit-305 + inet6/filter/INPUT -j limit-305 + inet/filter/OUTPUT -j limit-305 + inet6/filter/OUTPUT -j limit-305 + inet/filter/limit-305 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-305 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 313 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-306 + inet6/filter/FORWARD -j limit-306 + inet/filter/INPUT -j limit-306 + inet6/filter/INPUT -j limit-306 + inet/filter/OUTPUT -j limit-306 + inet6/filter/OUTPUT -j limit-306 + inet/filter/limit-306 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-306 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j logaccept-final-15 inet6/filter/FORWARD -j logaccept-final-15 inet/filter/INPUT -j logaccept-final-15 @@ -3097,29 +4325,29 @@ Filter 211 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/logaccept-final-15 -j ACCEPT inet6/filter/logaccept-final-15 -j ACCEPT -Filter 212 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-205 - inet6/filter/FORWARD -j limit-205 - inet/filter/INPUT -j limit-205 - inet6/filter/INPUT -j limit-205 - inet/filter/OUTPUT -j limit-205 - inet6/filter/OUTPUT -j limit-205 - inet/filter/limit-205 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-205 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-205 -m limit --limit 1/second -j LOG - inet6/filter/limit-205 -m limit --limit 1/second -j LOG - -Filter 213 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-206 - inet6/filter/FORWARD -j limit-206 - inet/filter/INPUT -j limit-206 - inet6/filter/INPUT -j limit-206 - inet/filter/OUTPUT -j limit-206 - inet6/filter/OUTPUT -j limit-206 - inet/filter/limit-206 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-206 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +Filter 314 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-307 + inet6/filter/FORWARD -j limit-307 + inet/filter/INPUT -j limit-307 + inet6/filter/INPUT -j limit-307 + inet/filter/OUTPUT -j limit-307 + inet6/filter/OUTPUT -j limit-307 + inet/filter/limit-307 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-307 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-307 -m limit --limit 1/second -j LOG + inet6/filter/limit-307 -m limit --limit 1/second -j LOG + +Filter 315 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-308 + inet6/filter/FORWARD -j limit-308 + inet/filter/INPUT -j limit-308 + inet6/filter/INPUT -j limit-308 + inet/filter/OUTPUT -j limit-308 + inet6/filter/OUTPUT -j limit-308 + inet/filter/limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3127,31 +4355,33 @@ Filter 213 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 214 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-207 - inet6/filter/FORWARD -j limit-207 - inet/filter/INPUT -j limit-207 - inet6/filter/INPUT -j limit-207 - inet/filter/OUTPUT -j limit-207 - inet6/filter/OUTPUT -j limit-207 - inet/filter/limit-207 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-207 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - -Filter 215 {"flow-limit":150} -(filter-limit) - inet/filter/FORWARD -j limit-208 - inet6/filter/FORWARD -j limit-208 - inet/filter/INPUT -j limit-208 - inet6/filter/INPUT -j limit-208 - inet/filter/OUTPUT -j limit-208 - inet6/filter/OUTPUT -j limit-208 - inet/filter/limit-208 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j RETURN - inet6/filter/limit-208 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j RETURN - inet/filter/limit-208 -m limit --limit 1/second -j LOG - inet6/filter/limit-208 -m limit --limit 1/second -j LOG - inet/filter/limit-208 -j DROP - inet6/filter/limit-208 -j DROP +Filter 316 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-309 + inet6/filter/FORWARD -j limit-309 + inet/filter/INPUT -j limit-309 + inet6/filter/INPUT -j limit-309 + inet/filter/OUTPUT -j limit-309 + inet6/filter/OUTPUT -j limit-309 + inet/filter/limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 317 {"flow-limit":{"count":1,"interval":5}} +(filter-limit) + inet/filter/FORWARD -j limit-310 + inet6/filter/FORWARD -j limit-310 + inet/filter/INPUT -j limit-310 + inet6/filter/INPUT -j limit-310 + inet/filter/OUTPUT -j limit-310 + inet6/filter/OUTPUT -j limit-310 + inet/filter/limit-310 -m recent --name limit-310 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-103 + inet6/filter/limit-310 -m recent --name limit-310 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-103 + inet/filter/logdrop-103 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-103 -m limit --limit 1/second -j LOG + inet/filter/logdrop-103 -j DROP + inet6/filter/logdrop-103 -j DROP + inet/filter/limit-310 -m recent --name limit-310 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-310 -m recent --name limit-310 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3159,35 +4389,39 @@ Filter 215 {"flow-limit":150} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 216 {"action":"pass","flow-limit":150} -(filter-limit) - inet/filter/FORWARD -j limit-209 - inet6/filter/FORWARD -j limit-209 - inet/filter/INPUT -j limit-209 - inet6/filter/INPUT -j limit-209 - inet/filter/OUTPUT -j limit-209 - inet6/filter/OUTPUT -j limit-209 - inet/filter/limit-209 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j RETURN - inet6/filter/limit-209 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j RETURN - inet/filter/limit-209 -m limit --limit 1/second -j LOG - inet6/filter/limit-209 -m limit --limit 1/second -j LOG - inet/filter/limit-209 -j DROP - inet6/filter/limit-209 -j DROP - -Filter 217 {"flow-limit":150,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-210 - inet6/filter/FORWARD -j limit-210 - inet/filter/INPUT -j limit-210 - inet6/filter/INPUT -j limit-210 - inet/filter/OUTPUT -j limit-210 - inet6/filter/OUTPUT -j limit-210 - inet/filter/limit-210 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j RETURN - inet6/filter/limit-210 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j RETURN - inet/filter/limit-210 -m limit --limit 1/second -j LOG - inet6/filter/limit-210 -m limit --limit 1/second -j LOG - inet/filter/limit-210 -j DROP - inet6/filter/limit-210 -j DROP +Filter 318 {"action":"pass","flow-limit":{"count":1,"interval":5}} +(filter-limit) + inet/filter/FORWARD -j limit-311 + inet6/filter/FORWARD -j limit-311 + inet/filter/INPUT -j limit-311 + inet6/filter/INPUT -j limit-311 + inet/filter/OUTPUT -j limit-311 + inet6/filter/OUTPUT -j limit-311 + inet/filter/limit-311 -m recent --name limit-311 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-104 + inet6/filter/limit-311 -m recent --name limit-311 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-104 + inet/filter/logdrop-104 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-104 -m limit --limit 1/second -j LOG + inet/filter/logdrop-104 -j DROP + inet6/filter/logdrop-104 -j DROP + inet/filter/limit-311 -m recent --name limit-311 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-311 -m recent --name limit-311 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 319 {"flow-limit":{"count":1,"interval":5},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-312 + inet6/filter/FORWARD -j limit-312 + inet/filter/INPUT -j limit-312 + inet6/filter/INPUT -j limit-312 + inet/filter/OUTPUT -j limit-312 + inet6/filter/OUTPUT -j limit-312 + inet/filter/limit-312 -m recent --name limit-312 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-105 + inet6/filter/limit-312 -m recent --name limit-312 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-105 + inet/filter/logdrop-105 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-105 -m limit --limit 1/second -j LOG + inet/filter/logdrop-105 -j DROP + inet6/filter/logdrop-105 -j DROP + inet/filter/limit-312 -m recent --name limit-312 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-312 -m recent --name limit-312 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-16 inet6/filter/FORWARD -j logaccept-final-16 inet/filter/INPUT -j logaccept-final-16 @@ -3199,20 +4433,39 @@ Filter 217 {"flow-limit":150,"log":true} inet/filter/logaccept-final-16 -j ACCEPT inet6/filter/logaccept-final-16 -j ACCEPT -Filter 218 {"flow-limit":150,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-211 - inet6/filter/FORWARD -j limit-211 - inet/filter/INPUT -j limit-211 - inet6/filter/INPUT -j limit-211 - inet/filter/OUTPUT -j limit-211 - inet6/filter/OUTPUT -j limit-211 - inet/filter/limit-211 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN - inet6/filter/limit-211 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN - inet/filter/limit-211 -m limit --limit 1/second -j LOG - inet6/filter/limit-211 -m limit --limit 1/second -j LOG - inet/filter/limit-211 -j DROP - inet6/filter/limit-211 -j DROP +Filter 320 {"action":"pass","flow-limit":{"count":1,"interval":5},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-313 + inet6/filter/FORWARD -j limit-313 + inet/filter/INPUT -j limit-313 + inet6/filter/INPUT -j limit-313 + inet/filter/OUTPUT -j limit-313 + inet6/filter/OUTPUT -j limit-313 + inet/filter/limit-313 -m recent --name limit-313 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-106 + inet6/filter/limit-313 -m recent --name limit-313 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-106 + inet/filter/logdrop-106 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-106 -m limit --limit 1/second -j LOG + inet/filter/logdrop-106 -j DROP + inet6/filter/logdrop-106 -j DROP + inet/filter/limit-313 -m recent --name limit-313 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-313 -m recent --name limit-313 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 321 {"flow-limit":{"count":1,"interval":5},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-314 + inet6/filter/FORWARD -j limit-314 + inet/filter/INPUT -j limit-314 + inet6/filter/INPUT -j limit-314 + inet/filter/OUTPUT -j limit-314 + inet6/filter/OUTPUT -j limit-314 + inet/filter/limit-314 -m recent --name limit-314 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-107 + inet6/filter/limit-314 -m recent --name limit-314 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-107 + inet/filter/logdrop-107 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-107 -m limit --limit 1/second -j LOG + inet/filter/logdrop-107 -j DROP + inet6/filter/logdrop-107 -j DROP + inet/filter/limit-314 -m recent --name limit-314 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-314 -m recent --name limit-314 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3220,20 +4473,39 @@ Filter 218 {"flow-limit":150,"log":"none"} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 219 {"flow-limit":{"count":150}} -(filter-limit) - inet/filter/FORWARD -j limit-212 - inet6/filter/FORWARD -j limit-212 - inet/filter/INPUT -j limit-212 - inet6/filter/INPUT -j limit-212 - inet/filter/OUTPUT -j limit-212 - inet6/filter/OUTPUT -j limit-212 - inet/filter/limit-212 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j RETURN - inet6/filter/limit-212 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j RETURN - inet/filter/limit-212 -m limit --limit 1/second -j LOG - inet6/filter/limit-212 -m limit --limit 1/second -j LOG - inet/filter/limit-212 -j DROP - inet6/filter/limit-212 -j DROP +Filter 322 {"action":"pass","flow-limit":{"count":1,"interval":5},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-315 + inet6/filter/FORWARD -j limit-315 + inet/filter/INPUT -j limit-315 + inet6/filter/INPUT -j limit-315 + inet/filter/OUTPUT -j limit-315 + inet6/filter/OUTPUT -j limit-315 + inet/filter/limit-315 -m recent --name limit-315 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-108 + inet6/filter/limit-315 -m recent --name limit-315 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-108 + inet/filter/logdrop-108 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-108 -m limit --limit 1/second -j LOG + inet/filter/logdrop-108 -j DROP + inet6/filter/logdrop-108 -j DROP + inet/filter/limit-315 -m recent --name limit-315 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-315 -m recent --name limit-315 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 323 {"flow-limit":{"count":1,"interval":5,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-316 + inet6/filter/FORWARD -j limit-316 + inet/filter/INPUT -j limit-316 + inet6/filter/INPUT -j limit-316 + inet/filter/OUTPUT -j limit-316 + inet6/filter/OUTPUT -j limit-316 + inet/filter/limit-316 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-109 + inet6/filter/limit-316 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-109 + inet/filter/logdrop-109 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-109 -m limit --limit 1/second -j LOG + inet/filter/logdrop-109 -j DROP + inet6/filter/logdrop-109 -j DROP + inet/filter/limit-316 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-316 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3241,35 +4513,39 @@ Filter 219 {"flow-limit":{"count":150}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 220 {"action":"pass","flow-limit":{"count":150}} -(filter-limit) - inet/filter/FORWARD -j limit-213 - inet6/filter/FORWARD -j limit-213 - inet/filter/INPUT -j limit-213 - inet6/filter/INPUT -j limit-213 - inet/filter/OUTPUT -j limit-213 - inet6/filter/OUTPUT -j limit-213 - inet/filter/limit-213 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN - inet6/filter/limit-213 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN - inet/filter/limit-213 -m limit --limit 1/second -j LOG - inet6/filter/limit-213 -m limit --limit 1/second -j LOG - inet/filter/limit-213 -j DROP - inet6/filter/limit-213 -j DROP - -Filter 221 {"flow-limit":{"count":150},"log":true} +Filter 324 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo"}} (filter-limit) - inet/filter/FORWARD -j limit-214 - inet6/filter/FORWARD -j limit-214 - inet/filter/INPUT -j limit-214 - inet6/filter/INPUT -j limit-214 - inet/filter/OUTPUT -j limit-214 - inet6/filter/OUTPUT -j limit-214 - inet/filter/limit-214 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j RETURN - inet6/filter/limit-214 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j RETURN - inet/filter/limit-214 -m limit --limit 1/second -j LOG - inet6/filter/limit-214 -m limit --limit 1/second -j LOG - inet/filter/limit-214 -j DROP - inet6/filter/limit-214 -j DROP + inet/filter/FORWARD -j limit-317 + inet6/filter/FORWARD -j limit-317 + inet/filter/INPUT -j limit-317 + inet6/filter/INPUT -j limit-317 + inet/filter/OUTPUT -j limit-317 + inet6/filter/OUTPUT -j limit-317 + inet/filter/limit-317 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-110 + inet6/filter/limit-317 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-110 + inet/filter/logdrop-110 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-110 -m limit --limit 1/second -j LOG + inet/filter/logdrop-110 -j DROP + inet6/filter/logdrop-110 -j DROP + inet/filter/limit-317 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-317 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 325 {"flow-limit":{"count":1,"interval":5,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-318 + inet6/filter/FORWARD -j limit-318 + inet/filter/INPUT -j limit-318 + inet6/filter/INPUT -j limit-318 + inet/filter/OUTPUT -j limit-318 + inet6/filter/OUTPUT -j limit-318 + inet/filter/limit-318 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-111 + inet6/filter/limit-318 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-111 + inet/filter/logdrop-111 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-111 -m limit --limit 1/second -j LOG + inet/filter/logdrop-111 -j DROP + inet6/filter/logdrop-111 -j DROP + inet/filter/limit-318 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-318 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-17 inet6/filter/FORWARD -j logaccept-final-17 inet/filter/INPUT -j logaccept-final-17 @@ -3281,20 +4557,39 @@ Filter 221 {"flow-limit":{"count":150},"log":true} inet/filter/logaccept-final-17 -j ACCEPT inet6/filter/logaccept-final-17 -j ACCEPT -Filter 222 {"flow-limit":{"count":150},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-215 - inet6/filter/FORWARD -j limit-215 - inet/filter/INPUT -j limit-215 - inet6/filter/INPUT -j limit-215 - inet/filter/OUTPUT -j limit-215 - inet6/filter/OUTPUT -j limit-215 - inet/filter/limit-215 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j RETURN - inet6/filter/limit-215 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j RETURN - inet/filter/limit-215 -m limit --limit 1/second -j LOG - inet6/filter/limit-215 -m limit --limit 1/second -j LOG - inet/filter/limit-215 -j DROP - inet6/filter/limit-215 -j DROP +Filter 326 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-319 + inet6/filter/FORWARD -j limit-319 + inet/filter/INPUT -j limit-319 + inet6/filter/INPUT -j limit-319 + inet/filter/OUTPUT -j limit-319 + inet6/filter/OUTPUT -j limit-319 + inet/filter/limit-319 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-112 + inet6/filter/limit-319 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-112 + inet/filter/logdrop-112 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-112 -m limit --limit 1/second -j LOG + inet/filter/logdrop-112 -j DROP + inet6/filter/logdrop-112 -j DROP + inet/filter/limit-319 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-319 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 327 {"flow-limit":{"count":1,"interval":5,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-320 + inet6/filter/FORWARD -j limit-320 + inet/filter/INPUT -j limit-320 + inet6/filter/INPUT -j limit-320 + inet/filter/OUTPUT -j limit-320 + inet6/filter/OUTPUT -j limit-320 + inet/filter/limit-320 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-113 + inet6/filter/limit-320 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-113 + inet/filter/logdrop-113 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-113 -m limit --limit 1/second -j LOG + inet/filter/logdrop-113 -j DROP + inet6/filter/logdrop-113 -j DROP + inet/filter/limit-320 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-320 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3302,18 +4597,37 @@ Filter 222 {"flow-limit":{"count":150},"log":"none"} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 223 {"flow-limit":{"count":150,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-216 - inet6/filter/FORWARD -j limit-216 - inet/filter/INPUT -j limit-216 - inet6/filter/INPUT -j limit-216 - inet/filter/OUTPUT -j limit-216 - inet6/filter/OUTPUT -j limit-216 - inet/filter/limit-216 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j RETURN - inet6/filter/limit-216 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j RETURN - inet/filter/limit-216 -j DROP - inet6/filter/limit-216 -j DROP +Filter 328 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-321 + inet6/filter/FORWARD -j limit-321 + inet/filter/INPUT -j limit-321 + inet6/filter/INPUT -j limit-321 + inet/filter/OUTPUT -j limit-321 + inet6/filter/OUTPUT -j limit-321 + inet/filter/limit-321 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-114 + inet6/filter/limit-321 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-114 + inet/filter/logdrop-114 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-114 -m limit --limit 1/second -j LOG + inet/filter/logdrop-114 -j DROP + inet6/filter/logdrop-114 -j DROP + inet/filter/limit-321 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-321 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 329 {"flow-limit":{"count":1,"interval":5,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-322 + inet6/filter/FORWARD -j limit-322 + inet/filter/INPUT -j limit-322 + inet6/filter/INPUT -j limit-322 + inet/filter/OUTPUT -j limit-322 + inet6/filter/OUTPUT -j limit-322 + inet/filter/limit-322 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-115 + inet6/filter/limit-322 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-115 + inet/filter/logdrop-115 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-115 -m limit --limit 1/second -j LOG + inet/filter/logdrop-115 -j DROP + inet6/filter/logdrop-115 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3321,31 +4635,35 @@ Filter 223 {"flow-limit":{"count":150,"log":false}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 224 {"action":"pass","flow-limit":{"count":150,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-217 - inet6/filter/FORWARD -j limit-217 - inet/filter/INPUT -j limit-217 - inet6/filter/INPUT -j limit-217 - inet/filter/OUTPUT -j limit-217 - inet6/filter/OUTPUT -j limit-217 - inet/filter/limit-217 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN - inet6/filter/limit-217 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN - inet/filter/limit-217 -j DROP - inet6/filter/limit-217 -j DROP - -Filter 225 {"flow-limit":{"count":150,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-218 - inet6/filter/FORWARD -j limit-218 - inet/filter/INPUT -j limit-218 - inet6/filter/INPUT -j limit-218 - inet/filter/OUTPUT -j limit-218 - inet6/filter/OUTPUT -j limit-218 - inet/filter/limit-218 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j RETURN - inet6/filter/limit-218 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j RETURN - inet/filter/limit-218 -j DROP - inet6/filter/limit-218 -j DROP +Filter 330 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-323 + inet6/filter/FORWARD -j limit-323 + inet/filter/INPUT -j limit-323 + inet6/filter/INPUT -j limit-323 + inet/filter/OUTPUT -j limit-323 + inet6/filter/OUTPUT -j limit-323 + inet/filter/limit-323 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-116 + inet6/filter/limit-323 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-116 + inet/filter/logdrop-116 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-116 -m limit --limit 1/second -j LOG + inet/filter/logdrop-116 -j DROP + inet6/filter/logdrop-116 -j DROP + +Filter 331 {"flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-324 + inet6/filter/FORWARD -j limit-324 + inet/filter/INPUT -j limit-324 + inet6/filter/INPUT -j limit-324 + inet/filter/OUTPUT -j limit-324 + inet6/filter/OUTPUT -j limit-324 + inet/filter/limit-324 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-117 + inet6/filter/limit-324 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-117 + inet/filter/logdrop-117 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-117 -m limit --limit 1/second -j LOG + inet/filter/logdrop-117 -j DROP + inet6/filter/logdrop-117 -j DROP inet/filter/FORWARD -j logaccept-final-18 inet6/filter/FORWARD -j logaccept-final-18 inet/filter/INPUT -j logaccept-final-18 @@ -3357,18 +4675,37 @@ Filter 225 {"flow-limit":{"count":150,"log":false},"log" inet/filter/logaccept-final-18 -j ACCEPT inet6/filter/logaccept-final-18 -j ACCEPT -Filter 226 {"flow-limit":{"count":150,"log":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-219 - inet6/filter/FORWARD -j limit-219 - inet/filter/INPUT -j limit-219 - inet6/filter/INPUT -j limit-219 - inet/filter/OUTPUT -j limit-219 - inet6/filter/OUTPUT -j limit-219 - inet/filter/limit-219 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j RETURN - inet6/filter/limit-219 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j RETURN - inet/filter/limit-219 -j DROP - inet6/filter/limit-219 -j DROP +Filter 332 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-325 + inet6/filter/FORWARD -j limit-325 + inet/filter/INPUT -j limit-325 + inet6/filter/INPUT -j limit-325 + inet/filter/OUTPUT -j limit-325 + inet6/filter/OUTPUT -j limit-325 + inet/filter/limit-325 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-118 + inet6/filter/limit-325 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-118 + inet/filter/logdrop-118 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-118 -m limit --limit 1/second -j LOG + inet/filter/logdrop-118 -j DROP + inet6/filter/logdrop-118 -j DROP + inet/filter/limit-325 -m limit --limit 1/second -j LOG + inet6/filter/limit-325 -m limit --limit 1/second -j LOG + +Filter 333 {"flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-326 + inet6/filter/FORWARD -j limit-326 + inet/filter/INPUT -j limit-326 + inet6/filter/INPUT -j limit-326 + inet/filter/OUTPUT -j limit-326 + inet6/filter/OUTPUT -j limit-326 + inet/filter/limit-326 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-119 + inet6/filter/limit-326 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-119 + inet/filter/logdrop-119 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-119 -m limit --limit 1/second -j LOG + inet/filter/logdrop-119 -j DROP + inet6/filter/logdrop-119 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3376,18 +4713,37 @@ Filter 226 {"flow-limit":{"count":150,"log":false},"log" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 227 {"flow-limit":{"count":150,"log":"none"}} -(filter-limit) - inet/filter/FORWARD -j limit-220 - inet6/filter/FORWARD -j limit-220 - inet/filter/INPUT -j limit-220 - inet6/filter/INPUT -j limit-220 - inet/filter/OUTPUT -j limit-220 - inet6/filter/OUTPUT -j limit-220 - inet/filter/limit-220 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j RETURN - inet6/filter/limit-220 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j RETURN - inet/filter/limit-220 -j DROP - inet6/filter/limit-220 -j DROP +Filter 334 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-327 + inet6/filter/FORWARD -j limit-327 + inet/filter/INPUT -j limit-327 + inet6/filter/INPUT -j limit-327 + inet/filter/OUTPUT -j limit-327 + inet6/filter/OUTPUT -j limit-327 + inet/filter/limit-327 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-120 + inet6/filter/limit-327 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-120 + inet/filter/logdrop-120 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-120 -m limit --limit 1/second -j LOG + inet/filter/logdrop-120 -j DROP + inet6/filter/logdrop-120 -j DROP + +Filter 335 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-328 + inet6/filter/FORWARD -j limit-328 + inet/filter/INPUT -j limit-328 + inet6/filter/INPUT -j limit-328 + inet/filter/OUTPUT -j limit-328 + inet6/filter/OUTPUT -j limit-328 + inet/filter/limit-328 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-121 + inet6/filter/limit-328 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-121 + inet/filter/logdrop-121 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-121 -m limit --limit 1/second -j LOG + inet/filter/logdrop-121 -j DROP + inet6/filter/logdrop-121 -j DROP + inet/filter/limit-328 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-328 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3395,31 +4751,39 @@ Filter 227 {"flow-limit":{"count":150,"log":"none"}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 228 {"action":"pass","flow-limit":{"count":150,"log":"none"}} -(filter-limit) - inet/filter/FORWARD -j limit-221 - inet6/filter/FORWARD -j limit-221 - inet/filter/INPUT -j limit-221 - inet6/filter/INPUT -j limit-221 - inet/filter/OUTPUT -j limit-221 - inet6/filter/OUTPUT -j limit-221 - inet/filter/limit-221 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN - inet6/filter/limit-221 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN - inet/filter/limit-221 -j DROP - inet6/filter/limit-221 -j DROP - -Filter 229 {"flow-limit":{"count":150,"log":"none"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-222 - inet6/filter/FORWARD -j limit-222 - inet/filter/INPUT -j limit-222 - inet6/filter/INPUT -j limit-222 - inet/filter/OUTPUT -j limit-222 - inet6/filter/OUTPUT -j limit-222 - inet/filter/limit-222 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j RETURN - inet6/filter/limit-222 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j RETURN - inet/filter/limit-222 -j DROP - inet6/filter/limit-222 -j DROP +Filter 336 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-329 + inet6/filter/FORWARD -j limit-329 + inet/filter/INPUT -j limit-329 + inet6/filter/INPUT -j limit-329 + inet/filter/OUTPUT -j limit-329 + inet6/filter/OUTPUT -j limit-329 + inet/filter/limit-329 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-122 + inet6/filter/limit-329 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-122 + inet/filter/logdrop-122 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-122 -m limit --limit 1/second -j LOG + inet/filter/logdrop-122 -j DROP + inet6/filter/logdrop-122 -j DROP + inet/filter/limit-329 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-329 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 337 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-330 + inet6/filter/FORWARD -j limit-330 + inet/filter/INPUT -j limit-330 + inet6/filter/INPUT -j limit-330 + inet/filter/OUTPUT -j limit-330 + inet6/filter/OUTPUT -j limit-330 + inet/filter/limit-330 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-123 + inet6/filter/limit-330 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-123 + inet/filter/logdrop-123 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-123 -m limit --limit 1/second -j LOG + inet/filter/logdrop-123 -j DROP + inet6/filter/logdrop-123 -j DROP + inet/filter/limit-330 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-330 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j logaccept-final-19 inet6/filter/FORWARD -j logaccept-final-19 inet/filter/INPUT -j logaccept-final-19 @@ -3431,18 +4795,39 @@ Filter 229 {"flow-limit":{"count":150,"log":"none"},"log inet/filter/logaccept-final-19 -j ACCEPT inet6/filter/logaccept-final-19 -j ACCEPT -Filter 230 {"flow-limit":{"count":150,"log":"none"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-223 - inet6/filter/FORWARD -j limit-223 - inet/filter/INPUT -j limit-223 - inet6/filter/INPUT -j limit-223 - inet/filter/OUTPUT -j limit-223 - inet6/filter/OUTPUT -j limit-223 - inet/filter/limit-223 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j RETURN - inet6/filter/limit-223 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j RETURN - inet/filter/limit-223 -j DROP - inet6/filter/limit-223 -j DROP +Filter 338 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-331 + inet6/filter/FORWARD -j limit-331 + inet/filter/INPUT -j limit-331 + inet6/filter/INPUT -j limit-331 + inet/filter/OUTPUT -j limit-331 + inet6/filter/OUTPUT -j limit-331 + inet/filter/limit-331 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-124 + inet6/filter/limit-331 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-124 + inet/filter/logdrop-124 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-124 -m limit --limit 1/second -j LOG + inet/filter/logdrop-124 -j DROP + inet6/filter/logdrop-124 -j DROP + inet/filter/limit-331 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-331 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 339 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-332 + inet6/filter/FORWARD -j limit-332 + inet/filter/INPUT -j limit-332 + inet6/filter/INPUT -j limit-332 + inet/filter/OUTPUT -j limit-332 + inet6/filter/OUTPUT -j limit-332 + inet/filter/limit-332 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-125 + inet6/filter/limit-332 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-125 + inet/filter/logdrop-125 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-125 -m limit --limit 1/second -j LOG + inet/filter/logdrop-125 -j DROP + inet6/filter/logdrop-125 -j DROP + inet/filter/limit-332 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-332 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -3450,18 +4835,1651 @@ Filter 230 {"flow-limit":{"count":150,"log":"none"},"log inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 231 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-224 - inet6/filter/INPUT -i eth0 -j limit-224 - inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 - inet6/filter/limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 - inet/filter/logdrop-73 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-73 -m limit --limit 1/second -j LOG - inet/filter/logdrop-73 -j DROP - inet6/filter/logdrop-73 -j DROP - inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +Filter 340 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-333 + inet6/filter/FORWARD -j limit-333 + inet/filter/INPUT -j limit-333 + inet6/filter/INPUT -j limit-333 + inet/filter/OUTPUT -j limit-333 + inet6/filter/OUTPUT -j limit-333 + inet/filter/limit-333 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-126 + inet6/filter/limit-333 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-126 + inet/filter/logdrop-126 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-126 -m limit --limit 1/second -j LOG + inet/filter/logdrop-126 -j DROP + inet6/filter/logdrop-126 -j DROP + inet/filter/limit-333 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-333 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 341 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-334 + inet6/filter/FORWARD -j limit-334 + inet/filter/INPUT -j limit-334 + inet6/filter/INPUT -j limit-334 + inet/filter/OUTPUT -j limit-334 + inet6/filter/OUTPUT -j limit-334 + inet/filter/limit-334 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-127 + inet6/filter/limit-334 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-127 + inet/filter/logdrop-127 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-127 -m limit --limit 1/second -j LOG + inet/filter/logdrop-127 -j DROP + inet6/filter/logdrop-127 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 342 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-335 + inet6/filter/FORWARD -j limit-335 + inet/filter/INPUT -j limit-335 + inet6/filter/INPUT -j limit-335 + inet/filter/OUTPUT -j limit-335 + inet6/filter/OUTPUT -j limit-335 + inet/filter/limit-335 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-128 + inet6/filter/limit-335 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-128 + inet/filter/logdrop-128 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-128 -m limit --limit 1/second -j LOG + inet/filter/logdrop-128 -j DROP + inet6/filter/logdrop-128 -j DROP + +Filter 343 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-336 + inet6/filter/FORWARD -j limit-336 + inet/filter/INPUT -j limit-336 + inet6/filter/INPUT -j limit-336 + inet/filter/OUTPUT -j limit-336 + inet6/filter/OUTPUT -j limit-336 + inet/filter/limit-336 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-129 + inet6/filter/limit-336 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-129 + inet/filter/logdrop-129 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-129 -m limit --limit 1/second -j LOG + inet/filter/logdrop-129 -j DROP + inet6/filter/logdrop-129 -j DROP + inet/filter/FORWARD -j logaccept-final-20 + inet6/filter/FORWARD -j logaccept-final-20 + inet/filter/INPUT -j logaccept-final-20 + inet6/filter/INPUT -j logaccept-final-20 + inet/filter/OUTPUT -j logaccept-final-20 + inet6/filter/OUTPUT -j logaccept-final-20 + inet/filter/logaccept-final-20 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-20 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-20 -j ACCEPT + inet6/filter/logaccept-final-20 -j ACCEPT + +Filter 344 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-337 + inet6/filter/FORWARD -j limit-337 + inet/filter/INPUT -j limit-337 + inet6/filter/INPUT -j limit-337 + inet/filter/OUTPUT -j limit-337 + inet6/filter/OUTPUT -j limit-337 + inet/filter/limit-337 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-130 + inet6/filter/limit-337 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-130 + inet/filter/logdrop-130 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-130 -m limit --limit 1/second -j LOG + inet/filter/logdrop-130 -j DROP + inet6/filter/logdrop-130 -j DROP + inet/filter/limit-337 -m limit --limit 1/second -j LOG + inet6/filter/limit-337 -m limit --limit 1/second -j LOG + +Filter 345 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-338 + inet6/filter/FORWARD -j limit-338 + inet/filter/INPUT -j limit-338 + inet6/filter/INPUT -j limit-338 + inet/filter/OUTPUT -j limit-338 + inet6/filter/OUTPUT -j limit-338 + inet/filter/limit-338 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-131 + inet6/filter/limit-338 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-131 + inet/filter/logdrop-131 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-131 -m limit --limit 1/second -j LOG + inet/filter/logdrop-131 -j DROP + inet6/filter/logdrop-131 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 346 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-339 + inet6/filter/FORWARD -j limit-339 + inet/filter/INPUT -j limit-339 + inet6/filter/INPUT -j limit-339 + inet/filter/OUTPUT -j limit-339 + inet6/filter/OUTPUT -j limit-339 + inet/filter/limit-339 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-132 + inet6/filter/limit-339 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-132 + inet/filter/logdrop-132 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-132 -m limit --limit 1/second -j LOG + inet/filter/logdrop-132 -j DROP + inet6/filter/logdrop-132 -j DROP + +Filter 347 {"flow-limit":{"count":1,"interval":5,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-340 + inet6/filter/FORWARD -j limit-340 + inet/filter/INPUT -j limit-340 + inet6/filter/INPUT -j limit-340 + inet/filter/OUTPUT -j limit-340 + inet6/filter/OUTPUT -j limit-340 + inet/filter/limit-340 -m recent --name limit-340 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-340 -m recent --name limit-340 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-340 -m recent --name limit-340 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-340 -m recent --name limit-340 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 348 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-341 + inet6/filter/FORWARD -j limit-341 + inet/filter/INPUT -j limit-341 + inet6/filter/INPUT -j limit-341 + inet/filter/OUTPUT -j limit-341 + inet6/filter/OUTPUT -j limit-341 + inet/filter/limit-341 -m recent --name limit-341 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-341 -m recent --name limit-341 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-341 -m recent --name limit-341 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-341 -m recent --name limit-341 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 349 {"flow-limit":{"count":1,"interval":5,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-342 + inet6/filter/FORWARD -j limit-342 + inet/filter/INPUT -j limit-342 + inet6/filter/INPUT -j limit-342 + inet/filter/OUTPUT -j limit-342 + inet6/filter/OUTPUT -j limit-342 + inet/filter/limit-342 -m recent --name limit-342 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-342 -m recent --name limit-342 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-342 -m recent --name limit-342 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-342 -m recent --name limit-342 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-21 + inet6/filter/FORWARD -j logaccept-final-21 + inet/filter/INPUT -j logaccept-final-21 + inet6/filter/INPUT -j logaccept-final-21 + inet/filter/OUTPUT -j logaccept-final-21 + inet6/filter/OUTPUT -j logaccept-final-21 + inet/filter/logaccept-final-21 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-21 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-21 -j ACCEPT + inet6/filter/logaccept-final-21 -j ACCEPT + +Filter 350 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-343 + inet6/filter/FORWARD -j limit-343 + inet/filter/INPUT -j limit-343 + inet6/filter/INPUT -j limit-343 + inet/filter/OUTPUT -j limit-343 + inet6/filter/OUTPUT -j limit-343 + inet/filter/limit-343 -m recent --name limit-343 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-343 -m recent --name limit-343 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-343 -m recent --name limit-343 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-343 -m recent --name limit-343 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 351 {"flow-limit":{"count":1,"interval":5,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-344 + inet6/filter/FORWARD -j limit-344 + inet/filter/INPUT -j limit-344 + inet6/filter/INPUT -j limit-344 + inet/filter/OUTPUT -j limit-344 + inet6/filter/OUTPUT -j limit-344 + inet/filter/limit-344 -m recent --name limit-344 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-344 -m recent --name limit-344 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-344 -m recent --name limit-344 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-344 -m recent --name limit-344 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 352 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-345 + inet6/filter/FORWARD -j limit-345 + inet/filter/INPUT -j limit-345 + inet6/filter/INPUT -j limit-345 + inet/filter/OUTPUT -j limit-345 + inet6/filter/OUTPUT -j limit-345 + inet/filter/limit-345 -m recent --name limit-345 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-345 -m recent --name limit-345 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-345 -m recent --name limit-345 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-345 -m recent --name limit-345 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 353 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-346 + inet6/filter/FORWARD -j limit-346 + inet/filter/INPUT -j limit-346 + inet6/filter/INPUT -j limit-346 + inet/filter/OUTPUT -j limit-346 + inet6/filter/OUTPUT -j limit-346 + inet/filter/limit-346 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-346 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-346 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-346 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 354 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-347 + inet6/filter/FORWARD -j limit-347 + inet/filter/INPUT -j limit-347 + inet6/filter/INPUT -j limit-347 + inet/filter/OUTPUT -j limit-347 + inet6/filter/OUTPUT -j limit-347 + inet/filter/limit-347 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-347 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-347 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-347 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 355 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-348 + inet6/filter/FORWARD -j limit-348 + inet/filter/INPUT -j limit-348 + inet6/filter/INPUT -j limit-348 + inet/filter/OUTPUT -j limit-348 + inet6/filter/OUTPUT -j limit-348 + inet/filter/limit-348 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-348 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-348 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-348 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-22 + inet6/filter/FORWARD -j logaccept-final-22 + inet/filter/INPUT -j logaccept-final-22 + inet6/filter/INPUT -j logaccept-final-22 + inet/filter/OUTPUT -j logaccept-final-22 + inet6/filter/OUTPUT -j logaccept-final-22 + inet/filter/logaccept-final-22 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-22 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-22 -j ACCEPT + inet6/filter/logaccept-final-22 -j ACCEPT + +Filter 356 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-349 + inet6/filter/FORWARD -j limit-349 + inet/filter/INPUT -j limit-349 + inet6/filter/INPUT -j limit-349 + inet/filter/OUTPUT -j limit-349 + inet6/filter/OUTPUT -j limit-349 + inet/filter/limit-349 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-349 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-349 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-349 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 357 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-350 + inet6/filter/FORWARD -j limit-350 + inet/filter/INPUT -j limit-350 + inet6/filter/INPUT -j limit-350 + inet/filter/OUTPUT -j limit-350 + inet6/filter/OUTPUT -j limit-350 + inet/filter/limit-350 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-350 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-350 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-350 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 358 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-351 + inet6/filter/FORWARD -j limit-351 + inet/filter/INPUT -j limit-351 + inet6/filter/INPUT -j limit-351 + inet/filter/OUTPUT -j limit-351 + inet6/filter/OUTPUT -j limit-351 + inet/filter/limit-351 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-351 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-351 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-351 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 359 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-352 + inet6/filter/FORWARD -j limit-352 + inet/filter/INPUT -j limit-352 + inet6/filter/INPUT -j limit-352 + inet/filter/OUTPUT -j limit-352 + inet6/filter/OUTPUT -j limit-352 + inet/filter/limit-352 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-352 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 360 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-353 + inet6/filter/FORWARD -j limit-353 + inet/filter/INPUT -j limit-353 + inet6/filter/INPUT -j limit-353 + inet/filter/OUTPUT -j limit-353 + inet6/filter/OUTPUT -j limit-353 + inet/filter/limit-353 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-353 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 361 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-354 + inet6/filter/FORWARD -j limit-354 + inet/filter/INPUT -j limit-354 + inet6/filter/INPUT -j limit-354 + inet/filter/OUTPUT -j limit-354 + inet6/filter/OUTPUT -j limit-354 + inet/filter/limit-354 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-354 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j logaccept-final-23 + inet6/filter/FORWARD -j logaccept-final-23 + inet/filter/INPUT -j logaccept-final-23 + inet6/filter/INPUT -j logaccept-final-23 + inet/filter/OUTPUT -j logaccept-final-23 + inet6/filter/OUTPUT -j logaccept-final-23 + inet/filter/logaccept-final-23 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-23 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-23 -j ACCEPT + inet6/filter/logaccept-final-23 -j ACCEPT + +Filter 362 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-355 + inet6/filter/FORWARD -j limit-355 + inet/filter/INPUT -j limit-355 + inet6/filter/INPUT -j limit-355 + inet/filter/OUTPUT -j limit-355 + inet6/filter/OUTPUT -j limit-355 + inet/filter/limit-355 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-355 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-355 -m limit --limit 1/second -j LOG + inet6/filter/limit-355 -m limit --limit 1/second -j LOG + +Filter 363 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-356 + inet6/filter/FORWARD -j limit-356 + inet/filter/INPUT -j limit-356 + inet6/filter/INPUT -j limit-356 + inet/filter/OUTPUT -j limit-356 + inet6/filter/OUTPUT -j limit-356 + inet/filter/limit-356 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-356 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 364 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-357 + inet6/filter/FORWARD -j limit-357 + inet/filter/INPUT -j limit-357 + inet6/filter/INPUT -j limit-357 + inet/filter/OUTPUT -j limit-357 + inet6/filter/OUTPUT -j limit-357 + inet/filter/limit-357 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-357 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 365 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-358 + inet6/filter/FORWARD -j limit-358 + inet/filter/INPUT -j limit-358 + inet6/filter/INPUT -j limit-358 + inet/filter/OUTPUT -j limit-358 + inet6/filter/OUTPUT -j limit-358 + inet/filter/limit-358 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-358 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-358 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-358 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 366 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-359 + inet6/filter/FORWARD -j limit-359 + inet/filter/INPUT -j limit-359 + inet6/filter/INPUT -j limit-359 + inet/filter/OUTPUT -j limit-359 + inet6/filter/OUTPUT -j limit-359 + inet/filter/limit-359 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-359 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-359 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-359 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 367 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-360 + inet6/filter/FORWARD -j limit-360 + inet/filter/INPUT -j limit-360 + inet6/filter/INPUT -j limit-360 + inet/filter/OUTPUT -j limit-360 + inet6/filter/OUTPUT -j limit-360 + inet/filter/limit-360 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-360 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-360 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-360 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-24 + inet6/filter/FORWARD -j logaccept-final-24 + inet/filter/INPUT -j logaccept-final-24 + inet6/filter/INPUT -j logaccept-final-24 + inet/filter/OUTPUT -j logaccept-final-24 + inet6/filter/OUTPUT -j logaccept-final-24 + inet/filter/logaccept-final-24 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-24 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-24 -j ACCEPT + inet6/filter/logaccept-final-24 -j ACCEPT + +Filter 368 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-361 + inet6/filter/FORWARD -j limit-361 + inet/filter/INPUT -j limit-361 + inet6/filter/INPUT -j limit-361 + inet/filter/OUTPUT -j limit-361 + inet6/filter/OUTPUT -j limit-361 + inet/filter/limit-361 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-361 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-361 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-361 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 369 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-362 + inet6/filter/FORWARD -j limit-362 + inet/filter/INPUT -j limit-362 + inet6/filter/INPUT -j limit-362 + inet/filter/OUTPUT -j limit-362 + inet6/filter/OUTPUT -j limit-362 + inet/filter/limit-362 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-362 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-362 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-362 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 370 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-363 + inet6/filter/FORWARD -j limit-363 + inet/filter/INPUT -j limit-363 + inet6/filter/INPUT -j limit-363 + inet/filter/OUTPUT -j limit-363 + inet6/filter/OUTPUT -j limit-363 + inet/filter/limit-363 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-363 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-363 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-363 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 371 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-364 + inet6/filter/FORWARD -j limit-364 + inet/filter/INPUT -j limit-364 + inet6/filter/INPUT -j limit-364 + inet/filter/OUTPUT -j limit-364 + inet6/filter/OUTPUT -j limit-364 + inet/filter/limit-364 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-364 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 372 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-365 + inet6/filter/FORWARD -j limit-365 + inet/filter/INPUT -j limit-365 + inet6/filter/INPUT -j limit-365 + inet/filter/OUTPUT -j limit-365 + inet6/filter/OUTPUT -j limit-365 + inet/filter/limit-365 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-365 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 373 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-366 + inet6/filter/FORWARD -j limit-366 + inet/filter/INPUT -j limit-366 + inet6/filter/INPUT -j limit-366 + inet/filter/OUTPUT -j limit-366 + inet6/filter/OUTPUT -j limit-366 + inet/filter/limit-366 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-366 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j logaccept-final-25 + inet6/filter/FORWARD -j logaccept-final-25 + inet/filter/INPUT -j logaccept-final-25 + inet6/filter/INPUT -j logaccept-final-25 + inet/filter/OUTPUT -j logaccept-final-25 + inet6/filter/OUTPUT -j logaccept-final-25 + inet/filter/logaccept-final-25 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-25 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-25 -j ACCEPT + inet6/filter/logaccept-final-25 -j ACCEPT + +Filter 374 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-367 + inet6/filter/FORWARD -j limit-367 + inet/filter/INPUT -j limit-367 + inet6/filter/INPUT -j limit-367 + inet/filter/OUTPUT -j limit-367 + inet6/filter/OUTPUT -j limit-367 + inet/filter/limit-367 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-367 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-367 -m limit --limit 1/second -j LOG + inet6/filter/limit-367 -m limit --limit 1/second -j LOG + +Filter 375 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-368 + inet6/filter/FORWARD -j limit-368 + inet/filter/INPUT -j limit-368 + inet6/filter/INPUT -j limit-368 + inet/filter/OUTPUT -j limit-368 + inet6/filter/OUTPUT -j limit-368 + inet/filter/limit-368 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-368 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 376 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-369 + inet6/filter/FORWARD -j limit-369 + inet/filter/INPUT -j limit-369 + inet6/filter/INPUT -j limit-369 + inet/filter/OUTPUT -j limit-369 + inet6/filter/OUTPUT -j limit-369 + inet/filter/limit-369 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-369 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 377 {"flow-limit":{"count":1,"interval":5,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-370 + inet6/filter/FORWARD -j limit-370 + inet/filter/INPUT -j limit-370 + inet6/filter/INPUT -j limit-370 + inet/filter/OUTPUT -j limit-370 + inet6/filter/OUTPUT -j limit-370 + inet/filter/limit-370 -m recent --name limit-370 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-370 -m recent --name limit-370 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-370 -m recent --name limit-370 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-370 -m recent --name limit-370 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 378 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-371 + inet6/filter/FORWARD -j limit-371 + inet/filter/INPUT -j limit-371 + inet6/filter/INPUT -j limit-371 + inet/filter/OUTPUT -j limit-371 + inet6/filter/OUTPUT -j limit-371 + inet/filter/limit-371 -m recent --name limit-371 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-371 -m recent --name limit-371 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-371 -m recent --name limit-371 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-371 -m recent --name limit-371 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 379 {"flow-limit":{"count":1,"interval":5,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-372 + inet6/filter/FORWARD -j limit-372 + inet/filter/INPUT -j limit-372 + inet6/filter/INPUT -j limit-372 + inet/filter/OUTPUT -j limit-372 + inet6/filter/OUTPUT -j limit-372 + inet/filter/limit-372 -m recent --name limit-372 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-372 -m recent --name limit-372 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-372 -m recent --name limit-372 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-372 -m recent --name limit-372 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-26 + inet6/filter/FORWARD -j logaccept-final-26 + inet/filter/INPUT -j logaccept-final-26 + inet6/filter/INPUT -j logaccept-final-26 + inet/filter/OUTPUT -j logaccept-final-26 + inet6/filter/OUTPUT -j logaccept-final-26 + inet/filter/logaccept-final-26 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-26 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-26 -j ACCEPT + inet6/filter/logaccept-final-26 -j ACCEPT + +Filter 380 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-373 + inet6/filter/FORWARD -j limit-373 + inet/filter/INPUT -j limit-373 + inet6/filter/INPUT -j limit-373 + inet/filter/OUTPUT -j limit-373 + inet6/filter/OUTPUT -j limit-373 + inet/filter/limit-373 -m recent --name limit-373 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-373 -m recent --name limit-373 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-373 -m recent --name limit-373 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-373 -m recent --name limit-373 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 381 {"flow-limit":{"count":1,"interval":5,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-374 + inet6/filter/FORWARD -j limit-374 + inet/filter/INPUT -j limit-374 + inet6/filter/INPUT -j limit-374 + inet/filter/OUTPUT -j limit-374 + inet6/filter/OUTPUT -j limit-374 + inet/filter/limit-374 -m recent --name limit-374 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-374 -m recent --name limit-374 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-374 -m recent --name limit-374 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-374 -m recent --name limit-374 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 382 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-375 + inet6/filter/FORWARD -j limit-375 + inet/filter/INPUT -j limit-375 + inet6/filter/INPUT -j limit-375 + inet/filter/OUTPUT -j limit-375 + inet6/filter/OUTPUT -j limit-375 + inet/filter/limit-375 -m recent --name limit-375 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-375 -m recent --name limit-375 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-375 -m recent --name limit-375 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-375 -m recent --name limit-375 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 383 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-376 + inet6/filter/FORWARD -j limit-376 + inet/filter/INPUT -j limit-376 + inet6/filter/INPUT -j limit-376 + inet/filter/OUTPUT -j limit-376 + inet6/filter/OUTPUT -j limit-376 + inet/filter/limit-376 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-376 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-376 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-376 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 384 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-377 + inet6/filter/FORWARD -j limit-377 + inet/filter/INPUT -j limit-377 + inet6/filter/INPUT -j limit-377 + inet/filter/OUTPUT -j limit-377 + inet6/filter/OUTPUT -j limit-377 + inet/filter/limit-377 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-377 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-377 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-377 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 385 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-378 + inet6/filter/FORWARD -j limit-378 + inet/filter/INPUT -j limit-378 + inet6/filter/INPUT -j limit-378 + inet/filter/OUTPUT -j limit-378 + inet6/filter/OUTPUT -j limit-378 + inet/filter/limit-378 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-378 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-378 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-378 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-27 + inet6/filter/FORWARD -j logaccept-final-27 + inet/filter/INPUT -j logaccept-final-27 + inet6/filter/INPUT -j logaccept-final-27 + inet/filter/OUTPUT -j logaccept-final-27 + inet6/filter/OUTPUT -j logaccept-final-27 + inet/filter/logaccept-final-27 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-27 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-27 -j ACCEPT + inet6/filter/logaccept-final-27 -j ACCEPT + +Filter 386 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-379 + inet6/filter/FORWARD -j limit-379 + inet/filter/INPUT -j limit-379 + inet6/filter/INPUT -j limit-379 + inet/filter/OUTPUT -j limit-379 + inet6/filter/OUTPUT -j limit-379 + inet/filter/limit-379 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-379 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-379 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-379 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 387 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-380 + inet6/filter/FORWARD -j limit-380 + inet/filter/INPUT -j limit-380 + inet6/filter/INPUT -j limit-380 + inet/filter/OUTPUT -j limit-380 + inet6/filter/OUTPUT -j limit-380 + inet/filter/limit-380 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-380 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-380 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-380 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 388 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-381 + inet6/filter/FORWARD -j limit-381 + inet/filter/INPUT -j limit-381 + inet6/filter/INPUT -j limit-381 + inet/filter/OUTPUT -j limit-381 + inet6/filter/OUTPUT -j limit-381 + inet/filter/limit-381 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-381 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-381 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-381 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 389 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-382 + inet6/filter/FORWARD -j limit-382 + inet/filter/INPUT -j limit-382 + inet6/filter/INPUT -j limit-382 + inet/filter/OUTPUT -j limit-382 + inet6/filter/OUTPUT -j limit-382 + inet/filter/limit-382 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-382 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 390 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-383 + inet6/filter/FORWARD -j limit-383 + inet/filter/INPUT -j limit-383 + inet6/filter/INPUT -j limit-383 + inet/filter/OUTPUT -j limit-383 + inet6/filter/OUTPUT -j limit-383 + inet/filter/limit-383 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-383 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 391 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-384 + inet6/filter/FORWARD -j limit-384 + inet/filter/INPUT -j limit-384 + inet6/filter/INPUT -j limit-384 + inet/filter/OUTPUT -j limit-384 + inet6/filter/OUTPUT -j limit-384 + inet/filter/limit-384 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-384 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j logaccept-final-28 + inet6/filter/FORWARD -j logaccept-final-28 + inet/filter/INPUT -j logaccept-final-28 + inet6/filter/INPUT -j logaccept-final-28 + inet/filter/OUTPUT -j logaccept-final-28 + inet6/filter/OUTPUT -j logaccept-final-28 + inet/filter/logaccept-final-28 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-28 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-28 -j ACCEPT + inet6/filter/logaccept-final-28 -j ACCEPT + +Filter 392 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-385 + inet6/filter/FORWARD -j limit-385 + inet/filter/INPUT -j limit-385 + inet6/filter/INPUT -j limit-385 + inet/filter/OUTPUT -j limit-385 + inet6/filter/OUTPUT -j limit-385 + inet/filter/limit-385 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-385 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-385 -m limit --limit 1/second -j LOG + inet6/filter/limit-385 -m limit --limit 1/second -j LOG + +Filter 393 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-386 + inet6/filter/FORWARD -j limit-386 + inet/filter/INPUT -j limit-386 + inet6/filter/INPUT -j limit-386 + inet/filter/OUTPUT -j limit-386 + inet6/filter/OUTPUT -j limit-386 + inet/filter/limit-386 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-386 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 394 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-387 + inet6/filter/FORWARD -j limit-387 + inet/filter/INPUT -j limit-387 + inet6/filter/INPUT -j limit-387 + inet/filter/OUTPUT -j limit-387 + inet6/filter/OUTPUT -j limit-387 + inet/filter/limit-387 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-387 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 395 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-388 + inet6/filter/FORWARD -j limit-388 + inet/filter/INPUT -j limit-388 + inet6/filter/INPUT -j limit-388 + inet/filter/OUTPUT -j limit-388 + inet6/filter/OUTPUT -j limit-388 + inet/filter/limit-388 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-388 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-388 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-388 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 396 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-389 + inet6/filter/FORWARD -j limit-389 + inet/filter/INPUT -j limit-389 + inet6/filter/INPUT -j limit-389 + inet/filter/OUTPUT -j limit-389 + inet6/filter/OUTPUT -j limit-389 + inet/filter/limit-389 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-389 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-389 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-389 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 397 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-390 + inet6/filter/FORWARD -j limit-390 + inet/filter/INPUT -j limit-390 + inet6/filter/INPUT -j limit-390 + inet/filter/OUTPUT -j limit-390 + inet6/filter/OUTPUT -j limit-390 + inet/filter/limit-390 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-390 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-390 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-390 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-29 + inet6/filter/FORWARD -j logaccept-final-29 + inet/filter/INPUT -j logaccept-final-29 + inet6/filter/INPUT -j logaccept-final-29 + inet/filter/OUTPUT -j logaccept-final-29 + inet6/filter/OUTPUT -j logaccept-final-29 + inet/filter/logaccept-final-29 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-29 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-29 -j ACCEPT + inet6/filter/logaccept-final-29 -j ACCEPT + +Filter 398 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-391 + inet6/filter/FORWARD -j limit-391 + inet/filter/INPUT -j limit-391 + inet6/filter/INPUT -j limit-391 + inet/filter/OUTPUT -j limit-391 + inet6/filter/OUTPUT -j limit-391 + inet/filter/limit-391 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-391 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-391 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-391 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 399 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-392 + inet6/filter/FORWARD -j limit-392 + inet/filter/INPUT -j limit-392 + inet6/filter/INPUT -j limit-392 + inet/filter/OUTPUT -j limit-392 + inet6/filter/OUTPUT -j limit-392 + inet/filter/limit-392 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-392 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-392 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-392 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 400 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-393 + inet6/filter/FORWARD -j limit-393 + inet/filter/INPUT -j limit-393 + inet6/filter/INPUT -j limit-393 + inet/filter/OUTPUT -j limit-393 + inet6/filter/OUTPUT -j limit-393 + inet/filter/limit-393 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-393 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-393 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-393 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 401 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-394 + inet6/filter/FORWARD -j limit-394 + inet/filter/INPUT -j limit-394 + inet6/filter/INPUT -j limit-394 + inet/filter/OUTPUT -j limit-394 + inet6/filter/OUTPUT -j limit-394 + inet/filter/limit-394 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-394 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 402 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-395 + inet6/filter/FORWARD -j limit-395 + inet/filter/INPUT -j limit-395 + inet6/filter/INPUT -j limit-395 + inet/filter/OUTPUT -j limit-395 + inet6/filter/OUTPUT -j limit-395 + inet/filter/limit-395 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-395 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 403 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-396 + inet6/filter/FORWARD -j limit-396 + inet/filter/INPUT -j limit-396 + inet6/filter/INPUT -j limit-396 + inet/filter/OUTPUT -j limit-396 + inet6/filter/OUTPUT -j limit-396 + inet/filter/limit-396 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-396 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j logaccept-final-30 + inet6/filter/FORWARD -j logaccept-final-30 + inet/filter/INPUT -j logaccept-final-30 + inet6/filter/INPUT -j logaccept-final-30 + inet/filter/OUTPUT -j logaccept-final-30 + inet6/filter/OUTPUT -j logaccept-final-30 + inet/filter/logaccept-final-30 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-30 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-30 -j ACCEPT + inet6/filter/logaccept-final-30 -j ACCEPT + +Filter 404 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-397 + inet6/filter/FORWARD -j limit-397 + inet/filter/INPUT -j limit-397 + inet6/filter/INPUT -j limit-397 + inet/filter/OUTPUT -j limit-397 + inet6/filter/OUTPUT -j limit-397 + inet/filter/limit-397 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-397 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-397 -m limit --limit 1/second -j LOG + inet6/filter/limit-397 -m limit --limit 1/second -j LOG + +Filter 405 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-398 + inet6/filter/FORWARD -j limit-398 + inet/filter/INPUT -j limit-398 + inet6/filter/INPUT -j limit-398 + inet/filter/OUTPUT -j limit-398 + inet6/filter/OUTPUT -j limit-398 + inet/filter/limit-398 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-398 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 406 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-399 + inet6/filter/FORWARD -j limit-399 + inet/filter/INPUT -j limit-399 + inet6/filter/INPUT -j limit-399 + inet/filter/OUTPUT -j limit-399 + inet6/filter/OUTPUT -j limit-399 + inet/filter/limit-399 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-399 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + +Filter 407 {"flow-limit":150} +(filter-limit) + inet/filter/FORWARD -j limit-400 + inet6/filter/FORWARD -j limit-400 + inet/filter/INPUT -j limit-400 + inet6/filter/INPUT -j limit-400 + inet/filter/OUTPUT -j limit-400 + inet6/filter/OUTPUT -j limit-400 + inet/filter/limit-400 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-400 -j RETURN + inet6/filter/limit-400 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-400 -j RETURN + inet/filter/limit-400 -m limit --limit 1/second -j LOG + inet6/filter/limit-400 -m limit --limit 1/second -j LOG + inet/filter/limit-400 -j DROP + inet6/filter/limit-400 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 408 {"action":"pass","flow-limit":150} +(filter-limit) + inet/filter/FORWARD -j limit-401 + inet6/filter/FORWARD -j limit-401 + inet/filter/INPUT -j limit-401 + inet6/filter/INPUT -j limit-401 + inet/filter/OUTPUT -j limit-401 + inet6/filter/OUTPUT -j limit-401 + inet/filter/limit-401 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-401 -j RETURN + inet6/filter/limit-401 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-401 -j RETURN + inet/filter/limit-401 -m limit --limit 1/second -j LOG + inet6/filter/limit-401 -m limit --limit 1/second -j LOG + inet/filter/limit-401 -j DROP + inet6/filter/limit-401 -j DROP + +Filter 409 {"flow-limit":150,"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-402 + inet6/filter/FORWARD -j limit-402 + inet/filter/INPUT -j limit-402 + inet6/filter/INPUT -j limit-402 + inet/filter/OUTPUT -j limit-402 + inet6/filter/OUTPUT -j limit-402 + inet/filter/limit-402 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-402 -j RETURN + inet6/filter/limit-402 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-402 -j RETURN + inet/filter/limit-402 -m limit --limit 1/second -j LOG + inet6/filter/limit-402 -m limit --limit 1/second -j LOG + inet/filter/limit-402 -j DROP + inet6/filter/limit-402 -j DROP + inet/filter/FORWARD -j logaccept-final-31 + inet6/filter/FORWARD -j logaccept-final-31 + inet/filter/INPUT -j logaccept-final-31 + inet6/filter/INPUT -j logaccept-final-31 + inet/filter/OUTPUT -j logaccept-final-31 + inet6/filter/OUTPUT -j logaccept-final-31 + inet/filter/logaccept-final-31 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-31 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-31 -j ACCEPT + inet6/filter/logaccept-final-31 -j ACCEPT + +Filter 410 {"flow-limit":150,"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-403 + inet6/filter/FORWARD -j limit-403 + inet/filter/INPUT -j limit-403 + inet6/filter/INPUT -j limit-403 + inet/filter/OUTPUT -j limit-403 + inet6/filter/OUTPUT -j limit-403 + inet/filter/limit-403 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-403 -j RETURN + inet6/filter/limit-403 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-403 -j RETURN + inet/filter/limit-403 -m limit --limit 1/second -j LOG + inet6/filter/limit-403 -m limit --limit 1/second -j LOG + inet/filter/limit-403 -j DROP + inet6/filter/limit-403 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 411 {"flow-limit":{"count":150}} +(filter-limit) + inet/filter/FORWARD -j limit-404 + inet6/filter/FORWARD -j limit-404 + inet/filter/INPUT -j limit-404 + inet6/filter/INPUT -j limit-404 + inet/filter/OUTPUT -j limit-404 + inet6/filter/OUTPUT -j limit-404 + inet/filter/limit-404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-404 -j RETURN + inet6/filter/limit-404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-404 -j RETURN + inet/filter/limit-404 -m limit --limit 1/second -j LOG + inet6/filter/limit-404 -m limit --limit 1/second -j LOG + inet/filter/limit-404 -j DROP + inet6/filter/limit-404 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 412 {"action":"pass","flow-limit":{"count":150}} +(filter-limit) + inet/filter/FORWARD -j limit-405 + inet6/filter/FORWARD -j limit-405 + inet/filter/INPUT -j limit-405 + inet6/filter/INPUT -j limit-405 + inet/filter/OUTPUT -j limit-405 + inet6/filter/OUTPUT -j limit-405 + inet/filter/limit-405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-405 -j RETURN + inet6/filter/limit-405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-405 -j RETURN + inet/filter/limit-405 -m limit --limit 1/second -j LOG + inet6/filter/limit-405 -m limit --limit 1/second -j LOG + inet/filter/limit-405 -j DROP + inet6/filter/limit-405 -j DROP + +Filter 413 {"flow-limit":{"count":150},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-406 + inet6/filter/FORWARD -j limit-406 + inet/filter/INPUT -j limit-406 + inet6/filter/INPUT -j limit-406 + inet/filter/OUTPUT -j limit-406 + inet6/filter/OUTPUT -j limit-406 + inet/filter/limit-406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-406 -j RETURN + inet6/filter/limit-406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-406 -j RETURN + inet/filter/limit-406 -m limit --limit 1/second -j LOG + inet6/filter/limit-406 -m limit --limit 1/second -j LOG + inet/filter/limit-406 -j DROP + inet6/filter/limit-406 -j DROP + inet/filter/FORWARD -j logaccept-final-32 + inet6/filter/FORWARD -j logaccept-final-32 + inet/filter/INPUT -j logaccept-final-32 + inet6/filter/INPUT -j logaccept-final-32 + inet/filter/OUTPUT -j logaccept-final-32 + inet6/filter/OUTPUT -j logaccept-final-32 + inet/filter/logaccept-final-32 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-32 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-32 -j ACCEPT + inet6/filter/logaccept-final-32 -j ACCEPT + +Filter 414 {"flow-limit":{"count":150},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-407 + inet6/filter/FORWARD -j limit-407 + inet/filter/INPUT -j limit-407 + inet6/filter/INPUT -j limit-407 + inet/filter/OUTPUT -j limit-407 + inet6/filter/OUTPUT -j limit-407 + inet/filter/limit-407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-407 -j RETURN + inet6/filter/limit-407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-407 -j RETURN + inet/filter/limit-407 -m limit --limit 1/second -j LOG + inet6/filter/limit-407 -m limit --limit 1/second -j LOG + inet/filter/limit-407 -j DROP + inet6/filter/limit-407 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 415 {"flow-limit":{"count":150,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-408 + inet6/filter/FORWARD -j limit-408 + inet/filter/INPUT -j limit-408 + inet6/filter/INPUT -j limit-408 + inet/filter/OUTPUT -j limit-408 + inet6/filter/OUTPUT -j limit-408 + inet/filter/limit-408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-408 -j RETURN + inet6/filter/limit-408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-408 -j RETURN + inet/filter/limit-408 -j DROP + inet6/filter/limit-408 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 416 {"action":"pass","flow-limit":{"count":150,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-409 + inet6/filter/FORWARD -j limit-409 + inet/filter/INPUT -j limit-409 + inet6/filter/INPUT -j limit-409 + inet/filter/OUTPUT -j limit-409 + inet6/filter/OUTPUT -j limit-409 + inet/filter/limit-409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-409 -j RETURN + inet6/filter/limit-409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-409 -j RETURN + inet/filter/limit-409 -j DROP + inet6/filter/limit-409 -j DROP + +Filter 417 {"flow-limit":{"count":150,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-410 + inet6/filter/FORWARD -j limit-410 + inet/filter/INPUT -j limit-410 + inet6/filter/INPUT -j limit-410 + inet/filter/OUTPUT -j limit-410 + inet6/filter/OUTPUT -j limit-410 + inet/filter/limit-410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-410 -j RETURN + inet6/filter/limit-410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-410 -j RETURN + inet/filter/limit-410 -j DROP + inet6/filter/limit-410 -j DROP + inet/filter/FORWARD -j logaccept-final-33 + inet6/filter/FORWARD -j logaccept-final-33 + inet/filter/INPUT -j logaccept-final-33 + inet6/filter/INPUT -j logaccept-final-33 + inet/filter/OUTPUT -j logaccept-final-33 + inet6/filter/OUTPUT -j logaccept-final-33 + inet/filter/logaccept-final-33 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-33 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-33 -j ACCEPT + inet6/filter/logaccept-final-33 -j ACCEPT + +Filter 418 {"flow-limit":{"count":150,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-411 + inet6/filter/FORWARD -j limit-411 + inet/filter/INPUT -j limit-411 + inet6/filter/INPUT -j limit-411 + inet/filter/OUTPUT -j limit-411 + inet6/filter/OUTPUT -j limit-411 + inet/filter/limit-411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-411 -j RETURN + inet6/filter/limit-411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-411 -j RETURN + inet/filter/limit-411 -j DROP + inet6/filter/limit-411 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 419 {"flow-limit":{"count":150,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-412 + inet6/filter/FORWARD -j limit-412 + inet/filter/INPUT -j limit-412 + inet6/filter/INPUT -j limit-412 + inet/filter/OUTPUT -j limit-412 + inet6/filter/OUTPUT -j limit-412 + inet/filter/limit-412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-412 -j RETURN + inet6/filter/limit-412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-412 -j RETURN + inet/filter/limit-412 -j DROP + inet6/filter/limit-412 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 420 {"action":"pass","flow-limit":{"count":150,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-413 + inet6/filter/FORWARD -j limit-413 + inet/filter/INPUT -j limit-413 + inet6/filter/INPUT -j limit-413 + inet/filter/OUTPUT -j limit-413 + inet6/filter/OUTPUT -j limit-413 + inet/filter/limit-413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-413 -j RETURN + inet6/filter/limit-413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-413 -j RETURN + inet/filter/limit-413 -j DROP + inet6/filter/limit-413 -j DROP + +Filter 421 {"flow-limit":{"count":150,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-414 + inet6/filter/FORWARD -j limit-414 + inet/filter/INPUT -j limit-414 + inet6/filter/INPUT -j limit-414 + inet/filter/OUTPUT -j limit-414 + inet6/filter/OUTPUT -j limit-414 + inet/filter/limit-414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-414 -j RETURN + inet6/filter/limit-414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-414 -j RETURN + inet/filter/limit-414 -j DROP + inet6/filter/limit-414 -j DROP + inet/filter/FORWARD -j logaccept-final-34 + inet6/filter/FORWARD -j logaccept-final-34 + inet/filter/INPUT -j logaccept-final-34 + inet6/filter/INPUT -j logaccept-final-34 + inet/filter/OUTPUT -j logaccept-final-34 + inet6/filter/OUTPUT -j logaccept-final-34 + inet/filter/logaccept-final-34 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-34 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-34 -j ACCEPT + inet6/filter/logaccept-final-34 -j ACCEPT + +Filter 422 {"flow-limit":{"count":150,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-415 + inet6/filter/FORWARD -j limit-415 + inet/filter/INPUT -j limit-415 + inet6/filter/INPUT -j limit-415 + inet/filter/OUTPUT -j limit-415 + inet6/filter/OUTPUT -j limit-415 + inet/filter/limit-415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-415 -j RETURN + inet6/filter/limit-415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-415 -j RETURN + inet/filter/limit-415 -j DROP + inet6/filter/limit-415 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 423 {"flow-limit":{"count":150,"interval":5}} +(filter-limit) + inet/filter/FORWARD -j limit-416 + inet6/filter/FORWARD -j limit-416 + inet/filter/INPUT -j limit-416 + inet6/filter/INPUT -j limit-416 + inet/filter/OUTPUT -j limit-416 + inet6/filter/OUTPUT -j limit-416 + inet/filter/limit-416 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-416 -j RETURN + inet6/filter/limit-416 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-416 -j RETURN + inet/filter/limit-416 -m limit --limit 1/second -j LOG + inet6/filter/limit-416 -m limit --limit 1/second -j LOG + inet/filter/limit-416 -j DROP + inet6/filter/limit-416 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 424 {"action":"pass","flow-limit":{"count":150,"interval":5}} +(filter-limit) + inet/filter/FORWARD -j limit-417 + inet6/filter/FORWARD -j limit-417 + inet/filter/INPUT -j limit-417 + inet6/filter/INPUT -j limit-417 + inet/filter/OUTPUT -j limit-417 + inet6/filter/OUTPUT -j limit-417 + inet/filter/limit-417 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-417 -j RETURN + inet6/filter/limit-417 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-417 -j RETURN + inet/filter/limit-417 -m limit --limit 1/second -j LOG + inet6/filter/limit-417 -m limit --limit 1/second -j LOG + inet/filter/limit-417 -j DROP + inet6/filter/limit-417 -j DROP + +Filter 425 {"flow-limit":{"count":150,"interval":5},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-418 + inet6/filter/FORWARD -j limit-418 + inet/filter/INPUT -j limit-418 + inet6/filter/INPUT -j limit-418 + inet/filter/OUTPUT -j limit-418 + inet6/filter/OUTPUT -j limit-418 + inet/filter/limit-418 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-418 -j RETURN + inet6/filter/limit-418 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-418 -j RETURN + inet/filter/limit-418 -m limit --limit 1/second -j LOG + inet6/filter/limit-418 -m limit --limit 1/second -j LOG + inet/filter/limit-418 -j DROP + inet6/filter/limit-418 -j DROP + inet/filter/FORWARD -j logaccept-final-35 + inet6/filter/FORWARD -j logaccept-final-35 + inet/filter/INPUT -j logaccept-final-35 + inet6/filter/INPUT -j logaccept-final-35 + inet/filter/OUTPUT -j logaccept-final-35 + inet6/filter/OUTPUT -j logaccept-final-35 + inet/filter/logaccept-final-35 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-35 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-35 -j ACCEPT + inet6/filter/logaccept-final-35 -j ACCEPT + +Filter 426 {"flow-limit":{"count":150,"interval":5},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-419 + inet6/filter/FORWARD -j limit-419 + inet/filter/INPUT -j limit-419 + inet6/filter/INPUT -j limit-419 + inet/filter/OUTPUT -j limit-419 + inet6/filter/OUTPUT -j limit-419 + inet/filter/limit-419 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-419 -j RETURN + inet6/filter/limit-419 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-419 -j RETURN + inet/filter/limit-419 -m limit --limit 1/second -j LOG + inet6/filter/limit-419 -m limit --limit 1/second -j LOG + inet/filter/limit-419 -j DROP + inet6/filter/limit-419 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 427 {"flow-limit":{"count":150,"interval":5,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-420 + inet6/filter/FORWARD -j limit-420 + inet/filter/INPUT -j limit-420 + inet6/filter/INPUT -j limit-420 + inet/filter/OUTPUT -j limit-420 + inet6/filter/OUTPUT -j limit-420 + inet/filter/limit-420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-420 -j RETURN + inet6/filter/limit-420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-420 -j RETURN + inet/filter/limit-420 -j DROP + inet6/filter/limit-420 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 428 {"action":"pass","flow-limit":{"count":150,"interval":5,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-421 + inet6/filter/FORWARD -j limit-421 + inet/filter/INPUT -j limit-421 + inet6/filter/INPUT -j limit-421 + inet/filter/OUTPUT -j limit-421 + inet6/filter/OUTPUT -j limit-421 + inet/filter/limit-421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-421 -j RETURN + inet6/filter/limit-421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-421 -j RETURN + inet/filter/limit-421 -j DROP + inet6/filter/limit-421 -j DROP + +Filter 429 {"flow-limit":{"count":150,"interval":5,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-422 + inet6/filter/FORWARD -j limit-422 + inet/filter/INPUT -j limit-422 + inet6/filter/INPUT -j limit-422 + inet/filter/OUTPUT -j limit-422 + inet6/filter/OUTPUT -j limit-422 + inet/filter/limit-422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-422 -j RETURN + inet6/filter/limit-422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-422 -j RETURN + inet/filter/limit-422 -j DROP + inet6/filter/limit-422 -j DROP + inet/filter/FORWARD -j logaccept-final-36 + inet6/filter/FORWARD -j logaccept-final-36 + inet/filter/INPUT -j logaccept-final-36 + inet6/filter/INPUT -j logaccept-final-36 + inet/filter/OUTPUT -j logaccept-final-36 + inet6/filter/OUTPUT -j logaccept-final-36 + inet/filter/logaccept-final-36 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-36 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-36 -j ACCEPT + inet6/filter/logaccept-final-36 -j ACCEPT + +Filter 430 {"flow-limit":{"count":150,"interval":5,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-423 + inet6/filter/FORWARD -j limit-423 + inet/filter/INPUT -j limit-423 + inet6/filter/INPUT -j limit-423 + inet/filter/OUTPUT -j limit-423 + inet6/filter/OUTPUT -j limit-423 + inet/filter/limit-423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-423 -j RETURN + inet6/filter/limit-423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-423 -j RETURN + inet/filter/limit-423 -j DROP + inet6/filter/limit-423 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 431 {"flow-limit":{"count":150,"interval":5,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-424 + inet6/filter/FORWARD -j limit-424 + inet/filter/INPUT -j limit-424 + inet6/filter/INPUT -j limit-424 + inet/filter/OUTPUT -j limit-424 + inet6/filter/OUTPUT -j limit-424 + inet/filter/limit-424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-424 -j RETURN + inet6/filter/limit-424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-424 -j RETURN + inet/filter/limit-424 -j DROP + inet6/filter/limit-424 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 432 {"action":"pass","flow-limit":{"count":150,"interval":5,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-425 + inet6/filter/FORWARD -j limit-425 + inet/filter/INPUT -j limit-425 + inet6/filter/INPUT -j limit-425 + inet/filter/OUTPUT -j limit-425 + inet6/filter/OUTPUT -j limit-425 + inet/filter/limit-425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-425 -j RETURN + inet6/filter/limit-425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-425 -j RETURN + inet/filter/limit-425 -j DROP + inet6/filter/limit-425 -j DROP + +Filter 433 {"flow-limit":{"count":150,"interval":5,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-426 + inet6/filter/FORWARD -j limit-426 + inet/filter/INPUT -j limit-426 + inet6/filter/INPUT -j limit-426 + inet/filter/OUTPUT -j limit-426 + inet6/filter/OUTPUT -j limit-426 + inet/filter/limit-426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-426 -j RETURN + inet6/filter/limit-426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-426 -j RETURN + inet/filter/limit-426 -j DROP + inet6/filter/limit-426 -j DROP + inet/filter/FORWARD -j logaccept-final-37 + inet6/filter/FORWARD -j logaccept-final-37 + inet/filter/INPUT -j logaccept-final-37 + inet6/filter/INPUT -j logaccept-final-37 + inet/filter/OUTPUT -j logaccept-final-37 + inet6/filter/OUTPUT -j logaccept-final-37 + inet/filter/logaccept-final-37 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-37 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-37 -j ACCEPT + inet6/filter/logaccept-final-37 -j ACCEPT + +Filter 434 {"flow-limit":{"count":150,"interval":5,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-427 + inet6/filter/FORWARD -j limit-427 + inet/filter/INPUT -j limit-427 + inet6/filter/INPUT -j limit-427 + inet/filter/OUTPUT -j limit-427 + inet6/filter/OUTPUT -j limit-427 + inet/filter/limit-427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-427 -j RETURN + inet6/filter/limit-427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-427 -j RETURN + inet/filter/limit-427 -j DROP + inet6/filter/limit-427 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 435 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-428 + inet6/filter/INPUT -i eth0 -j limit-428 + inet/filter/limit-428 -m recent --name limit-428 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-133 + inet6/filter/limit-428 -m recent --name limit-428 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-133 + inet/filter/logdrop-133 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-133 -m limit --limit 1/second -j LOG + inet/filter/logdrop-133 -j DROP + inet6/filter/logdrop-133 -j DROP + inet/filter/limit-428 -m recent --name limit-428 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-428 -m recent --name limit-428 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3469,35 +6487,373 @@ Filter 231 {"flow-limit":1,"in":"A","no-track":true,"out inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 232 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-225 - inet6/filter/INPUT -i eth0 -j limit-225 - inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 - inet6/filter/limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 - inet/filter/logdrop-74 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-74 -m limit --limit 1/second -j LOG - inet/filter/logdrop-74 -j DROP - inet6/filter/logdrop-74 -j DROP - inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +Filter 436 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-429 + inet6/filter/INPUT -i eth0 -j limit-429 + inet/filter/limit-429 -m recent --name limit-429 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-134 + inet6/filter/limit-429 -m recent --name limit-429 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-134 + inet/filter/logdrop-134 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-134 -m limit --limit 1/second -j LOG + inet/filter/logdrop-134 -j DROP + inet6/filter/logdrop-134 -j DROP + inet/filter/limit-429 -m recent --name limit-429 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-429 -m recent --name limit-429 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 437 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-430 + inet6/filter/INPUT -i eth0 -j limit-430 + inet/filter/limit-430 -m recent --name limit-430 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-135 + inet6/filter/limit-430 -m recent --name limit-430 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-135 + inet/filter/logdrop-135 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-135 -m limit --limit 1/second -j LOG + inet/filter/logdrop-135 -j DROP + inet6/filter/logdrop-135 -j DROP + inet/filter/limit-430 -m limit --limit 1/second -j LOG + inet6/filter/limit-430 -m limit --limit 1/second -j LOG + inet/filter/limit-430 -m recent --name limit-430 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-430 -m recent --name limit-430 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 438 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-431 + inet6/filter/INPUT -i eth0 -j limit-431 + inet/filter/limit-431 -m recent --name limit-431 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-136 + inet6/filter/limit-431 -m recent --name limit-431 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-136 + inet/filter/logdrop-136 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-136 -m limit --limit 1/second -j LOG + inet/filter/logdrop-136 -j DROP + inet6/filter/logdrop-136 -j DROP + inet/filter/limit-431 -m recent --name limit-431 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-431 -m recent --name limit-431 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 439 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-432 + inet6/filter/INPUT -i eth0 -j limit-432 + inet/filter/limit-432 -m recent --name limit-432 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-137 + inet6/filter/limit-432 -m recent --name limit-432 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-137 + inet/filter/logdrop-137 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-137 -m limit --limit 1/second -j LOG + inet/filter/logdrop-137 -j DROP + inet6/filter/logdrop-137 -j DROP + inet/filter/limit-432 -m recent --name limit-432 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-432 -m recent --name limit-432 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 440 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-433 + inet6/filter/INPUT -i eth0 -j limit-433 + inet/filter/limit-433 -m recent --name limit-433 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-138 + inet6/filter/limit-433 -m recent --name limit-433 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-138 + inet/filter/logdrop-138 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-138 -m limit --limit 1/second -j LOG + inet/filter/logdrop-138 -j DROP + inet6/filter/logdrop-138 -j DROP + inet/filter/limit-433 -m recent --name limit-433 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-433 -m recent --name limit-433 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 441 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-434 + inet6/filter/INPUT -i eth0 -j limit-434 + inet/filter/limit-434 -m recent --name limit-434 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-139 + inet6/filter/limit-434 -m recent --name limit-434 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-139 + inet/filter/logdrop-139 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-139 -m limit --limit 1/second -j LOG + inet/filter/logdrop-139 -j DROP + inet6/filter/logdrop-139 -j DROP + inet/filter/limit-434 -m recent --name limit-434 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-434 -m recent --name limit-434 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 442 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-435 + inet6/filter/INPUT -i eth0 -j limit-435 + inet/filter/limit-435 -m recent --name limit-435 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-140 + inet6/filter/limit-435 -m recent --name limit-435 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-140 + inet/filter/logdrop-140 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-140 -m limit --limit 1/second -j LOG + inet/filter/logdrop-140 -j DROP + inet6/filter/logdrop-140 -j DROP + inet/filter/limit-435 -m recent --name limit-435 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-435 -m recent --name limit-435 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 443 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-436 + inet6/filter/INPUT -i eth0 -j limit-436 + inet/filter/limit-436 -m recent --name limit-436 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-141 + inet6/filter/limit-436 -m recent --name limit-436 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-141 + inet/filter/logdrop-141 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-141 -m limit --limit 1/second -j LOG + inet/filter/logdrop-141 -j DROP + inet6/filter/logdrop-141 -j DROP + inet/filter/limit-436 -m limit --limit 1/second -j LOG + inet6/filter/limit-436 -m limit --limit 1/second -j LOG + inet/filter/limit-436 -m recent --name limit-436 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-436 -m recent --name limit-436 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 444 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-437 + inet6/filter/INPUT -i eth0 -j limit-437 + inet/filter/limit-437 -m recent --name limit-437 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-142 + inet6/filter/limit-437 -m recent --name limit-437 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-142 + inet/filter/logdrop-142 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-142 -m limit --limit 1/second -j LOG + inet/filter/logdrop-142 -j DROP + inet6/filter/logdrop-142 -j DROP + inet/filter/limit-437 -m recent --name limit-437 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-437 -m recent --name limit-437 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 445 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-438 + inet6/filter/INPUT -i eth0 -j limit-438 + inet/filter/limit-438 -m recent --name limit-438 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-143 + inet6/filter/limit-438 -m recent --name limit-438 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-143 + inet/filter/logdrop-143 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-143 -m limit --limit 1/second -j LOG + inet/filter/logdrop-143 -j DROP + inet6/filter/logdrop-143 -j DROP + inet/filter/limit-438 -m recent --name limit-438 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-438 -m recent --name limit-438 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 446 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-439 + inet6/filter/INPUT -i eth0 -j limit-439 + inet/filter/limit-439 -m recent --name limit-439 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-144 + inet6/filter/limit-439 -m recent --name limit-439 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-144 + inet/filter/logdrop-144 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-144 -m limit --limit 1/second -j LOG + inet/filter/logdrop-144 -j DROP + inet6/filter/logdrop-144 -j DROP + inet/filter/limit-439 -m recent --name limit-439 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-439 -m recent --name limit-439 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 447 {"flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-440 + inet6/filter/INPUT -i eth0 -j limit-440 + inet/filter/limit-440 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-145 + inet6/filter/limit-440 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-145 + inet/filter/logdrop-145 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-145 -m limit --limit 1/second -j LOG + inet/filter/logdrop-145 -j DROP + inet6/filter/logdrop-145 -j DROP + inet/filter/limit-440 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-440 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 448 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-441 + inet6/filter/INPUT -i eth0 -j limit-441 + inet/filter/limit-441 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-146 + inet6/filter/limit-441 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-146 + inet/filter/logdrop-146 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-146 -m limit --limit 1/second -j LOG + inet/filter/logdrop-146 -j DROP + inet6/filter/logdrop-146 -j DROP + inet/filter/limit-441 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-441 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 449 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-442 + inet6/filter/INPUT -i eth0 -j limit-442 + inet/filter/limit-442 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-147 + inet6/filter/limit-442 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-147 + inet/filter/logdrop-147 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-147 -m limit --limit 1/second -j LOG + inet/filter/logdrop-147 -j DROP + inet6/filter/logdrop-147 -j DROP + inet/filter/limit-442 -m limit --limit 1/second -j LOG + inet6/filter/limit-442 -m limit --limit 1/second -j LOG + inet/filter/limit-442 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-442 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 450 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-443 + inet6/filter/INPUT -i eth0 -j limit-443 + inet/filter/limit-443 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-148 + inet6/filter/limit-443 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-148 + inet/filter/logdrop-148 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-148 -m limit --limit 1/second -j LOG + inet/filter/logdrop-148 -j DROP + inet6/filter/logdrop-148 -j DROP + inet/filter/limit-443 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-443 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 451 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-444 + inet6/filter/INPUT -i eth0 -j limit-444 + inet/filter/limit-444 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-149 + inet6/filter/limit-444 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-149 + inet/filter/logdrop-149 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-149 -m limit --limit 1/second -j LOG + inet/filter/logdrop-149 -j DROP + inet6/filter/logdrop-149 -j DROP + inet/filter/limit-444 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-444 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 452 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-445 + inet6/filter/INPUT -i eth0 -j limit-445 + inet/filter/limit-445 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-150 + inet6/filter/limit-445 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-150 + inet/filter/logdrop-150 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-150 -m limit --limit 1/second -j LOG + inet/filter/logdrop-150 -j DROP + inet6/filter/logdrop-150 -j DROP + inet/filter/limit-445 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-445 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 233 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 453 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-446 + inet6/filter/INPUT -i eth0 -j limit-446 + inet/filter/limit-446 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-151 + inet6/filter/limit-446 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-151 + inet/filter/logdrop-151 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-151 -m limit --limit 1/second -j LOG + inet/filter/logdrop-151 -j DROP + inet6/filter/logdrop-151 -j DROP + inet/filter/limit-446 -j ACCEPT + inet6/filter/limit-446 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 454 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-226 - inet6/filter/INPUT -i eth0 -j limit-226 - inet/filter/limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 - inet6/filter/limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 - inet/filter/logdrop-75 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-75 -m limit --limit 1/second -j LOG - inet/filter/logdrop-75 -j DROP - inet6/filter/logdrop-75 -j DROP - inet/filter/limit-226 -m limit --limit 1/second -j LOG - inet6/filter/limit-226 -m limit --limit 1/second -j LOG - inet/filter/limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-152 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-152 + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 455 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-448 + inet6/filter/INPUT -i eth0 -j limit-448 + inet/filter/limit-448 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-153 + inet6/filter/limit-448 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-153 + inet/filter/logdrop-153 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-153 -m limit --limit 1/second -j LOG + inet/filter/logdrop-153 -j DROP + inet6/filter/logdrop-153 -j DROP + inet/filter/limit-448 -m limit --limit 1/second -j LOG + inet6/filter/limit-448 -m limit --limit 1/second -j LOG + inet/filter/limit-448 -j ACCEPT + inet6/filter/limit-448 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 456 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-449 + inet6/filter/INPUT -i eth0 -j limit-449 + inet/filter/limit-449 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-154 + inet6/filter/limit-449 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-154 + inet/filter/logdrop-154 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-154 -m limit --limit 1/second -j LOG + inet/filter/logdrop-154 -j DROP + inet6/filter/logdrop-154 -j DROP + inet/filter/limit-449 -m limit --limit 1/second -j LOG + inet6/filter/limit-449 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 457 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-450 + inet6/filter/INPUT -i eth0 -j limit-450 + inet/filter/limit-450 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-155 + inet6/filter/limit-450 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-155 + inet/filter/logdrop-155 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-155 -m limit --limit 1/second -j LOG + inet/filter/logdrop-155 -j DROP + inet6/filter/logdrop-155 -j DROP + inet/filter/limit-450 -j ACCEPT + inet6/filter/limit-450 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3505,33 +6861,157 @@ Filter 233 {"flow-limit":1,"in":"A","log":true,"no-track inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 234 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 458 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-227 - inet6/filter/INPUT -i eth0 -j limit-227 - inet/filter/limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 - inet6/filter/limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 - inet/filter/logdrop-76 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-76 -m limit --limit 1/second -j LOG - inet/filter/logdrop-76 -j DROP - inet6/filter/logdrop-76 -j DROP - inet/filter/limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-156 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-156 + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 459 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-452 + inet6/filter/INPUT -i eth0 -j limit-452 + inet/filter/limit-452 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-157 + inet6/filter/limit-452 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-157 + inet/filter/logdrop-157 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-157 -m limit --limit 1/second -j LOG + inet/filter/logdrop-157 -j DROP + inet6/filter/logdrop-157 -j DROP + inet/filter/limit-452 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-452 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 460 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-453 + inet6/filter/INPUT -i eth0 -j limit-453 + inet/filter/limit-453 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-158 + inet6/filter/limit-453 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-158 + inet/filter/logdrop-158 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-158 -m limit --limit 1/second -j LOG + inet/filter/logdrop-158 -j DROP + inet6/filter/logdrop-158 -j DROP + inet/filter/limit-453 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-453 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 461 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-454 + inet6/filter/INPUT -i eth0 -j limit-454 + inet/filter/limit-454 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-159 + inet6/filter/limit-454 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-159 + inet/filter/logdrop-159 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-159 -m limit --limit 1/second -j LOG + inet/filter/logdrop-159 -j DROP + inet6/filter/logdrop-159 -j DROP + inet/filter/limit-454 -m limit --limit 1/second -j LOG + inet6/filter/limit-454 -m limit --limit 1/second -j LOG + inet/filter/limit-454 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-454 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 462 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-455 + inet6/filter/INPUT -i eth0 -j limit-455 + inet/filter/limit-455 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-160 + inet6/filter/limit-455 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-160 + inet/filter/logdrop-160 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-160 -m limit --limit 1/second -j LOG + inet/filter/logdrop-160 -j DROP + inet6/filter/logdrop-160 -j DROP + inet/filter/limit-455 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-455 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 463 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-456 + inet6/filter/INPUT -i eth0 -j limit-456 + inet/filter/limit-456 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-161 + inet6/filter/limit-456 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-161 + inet/filter/logdrop-161 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-161 -m limit --limit 1/second -j LOG + inet/filter/logdrop-161 -j DROP + inet6/filter/logdrop-161 -j DROP + inet/filter/limit-456 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-456 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 464 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-457 + inet6/filter/INPUT -i eth0 -j limit-457 + inet/filter/limit-457 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-162 + inet6/filter/limit-457 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-162 + inet/filter/logdrop-162 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-162 -m limit --limit 1/second -j LOG + inet/filter/logdrop-162 -j DROP + inet6/filter/logdrop-162 -j DROP + inet/filter/limit-457 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-457 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 235 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 465 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-458 + inet6/filter/INPUT -i eth0 -j limit-458 + inet/filter/limit-458 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-163 + inet6/filter/limit-458 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-163 + inet/filter/logdrop-163 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-163 -m limit --limit 1/second -j LOG + inet/filter/logdrop-163 -j DROP + inet6/filter/logdrop-163 -j DROP + inet/filter/limit-458 -j ACCEPT + inet6/filter/limit-458 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 466 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-228 - inet6/filter/INPUT -i eth0 -j limit-228 - inet/filter/limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 - inet6/filter/limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 - inet/filter/logdrop-77 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-77 -m limit --limit 1/second -j LOG - inet/filter/logdrop-77 -j DROP - inet6/filter/logdrop-77 -j DROP - inet/filter/limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-164 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-164 + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 467 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-460 + inet6/filter/INPUT -i eth0 -j limit-460 + inet/filter/limit-460 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-165 + inet6/filter/limit-460 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-165 + inet/filter/logdrop-165 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-165 -m limit --limit 1/second -j LOG + inet/filter/logdrop-165 -j DROP + inet6/filter/logdrop-165 -j DROP + inet/filter/limit-460 -m limit --limit 1/second -j LOG + inet6/filter/limit-460 -m limit --limit 1/second -j LOG + inet/filter/limit-460 -j ACCEPT + inet6/filter/limit-460 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3539,33 +7019,55 @@ Filter 235 {"flow-limit":1,"in":"A","log":"none","no-tra inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 236 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 468 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-461 + inet6/filter/INPUT -i eth0 -j limit-461 + inet/filter/limit-461 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-166 + inet6/filter/limit-461 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-166 + inet/filter/logdrop-166 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-166 -m limit --limit 1/second -j LOG + inet/filter/logdrop-166 -j DROP + inet6/filter/logdrop-166 -j DROP + inet/filter/limit-461 -m limit --limit 1/second -j LOG + inet6/filter/limit-461 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 469 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-462 + inet6/filter/INPUT -i eth0 -j limit-462 + inet/filter/limit-462 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-167 + inet6/filter/limit-462 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-167 + inet/filter/logdrop-167 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-167 -m limit --limit 1/second -j LOG + inet/filter/logdrop-167 -j DROP + inet6/filter/logdrop-167 -j DROP + inet/filter/limit-462 -j ACCEPT + inet6/filter/limit-462 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 470 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-229 - inet6/filter/INPUT -i eth0 -j limit-229 - inet/filter/limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 - inet6/filter/limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 - inet/filter/logdrop-78 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-78 -m limit --limit 1/second -j LOG - inet/filter/logdrop-78 -j DROP - inet6/filter/logdrop-78 -j DROP - inet/filter/limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-168 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-168 inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 237 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +Filter 471 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-230 - inet6/filter/INPUT -i eth0 -j limit-230 - inet/filter/limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 - inet6/filter/limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 - inet/filter/logdrop-79 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-79 -m limit --limit 1/second -j LOG - inet/filter/logdrop-79 -j DROP - inet6/filter/logdrop-79 -j DROP - inet/filter/limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-464 + inet6/filter/INPUT -i eth0 -j limit-464 + inet/filter/limit-464 -m recent --name limit-464 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-464 -m recent --name limit-464 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-464 -m recent --name limit-464 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-464 -m recent --name limit-464 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3573,35 +7075,27 @@ Filter 237 {"flow-limit":{"count":1},"in":"A","no-track" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 238 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +Filter 472 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-231 - inet6/filter/INPUT -i eth0 -j limit-231 - inet/filter/limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 - inet6/filter/limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 - inet/filter/logdrop-80 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-80 -m limit --limit 1/second -j LOG - inet/filter/logdrop-80 -j DROP - inet6/filter/logdrop-80 -j DROP - inet/filter/limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-465 + inet6/filter/INPUT -i eth0 -j limit-465 + inet/filter/limit-465 -m recent --name limit-465 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-465 -m recent --name limit-465 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-465 -m recent --name limit-465 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-465 -m recent --name limit-465 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 239 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 473 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-232 - inet6/filter/INPUT -i eth0 -j limit-232 - inet/filter/limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 - inet6/filter/limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 - inet/filter/logdrop-81 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-81 -m limit --limit 1/second -j LOG - inet/filter/logdrop-81 -j DROP - inet6/filter/logdrop-81 -j DROP - inet/filter/limit-232 -m limit --limit 1/second -j LOG - inet6/filter/limit-232 -m limit --limit 1/second -j LOG - inet/filter/limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-466 + inet6/filter/INPUT -i eth0 -j limit-466 + inet/filter/limit-466 -m recent --name limit-466 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-466 -m recent --name limit-466 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-466 -m limit --limit 1/second -j LOG + inet6/filter/limit-466 -m limit --limit 1/second -j LOG + inet/filter/limit-466 -m recent --name limit-466 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-466 -m recent --name limit-466 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3609,33 +7103,25 @@ Filter 239 {"flow-limit":{"count":1},"in":"A","log":true inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 240 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 474 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-233 - inet6/filter/INPUT -i eth0 -j limit-233 - inet/filter/limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 - inet6/filter/limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 - inet/filter/logdrop-82 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-82 -m limit --limit 1/second -j LOG - inet/filter/logdrop-82 -j DROP - inet6/filter/logdrop-82 -j DROP - inet/filter/limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-467 + inet6/filter/INPUT -i eth0 -j limit-467 + inet/filter/limit-467 -m recent --name limit-467 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-467 -m recent --name limit-467 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-467 -m recent --name limit-467 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-467 -m recent --name limit-467 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 241 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 475 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-234 - inet6/filter/INPUT -i eth0 -j limit-234 - inet/filter/limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 - inet6/filter/limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 - inet/filter/logdrop-83 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-83 -m limit --limit 1/second -j LOG - inet/filter/logdrop-83 -j DROP - inet6/filter/logdrop-83 -j DROP - inet/filter/limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-468 + inet6/filter/INPUT -i eth0 -j limit-468 + inet/filter/limit-468 -m recent --name limit-468 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-468 -m recent --name limit-468 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-468 -m recent --name limit-468 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-468 -m recent --name limit-468 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3643,33 +7129,25 @@ Filter 241 {"flow-limit":{"count":1},"in":"A","log":"non inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 242 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 476 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-235 - inet6/filter/INPUT -i eth0 -j limit-235 - inet/filter/limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 - inet6/filter/limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 - inet/filter/logdrop-84 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-84 -m limit --limit 1/second -j LOG - inet/filter/logdrop-84 -j DROP - inet6/filter/logdrop-84 -j DROP - inet/filter/limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-469 + inet6/filter/INPUT -i eth0 -j limit-469 + inet/filter/limit-469 -m recent --name limit-469 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-469 -m recent --name limit-469 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-469 -m recent --name limit-469 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-469 -m recent --name limit-469 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 243 {"flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 477 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-236 - inet6/filter/INPUT -i eth0 -j limit-236 - inet/filter/limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-85 - inet6/filter/limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-85 - inet/filter/logdrop-85 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-85 -m limit --limit 1/second -j LOG - inet/filter/logdrop-85 -j DROP - inet6/filter/logdrop-85 -j DROP - inet/filter/limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-470 + inet6/filter/INPUT -i eth0 -j limit-470 + inet/filter/limit-470 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-470 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-470 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-470 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3677,35 +7155,27 @@ Filter 243 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 244 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 478 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-237 - inet6/filter/INPUT -i eth0 -j limit-237 - inet/filter/limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-86 - inet6/filter/limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-86 - inet/filter/logdrop-86 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-86 -m limit --limit 1/second -j LOG - inet/filter/logdrop-86 -j DROP - inet6/filter/logdrop-86 -j DROP - inet/filter/limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-471 + inet6/filter/INPUT -i eth0 -j limit-471 + inet/filter/limit-471 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-471 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-471 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-471 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 245 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 479 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-238 - inet6/filter/INPUT -i eth0 -j limit-238 - inet/filter/limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-87 - inet6/filter/limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-87 - inet/filter/logdrop-87 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-87 -m limit --limit 1/second -j LOG - inet/filter/logdrop-87 -j DROP - inet6/filter/logdrop-87 -j DROP - inet/filter/limit-238 -m limit --limit 1/second -j LOG - inet6/filter/limit-238 -m limit --limit 1/second -j LOG - inet/filter/limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-472 + inet6/filter/INPUT -i eth0 -j limit-472 + inet/filter/limit-472 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-472 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-472 -m limit --limit 1/second -j LOG + inet6/filter/limit-472 -m limit --limit 1/second -j LOG + inet/filter/limit-472 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-472 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3713,33 +7183,25 @@ Filter 245 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 246 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 480 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-239 - inet6/filter/INPUT -i eth0 -j limit-239 - inet/filter/limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-88 - inet6/filter/limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-88 - inet/filter/logdrop-88 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-88 -m limit --limit 1/second -j LOG - inet/filter/logdrop-88 -j DROP - inet6/filter/logdrop-88 -j DROP - inet/filter/limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-473 + inet6/filter/INPUT -i eth0 -j limit-473 + inet/filter/limit-473 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-473 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-473 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-473 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 247 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 481 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-240 - inet6/filter/INPUT -i eth0 -j limit-240 - inet/filter/limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-89 - inet6/filter/limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-89 - inet/filter/logdrop-89 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-89 -m limit --limit 1/second -j LOG - inet/filter/logdrop-89 -j DROP - inet6/filter/logdrop-89 -j DROP - inet/filter/limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-474 + inet6/filter/INPUT -i eth0 -j limit-474 + inet/filter/limit-474 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-474 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-474 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-474 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3747,33 +7209,25 @@ Filter 247 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 248 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 482 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-241 - inet6/filter/INPUT -i eth0 -j limit-241 - inet/filter/limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-90 - inet6/filter/limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-90 - inet/filter/logdrop-90 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-90 -m limit --limit 1/second -j LOG - inet/filter/logdrop-90 -j DROP - inet6/filter/logdrop-90 -j DROP - inet/filter/limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-475 + inet6/filter/INPUT -i eth0 -j limit-475 + inet/filter/limit-475 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-475 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-475 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-475 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 249 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 483 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-242 - inet6/filter/INPUT -i eth0 -j limit-242 - inet/filter/limit-242 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-91 - inet6/filter/limit-242 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-91 - inet/filter/logdrop-91 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-91 -m limit --limit 1/second -j LOG - inet/filter/logdrop-91 -j DROP - inet6/filter/logdrop-91 -j DROP - inet/filter/limit-242 -j ACCEPT - inet6/filter/limit-242 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-476 + inet6/filter/INPUT -i eth0 -j limit-476 + inet/filter/limit-476 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-476 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-476 -j ACCEPT + inet6/filter/limit-476 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3781,27 +7235,23 @@ Filter 249 {"flow-limit":{"count":1,"name":"foo","update inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 250 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 484 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-92 - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-92 + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 251 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 485 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-244 - inet6/filter/INPUT -i eth0 -j limit-244 - inet/filter/limit-244 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-93 - inet6/filter/limit-244 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-93 - inet/filter/logdrop-93 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-93 -m limit --limit 1/second -j LOG - inet/filter/logdrop-93 -j DROP - inet6/filter/logdrop-93 -j DROP - inet/filter/limit-244 -m limit --limit 1/second -j LOG - inet6/filter/limit-244 -m limit --limit 1/second -j LOG - inet/filter/limit-244 -j ACCEPT - inet6/filter/limit-244 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-478 + inet6/filter/INPUT -i eth0 -j limit-478 + inet/filter/limit-478 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-478 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-478 -m limit --limit 1/second -j LOG + inet6/filter/limit-478 -m limit --limit 1/second -j LOG + inet/filter/limit-478 -j ACCEPT + inet6/filter/limit-478 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3809,33 +7259,25 @@ Filter 251 {"flow-limit":{"count":1,"name":"foo","update inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 252 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 486 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-245 - inet6/filter/INPUT -i eth0 -j limit-245 - inet/filter/limit-245 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-94 - inet6/filter/limit-245 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-94 - inet/filter/logdrop-94 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-94 -m limit --limit 1/second -j LOG - inet/filter/logdrop-94 -j DROP - inet6/filter/logdrop-94 -j DROP - inet/filter/limit-245 -m limit --limit 1/second -j LOG - inet6/filter/limit-245 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-479 + inet6/filter/INPUT -i eth0 -j limit-479 + inet/filter/limit-479 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-479 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-479 -m limit --limit 1/second -j LOG + inet6/filter/limit-479 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 253 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 487 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-246 - inet6/filter/INPUT -i eth0 -j limit-246 - inet/filter/limit-246 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-95 - inet6/filter/limit-246 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-95 - inet/filter/logdrop-95 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-95 -m limit --limit 1/second -j LOG - inet/filter/logdrop-95 -j DROP - inet6/filter/logdrop-95 -j DROP - inet/filter/limit-246 -j ACCEPT - inet6/filter/limit-246 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-480 + inet6/filter/INPUT -i eth0 -j limit-480 + inet/filter/limit-480 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-480 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-480 -j ACCEPT + inet6/filter/limit-480 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3843,25 +7285,21 @@ Filter 253 {"flow-limit":{"count":1,"name":"foo","update inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 254 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 488 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-96 - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-96 + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 255 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 489 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-248 - inet6/filter/INPUT -i eth0 -j limit-248 - inet/filter/limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-97 - inet6/filter/limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-97 - inet/filter/logdrop-97 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-97 -m limit --limit 1/second -j LOG - inet/filter/logdrop-97 -j DROP - inet6/filter/logdrop-97 -j DROP - inet/filter/limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-482 + inet6/filter/INPUT -i eth0 -j limit-482 + inet/filter/limit-482 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-482 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-482 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-482 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3869,35 +7307,27 @@ Filter 255 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 256 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 490 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-249 - inet6/filter/INPUT -i eth0 -j limit-249 - inet/filter/limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-98 - inet6/filter/limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-98 - inet/filter/logdrop-98 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-98 -m limit --limit 1/second -j LOG - inet/filter/logdrop-98 -j DROP - inet6/filter/logdrop-98 -j DROP - inet/filter/limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-483 + inet6/filter/INPUT -i eth0 -j limit-483 + inet/filter/limit-483 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-483 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-483 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-483 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 257 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 491 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-250 - inet6/filter/INPUT -i eth0 -j limit-250 - inet/filter/limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-99 - inet6/filter/limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-99 - inet/filter/logdrop-99 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-99 -m limit --limit 1/second -j LOG - inet/filter/logdrop-99 -j DROP - inet6/filter/logdrop-99 -j DROP - inet/filter/limit-250 -m limit --limit 1/second -j LOG - inet6/filter/limit-250 -m limit --limit 1/second -j LOG - inet/filter/limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-484 + inet6/filter/INPUT -i eth0 -j limit-484 + inet/filter/limit-484 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-484 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-484 -m limit --limit 1/second -j LOG + inet6/filter/limit-484 -m limit --limit 1/second -j LOG + inet/filter/limit-484 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-484 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3905,33 +7335,25 @@ Filter 257 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 258 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 492 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-251 - inet6/filter/INPUT -i eth0 -j limit-251 - inet/filter/limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-100 - inet6/filter/limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-100 - inet/filter/logdrop-100 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-100 -m limit --limit 1/second -j LOG - inet/filter/logdrop-100 -j DROP - inet6/filter/logdrop-100 -j DROP - inet/filter/limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-485 + inet6/filter/INPUT -i eth0 -j limit-485 + inet/filter/limit-485 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-485 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-485 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-485 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 259 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 493 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-252 - inet6/filter/INPUT -i eth0 -j limit-252 - inet/filter/limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-101 - inet6/filter/limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-101 - inet/filter/logdrop-101 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-101 -m limit --limit 1/second -j LOG - inet/filter/logdrop-101 -j DROP - inet6/filter/logdrop-101 -j DROP - inet/filter/limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-486 + inet6/filter/INPUT -i eth0 -j limit-486 + inet/filter/limit-486 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-486 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-486 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-486 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3939,33 +7361,25 @@ Filter 259 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 260 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 494 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-253 - inet6/filter/INPUT -i eth0 -j limit-253 - inet/filter/limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-102 - inet6/filter/limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-102 - inet/filter/logdrop-102 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-102 -m limit --limit 1/second -j LOG - inet/filter/logdrop-102 -j DROP - inet6/filter/logdrop-102 -j DROP - inet/filter/limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-487 + inet6/filter/INPUT -i eth0 -j limit-487 + inet/filter/limit-487 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-487 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-487 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-487 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 261 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 495 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-254 - inet6/filter/INPUT -i eth0 -j limit-254 - inet/filter/limit-254 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-103 - inet6/filter/limit-254 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-103 - inet/filter/logdrop-103 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-103 -m limit --limit 1/second -j LOG - inet/filter/logdrop-103 -j DROP - inet6/filter/logdrop-103 -j DROP - inet/filter/limit-254 -j ACCEPT - inet6/filter/limit-254 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-488 + inet6/filter/INPUT -i eth0 -j limit-488 + inet/filter/limit-488 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-488 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-488 -j ACCEPT + inet6/filter/limit-488 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3973,27 +7387,23 @@ Filter 261 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 262 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 496 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-104 - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-104 + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 263 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 497 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-256 - inet6/filter/INPUT -i eth0 -j limit-256 - inet/filter/limit-256 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-105 - inet6/filter/limit-256 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-105 - inet/filter/logdrop-105 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-105 -m limit --limit 1/second -j LOG - inet/filter/logdrop-105 -j DROP - inet6/filter/logdrop-105 -j DROP - inet/filter/limit-256 -m limit --limit 1/second -j LOG - inet6/filter/limit-256 -m limit --limit 1/second -j LOG - inet/filter/limit-256 -j ACCEPT - inet6/filter/limit-256 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-490 + inet6/filter/INPUT -i eth0 -j limit-490 + inet/filter/limit-490 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-490 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-490 -m limit --limit 1/second -j LOG + inet6/filter/limit-490 -m limit --limit 1/second -j LOG + inet/filter/limit-490 -j ACCEPT + inet6/filter/limit-490 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4001,33 +7411,25 @@ Filter 263 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 264 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 498 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-257 - inet6/filter/INPUT -i eth0 -j limit-257 - inet/filter/limit-257 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-106 - inet6/filter/limit-257 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-106 - inet/filter/logdrop-106 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-106 -m limit --limit 1/second -j LOG - inet/filter/logdrop-106 -j DROP - inet6/filter/logdrop-106 -j DROP - inet/filter/limit-257 -m limit --limit 1/second -j LOG - inet6/filter/limit-257 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-491 + inet6/filter/INPUT -i eth0 -j limit-491 + inet/filter/limit-491 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-491 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-491 -m limit --limit 1/second -j LOG + inet6/filter/limit-491 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 265 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 499 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-258 - inet6/filter/INPUT -i eth0 -j limit-258 - inet/filter/limit-258 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-107 - inet6/filter/limit-258 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-107 - inet/filter/logdrop-107 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-107 -m limit --limit 1/second -j LOG - inet/filter/logdrop-107 -j DROP - inet6/filter/logdrop-107 -j DROP - inet/filter/limit-258 -j ACCEPT - inet6/filter/limit-258 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-492 + inet6/filter/INPUT -i eth0 -j limit-492 + inet/filter/limit-492 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-492 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-492 -j ACCEPT + inet6/filter/limit-492 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4035,21 +7437,21 @@ Filter 265 {"flow-limit":{"addr":"dest","count":1,"name" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 266 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 500 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-108 - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-108 + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 267 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 501 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-260 - inet6/filter/INPUT -i eth0 -j limit-260 - inet/filter/limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-494 + inet6/filter/INPUT -i eth0 -j limit-494 + inet/filter/limit-494 -m recent --name limit-494 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-494 -m recent --name limit-494 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-494 -m recent --name limit-494 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-494 -m recent --name limit-494 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4057,27 +7459,27 @@ Filter 267 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 268 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 502 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-261 - inet6/filter/INPUT -i eth0 -j limit-261 - inet/filter/limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-495 + inet6/filter/INPUT -i eth0 -j limit-495 + inet/filter/limit-495 -m recent --name limit-495 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-495 -m recent --name limit-495 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-495 -m recent --name limit-495 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-495 -m recent --name limit-495 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 269 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 503 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-262 - inet6/filter/INPUT -i eth0 -j limit-262 - inet/filter/limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-262 -m limit --limit 1/second -j LOG - inet6/filter/limit-262 -m limit --limit 1/second -j LOG - inet/filter/limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-496 + inet6/filter/INPUT -i eth0 -j limit-496 + inet/filter/limit-496 -m recent --name limit-496 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-496 -m recent --name limit-496 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-496 -m limit --limit 1/second -j LOG + inet6/filter/limit-496 -m limit --limit 1/second -j LOG + inet/filter/limit-496 -m recent --name limit-496 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-496 -m recent --name limit-496 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4085,25 +7487,25 @@ Filter 269 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 270 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 504 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-263 - inet6/filter/INPUT -i eth0 -j limit-263 - inet/filter/limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-497 + inet6/filter/INPUT -i eth0 -j limit-497 + inet/filter/limit-497 -m recent --name limit-497 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-497 -m recent --name limit-497 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-497 -m recent --name limit-497 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-497 -m recent --name limit-497 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 271 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 505 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-264 - inet6/filter/INPUT -i eth0 -j limit-264 - inet/filter/limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-498 + inet6/filter/INPUT -i eth0 -j limit-498 + inet/filter/limit-498 -m recent --name limit-498 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-498 -m recent --name limit-498 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-498 -m recent --name limit-498 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-498 -m recent --name limit-498 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4111,25 +7513,25 @@ Filter 271 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 272 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 506 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-265 - inet6/filter/INPUT -i eth0 -j limit-265 - inet/filter/limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-499 + inet6/filter/INPUT -i eth0 -j limit-499 + inet/filter/limit-499 -m recent --name limit-499 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-499 -m recent --name limit-499 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-499 -m recent --name limit-499 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-499 -m recent --name limit-499 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 273 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 507 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-266 - inet6/filter/INPUT -i eth0 -j limit-266 - inet/filter/limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-500 + inet6/filter/INPUT -i eth0 -j limit-500 + inet/filter/limit-500 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-500 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-500 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-500 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4137,27 +7539,27 @@ Filter 273 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 274 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 508 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-267 - inet6/filter/INPUT -i eth0 -j limit-267 - inet/filter/limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-501 + inet6/filter/INPUT -i eth0 -j limit-501 + inet/filter/limit-501 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-501 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-501 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-501 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 275 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 509 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-268 - inet6/filter/INPUT -i eth0 -j limit-268 - inet/filter/limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-268 -m limit --limit 1/second -j LOG - inet6/filter/limit-268 -m limit --limit 1/second -j LOG - inet/filter/limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-502 + inet6/filter/INPUT -i eth0 -j limit-502 + inet/filter/limit-502 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-502 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-502 -m limit --limit 1/second -j LOG + inet6/filter/limit-502 -m limit --limit 1/second -j LOG + inet/filter/limit-502 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-502 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4165,25 +7567,25 @@ Filter 275 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 276 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 510 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-269 - inet6/filter/INPUT -i eth0 -j limit-269 - inet/filter/limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-503 + inet6/filter/INPUT -i eth0 -j limit-503 + inet/filter/limit-503 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-503 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-503 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-503 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 277 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 511 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-270 - inet6/filter/INPUT -i eth0 -j limit-270 - inet/filter/limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-504 + inet6/filter/INPUT -i eth0 -j limit-504 + inet/filter/limit-504 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-504 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-504 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-504 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4191,25 +7593,25 @@ Filter 277 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 278 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 512 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-271 - inet6/filter/INPUT -i eth0 -j limit-271 - inet/filter/limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-505 + inet6/filter/INPUT -i eth0 -j limit-505 + inet/filter/limit-505 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-505 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-505 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-505 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 279 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 513 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-272 - inet6/filter/INPUT -i eth0 -j limit-272 - inet/filter/limit-272 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-272 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-272 -j ACCEPT - inet6/filter/limit-272 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-506 + inet6/filter/INPUT -i eth0 -j limit-506 + inet/filter/limit-506 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-506 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-506 -j ACCEPT + inet6/filter/limit-506 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4217,23 +7619,23 @@ Filter 279 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 280 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 514 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 281 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 515 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-274 - inet6/filter/INPUT -i eth0 -j limit-274 - inet/filter/limit-274 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-274 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-274 -m limit --limit 1/second -j LOG - inet6/filter/limit-274 -m limit --limit 1/second -j LOG - inet/filter/limit-274 -j ACCEPT - inet6/filter/limit-274 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-508 + inet6/filter/INPUT -i eth0 -j limit-508 + inet/filter/limit-508 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-508 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-508 -m limit --limit 1/second -j LOG + inet6/filter/limit-508 -m limit --limit 1/second -j LOG + inet/filter/limit-508 -j ACCEPT + inet6/filter/limit-508 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4241,25 +7643,25 @@ Filter 281 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 282 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 516 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-275 - inet6/filter/INPUT -i eth0 -j limit-275 - inet/filter/limit-275 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-275 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-275 -m limit --limit 1/second -j LOG - inet6/filter/limit-275 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-509 + inet6/filter/INPUT -i eth0 -j limit-509 + inet/filter/limit-509 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-509 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-509 -m limit --limit 1/second -j LOG + inet6/filter/limit-509 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 283 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 517 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-276 - inet6/filter/INPUT -i eth0 -j limit-276 - inet/filter/limit-276 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-276 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-276 -j ACCEPT - inet6/filter/limit-276 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-510 + inet6/filter/INPUT -i eth0 -j limit-510 + inet/filter/limit-510 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-510 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-510 -j ACCEPT + inet6/filter/limit-510 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4267,21 +7669,21 @@ Filter 283 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 284 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 518 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 285 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 519 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-278 - inet6/filter/INPUT -i eth0 -j limit-278 - inet/filter/limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-512 + inet6/filter/INPUT -i eth0 -j limit-512 + inet/filter/limit-512 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-512 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-512 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-512 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4289,27 +7691,27 @@ Filter 285 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 286 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 520 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-279 - inet6/filter/INPUT -i eth0 -j limit-279 - inet/filter/limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-513 + inet6/filter/INPUT -i eth0 -j limit-513 + inet/filter/limit-513 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-513 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-513 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-513 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 287 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 521 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-280 - inet6/filter/INPUT -i eth0 -j limit-280 - inet/filter/limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-280 -m limit --limit 1/second -j LOG - inet6/filter/limit-280 -m limit --limit 1/second -j LOG - inet/filter/limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-514 + inet6/filter/INPUT -i eth0 -j limit-514 + inet/filter/limit-514 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-514 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-514 -m limit --limit 1/second -j LOG + inet6/filter/limit-514 -m limit --limit 1/second -j LOG + inet/filter/limit-514 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-514 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4317,25 +7719,25 @@ Filter 287 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 288 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 522 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-281 - inet6/filter/INPUT -i eth0 -j limit-281 - inet/filter/limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-515 + inet6/filter/INPUT -i eth0 -j limit-515 + inet/filter/limit-515 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-515 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-515 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-515 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 289 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 523 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-282 - inet6/filter/INPUT -i eth0 -j limit-282 - inet/filter/limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-516 + inet6/filter/INPUT -i eth0 -j limit-516 + inet/filter/limit-516 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-516 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-516 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-516 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4343,25 +7745,25 @@ Filter 289 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 290 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 524 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-283 - inet6/filter/INPUT -i eth0 -j limit-283 - inet/filter/limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-517 + inet6/filter/INPUT -i eth0 -j limit-517 + inet/filter/limit-517 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-517 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-517 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-517 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 291 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 525 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-284 - inet6/filter/INPUT -i eth0 -j limit-284 - inet/filter/limit-284 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-284 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-284 -j ACCEPT - inet6/filter/limit-284 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-518 + inet6/filter/INPUT -i eth0 -j limit-518 + inet/filter/limit-518 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-518 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-518 -j ACCEPT + inet6/filter/limit-518 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4369,23 +7771,23 @@ Filter 291 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 292 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 526 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 293 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 527 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-286 - inet6/filter/INPUT -i eth0 -j limit-286 - inet/filter/limit-286 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-286 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-286 -m limit --limit 1/second -j LOG - inet6/filter/limit-286 -m limit --limit 1/second -j LOG - inet/filter/limit-286 -j ACCEPT - inet6/filter/limit-286 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-520 + inet6/filter/INPUT -i eth0 -j limit-520 + inet/filter/limit-520 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-520 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-520 -m limit --limit 1/second -j LOG + inet6/filter/limit-520 -m limit --limit 1/second -j LOG + inet/filter/limit-520 -j ACCEPT + inet6/filter/limit-520 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4393,25 +7795,25 @@ Filter 293 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 294 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 528 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-287 - inet6/filter/INPUT -i eth0 -j limit-287 - inet/filter/limit-287 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-287 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-287 -m limit --limit 1/second -j LOG - inet6/filter/limit-287 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-521 + inet6/filter/INPUT -i eth0 -j limit-521 + inet/filter/limit-521 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-521 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-521 -m limit --limit 1/second -j LOG + inet6/filter/limit-521 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 295 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 529 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-288 - inet6/filter/INPUT -i eth0 -j limit-288 - inet/filter/limit-288 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-288 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-288 -j ACCEPT - inet6/filter/limit-288 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-522 + inet6/filter/INPUT -i eth0 -j limit-522 + inet/filter/limit-522 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-522 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-522 -j ACCEPT + inet6/filter/limit-522 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4419,21 +7821,295 @@ Filter 295 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 296 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 530 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 297 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 531 {"flow-limit":{"count":1,"interval":5},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-524 + inet6/filter/INPUT -i eth0 -j limit-524 + inet/filter/limit-524 -m recent --name limit-524 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-169 + inet6/filter/limit-524 -m recent --name limit-524 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-169 + inet/filter/logdrop-169 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-169 -m limit --limit 1/second -j LOG + inet/filter/logdrop-169 -j DROP + inet6/filter/logdrop-169 -j DROP + inet/filter/limit-524 -m recent --name limit-524 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-524 -m recent --name limit-524 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 532 {"action":"pass","flow-limit":{"count":1,"interval":5},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-525 + inet6/filter/INPUT -i eth0 -j limit-525 + inet/filter/limit-525 -m recent --name limit-525 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-170 + inet6/filter/limit-525 -m recent --name limit-525 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-170 + inet/filter/logdrop-170 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-170 -m limit --limit 1/second -j LOG + inet/filter/logdrop-170 -j DROP + inet6/filter/logdrop-170 -j DROP + inet/filter/limit-525 -m recent --name limit-525 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-525 -m recent --name limit-525 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 533 {"flow-limit":{"count":1,"interval":5},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-526 + inet6/filter/INPUT -i eth0 -j limit-526 + inet/filter/limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-171 + inet6/filter/limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-171 + inet/filter/logdrop-171 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-171 -m limit --limit 1/second -j LOG + inet/filter/logdrop-171 -j DROP + inet6/filter/logdrop-171 -j DROP + inet/filter/limit-526 -m limit --limit 1/second -j LOG + inet6/filter/limit-526 -m limit --limit 1/second -j LOG + inet/filter/limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 534 {"action":"pass","flow-limit":{"count":1,"interval":5},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-527 + inet6/filter/INPUT -i eth0 -j limit-527 + inet/filter/limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-172 + inet6/filter/limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-172 + inet/filter/logdrop-172 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-172 -m limit --limit 1/second -j LOG + inet/filter/logdrop-172 -j DROP + inet6/filter/logdrop-172 -j DROP + inet/filter/limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 535 {"flow-limit":{"count":1,"interval":5},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-528 + inet6/filter/INPUT -i eth0 -j limit-528 + inet/filter/limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-173 + inet6/filter/limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-173 + inet/filter/logdrop-173 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-173 -m limit --limit 1/second -j LOG + inet/filter/logdrop-173 -j DROP + inet6/filter/logdrop-173 -j DROP + inet/filter/limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 536 {"action":"pass","flow-limit":{"count":1,"interval":5},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-529 + inet6/filter/INPUT -i eth0 -j limit-529 + inet/filter/limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-174 + inet6/filter/limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-174 + inet/filter/logdrop-174 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-174 -m limit --limit 1/second -j LOG + inet/filter/logdrop-174 -j DROP + inet6/filter/logdrop-174 -j DROP + inet/filter/limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 537 {"flow-limit":{"count":1,"interval":5,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-530 + inet6/filter/INPUT -i eth0 -j limit-530 + inet/filter/limit-530 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-175 + inet6/filter/limit-530 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-175 + inet/filter/logdrop-175 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-175 -m limit --limit 1/second -j LOG + inet/filter/logdrop-175 -j DROP + inet6/filter/logdrop-175 -j DROP + inet/filter/limit-530 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-530 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 538 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-531 + inet6/filter/INPUT -i eth0 -j limit-531 + inet/filter/limit-531 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-176 + inet6/filter/limit-531 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-176 + inet/filter/logdrop-176 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-176 -m limit --limit 1/second -j LOG + inet/filter/logdrop-176 -j DROP + inet6/filter/logdrop-176 -j DROP + inet/filter/limit-531 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-531 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 539 {"flow-limit":{"count":1,"interval":5,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-532 + inet6/filter/INPUT -i eth0 -j limit-532 + inet/filter/limit-532 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-177 + inet6/filter/limit-532 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-177 + inet/filter/logdrop-177 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-177 -m limit --limit 1/second -j LOG + inet/filter/logdrop-177 -j DROP + inet6/filter/logdrop-177 -j DROP + inet/filter/limit-532 -m limit --limit 1/second -j LOG + inet6/filter/limit-532 -m limit --limit 1/second -j LOG + inet/filter/limit-532 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-532 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 540 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-533 + inet6/filter/INPUT -i eth0 -j limit-533 + inet/filter/limit-533 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-178 + inet6/filter/limit-533 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-178 + inet/filter/logdrop-178 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-178 -m limit --limit 1/second -j LOG + inet/filter/logdrop-178 -j DROP + inet6/filter/logdrop-178 -j DROP + inet/filter/limit-533 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-533 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 541 {"flow-limit":{"count":1,"interval":5,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-534 + inet6/filter/INPUT -i eth0 -j limit-534 + inet/filter/limit-534 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-179 + inet6/filter/limit-534 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-179 + inet/filter/logdrop-179 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-179 -m limit --limit 1/second -j LOG + inet/filter/logdrop-179 -j DROP + inet6/filter/logdrop-179 -j DROP + inet/filter/limit-534 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-534 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 542 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-535 + inet6/filter/INPUT -i eth0 -j limit-535 + inet/filter/limit-535 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-180 + inet6/filter/limit-535 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-180 + inet/filter/logdrop-180 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-180 -m limit --limit 1/second -j LOG + inet/filter/logdrop-180 -j DROP + inet6/filter/logdrop-180 -j DROP + inet/filter/limit-535 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-535 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 543 {"flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-536 + inet6/filter/INPUT -i eth0 -j limit-536 + inet/filter/limit-536 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-181 + inet6/filter/limit-536 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-181 + inet/filter/logdrop-181 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-181 -m limit --limit 1/second -j LOG + inet/filter/logdrop-181 -j DROP + inet6/filter/logdrop-181 -j DROP + inet/filter/limit-536 -j ACCEPT + inet6/filter/limit-536 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 544 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-290 - inet6/filter/INPUT -i eth0 -j limit-290 - inet/filter/limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-182 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-182 + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 545 {"flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-538 + inet6/filter/INPUT -i eth0 -j limit-538 + inet/filter/limit-538 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-183 + inet6/filter/limit-538 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-183 + inet/filter/logdrop-183 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-183 -m limit --limit 1/second -j LOG + inet/filter/logdrop-183 -j DROP + inet6/filter/logdrop-183 -j DROP + inet/filter/limit-538 -m limit --limit 1/second -j LOG + inet6/filter/limit-538 -m limit --limit 1/second -j LOG + inet/filter/limit-538 -j ACCEPT + inet6/filter/limit-538 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 546 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-539 + inet6/filter/INPUT -i eth0 -j limit-539 + inet/filter/limit-539 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-184 + inet6/filter/limit-539 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-184 + inet/filter/logdrop-184 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-184 -m limit --limit 1/second -j LOG + inet/filter/logdrop-184 -j DROP + inet6/filter/logdrop-184 -j DROP + inet/filter/limit-539 -m limit --limit 1/second -j LOG + inet6/filter/limit-539 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 547 {"flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-540 + inet6/filter/INPUT -i eth0 -j limit-540 + inet/filter/limit-540 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-185 + inet6/filter/limit-540 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-185 + inet/filter/logdrop-185 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-185 -m limit --limit 1/second -j LOG + inet/filter/logdrop-185 -j DROP + inet6/filter/logdrop-185 -j DROP + inet/filter/limit-540 -j ACCEPT + inet6/filter/limit-540 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4441,27 +8117,191 @@ Filter 297 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 298 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 548 {"action":"pass","flow-limit":{"count":1,"interval":5,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-291 - inet6/filter/INPUT -i eth0 -j limit-291 - inet/filter/limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-186 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-186 inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 299 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 549 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-542 + inet6/filter/INPUT -i eth0 -j limit-542 + inet/filter/limit-542 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-187 + inet6/filter/limit-542 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-187 + inet/filter/logdrop-187 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-187 -m limit --limit 1/second -j LOG + inet/filter/logdrop-187 -j DROP + inet6/filter/logdrop-187 -j DROP + inet/filter/limit-542 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-542 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 550 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-543 + inet6/filter/INPUT -i eth0 -j limit-543 + inet/filter/limit-543 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-188 + inet6/filter/limit-543 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-188 + inet/filter/logdrop-188 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-188 -m limit --limit 1/second -j LOG + inet/filter/logdrop-188 -j DROP + inet6/filter/logdrop-188 -j DROP + inet/filter/limit-543 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-543 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 551 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-544 + inet6/filter/INPUT -i eth0 -j limit-544 + inet/filter/limit-544 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-189 + inet6/filter/limit-544 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-189 + inet/filter/logdrop-189 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-189 -m limit --limit 1/second -j LOG + inet/filter/logdrop-189 -j DROP + inet6/filter/logdrop-189 -j DROP + inet/filter/limit-544 -m limit --limit 1/second -j LOG + inet6/filter/limit-544 -m limit --limit 1/second -j LOG + inet/filter/limit-544 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-544 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 552 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-545 + inet6/filter/INPUT -i eth0 -j limit-545 + inet/filter/limit-545 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-190 + inet6/filter/limit-545 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-190 + inet/filter/logdrop-190 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-190 -m limit --limit 1/second -j LOG + inet/filter/logdrop-190 -j DROP + inet6/filter/logdrop-190 -j DROP + inet/filter/limit-545 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-545 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 553 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-546 + inet6/filter/INPUT -i eth0 -j limit-546 + inet/filter/limit-546 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-191 + inet6/filter/limit-546 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-191 + inet/filter/logdrop-191 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-191 -m limit --limit 1/second -j LOG + inet/filter/logdrop-191 -j DROP + inet6/filter/logdrop-191 -j DROP + inet/filter/limit-546 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-546 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 554 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-547 + inet6/filter/INPUT -i eth0 -j limit-547 + inet/filter/limit-547 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-192 + inet6/filter/limit-547 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-192 + inet/filter/logdrop-192 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-192 -m limit --limit 1/second -j LOG + inet/filter/logdrop-192 -j DROP + inet6/filter/logdrop-192 -j DROP + inet/filter/limit-547 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-547 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 555 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-548 + inet6/filter/INPUT -i eth0 -j limit-548 + inet/filter/limit-548 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-193 + inet6/filter/limit-548 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-193 + inet/filter/logdrop-193 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-193 -m limit --limit 1/second -j LOG + inet/filter/logdrop-193 -j DROP + inet6/filter/logdrop-193 -j DROP + inet/filter/limit-548 -j ACCEPT + inet6/filter/limit-548 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 556 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-292 - inet6/filter/INPUT -i eth0 -j limit-292 - inet/filter/limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-292 -m limit --limit 1/second -j LOG - inet6/filter/limit-292 -m limit --limit 1/second -j LOG - inet/filter/limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-194 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-194 + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 557 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-550 + inet6/filter/INPUT -i eth0 -j limit-550 + inet/filter/limit-550 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-195 + inet6/filter/limit-550 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-195 + inet/filter/logdrop-195 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-195 -m limit --limit 1/second -j LOG + inet/filter/logdrop-195 -j DROP + inet6/filter/logdrop-195 -j DROP + inet/filter/limit-550 -m limit --limit 1/second -j LOG + inet6/filter/limit-550 -m limit --limit 1/second -j LOG + inet/filter/limit-550 -j ACCEPT + inet6/filter/limit-550 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 558 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-551 + inet6/filter/INPUT -i eth0 -j limit-551 + inet/filter/limit-551 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-196 + inet6/filter/limit-551 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-196 + inet/filter/logdrop-196 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-196 -m limit --limit 1/second -j LOG + inet/filter/logdrop-196 -j DROP + inet6/filter/logdrop-196 -j DROP + inet/filter/limit-551 -m limit --limit 1/second -j LOG + inet6/filter/limit-551 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 559 {"flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-552 + inet6/filter/INPUT -i eth0 -j limit-552 + inet/filter/limit-552 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-197 + inet6/filter/limit-552 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-197 + inet/filter/logdrop-197 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-197 -m limit --limit 1/second -j LOG + inet/filter/logdrop-197 -j DROP + inet6/filter/logdrop-197 -j DROP + inet/filter/limit-552 -j ACCEPT + inet6/filter/limit-552 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4469,25 +8309,21 @@ Filter 299 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 300 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 560 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-293 - inet6/filter/INPUT -i eth0 -j limit-293 - inet/filter/limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-198 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-198 inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 301 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 561 {"flow-limit":{"count":1,"interval":5,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-294 - inet6/filter/INPUT -i eth0 -j limit-294 - inet/filter/limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-554 + inet6/filter/INPUT -i eth0 -j limit-554 + inet/filter/limit-554 -m recent --name limit-554 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-554 -m recent --name limit-554 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-554 -m recent --name limit-554 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-554 -m recent --name limit-554 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4495,25 +8331,27 @@ Filter 301 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 302 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 562 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-295 - inet6/filter/INPUT -i eth0 -j limit-295 - inet/filter/limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-555 + inet6/filter/INPUT -i eth0 -j limit-555 + inet/filter/limit-555 -m recent --name limit-555 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-555 -m recent --name limit-555 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-555 -m recent --name limit-555 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-555 -m recent --name limit-555 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 303 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 563 {"flow-limit":{"count":1,"interval":5,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-296 - inet6/filter/INPUT -i eth0 -j limit-296 - inet/filter/limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-556 + inet6/filter/INPUT -i eth0 -j limit-556 + inet/filter/limit-556 -m recent --name limit-556 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-556 -m recent --name limit-556 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-556 -m limit --limit 1/second -j LOG + inet6/filter/limit-556 -m limit --limit 1/second -j LOG + inet/filter/limit-556 -m recent --name limit-556 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-556 -m recent --name limit-556 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4521,27 +8359,25 @@ Filter 303 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 304 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 564 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-297 - inet6/filter/INPUT -i eth0 -j limit-297 - inet/filter/limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-557 + inet6/filter/INPUT -i eth0 -j limit-557 + inet/filter/limit-557 -m recent --name limit-557 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-557 -m recent --name limit-557 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-557 -m recent --name limit-557 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-557 -m recent --name limit-557 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 305 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 565 {"flow-limit":{"count":1,"interval":5,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-298 - inet6/filter/INPUT -i eth0 -j limit-298 - inet/filter/limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-298 -m limit --limit 1/second -j LOG - inet6/filter/limit-298 -m limit --limit 1/second -j LOG - inet/filter/limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-558 + inet6/filter/INPUT -i eth0 -j limit-558 + inet/filter/limit-558 -m recent --name limit-558 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-558 -m recent --name limit-558 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-558 -m recent --name limit-558 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-558 -m recent --name limit-558 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4549,25 +8385,25 @@ Filter 305 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 306 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 566 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-299 - inet6/filter/INPUT -i eth0 -j limit-299 - inet/filter/limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-559 + inet6/filter/INPUT -i eth0 -j limit-559 + inet/filter/limit-559 -m recent --name limit-559 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-559 -m recent --name limit-559 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-559 -m recent --name limit-559 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-559 -m recent --name limit-559 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 307 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 567 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-300 - inet6/filter/INPUT -i eth0 -j limit-300 - inet/filter/limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-560 + inet6/filter/INPUT -i eth0 -j limit-560 + inet/filter/limit-560 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-560 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-560 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-560 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4575,25 +8411,27 @@ Filter 307 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 308 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 568 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-301 - inet6/filter/INPUT -i eth0 -j limit-301 - inet/filter/limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-561 + inet6/filter/INPUT -i eth0 -j limit-561 + inet/filter/limit-561 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-561 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-561 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-561 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 309 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 569 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-302 - inet6/filter/INPUT -i eth0 -j limit-302 - inet/filter/limit-302 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-302 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-302 -j ACCEPT - inet6/filter/limit-302 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-562 + inet6/filter/INPUT -i eth0 -j limit-562 + inet/filter/limit-562 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-562 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-562 -m limit --limit 1/second -j LOG + inet6/filter/limit-562 -m limit --limit 1/second -j LOG + inet/filter/limit-562 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-562 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4601,23 +8439,25 @@ Filter 309 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 310 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 570 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/INPUT -i eth0 -j limit-563 + inet6/filter/INPUT -i eth0 -j limit-563 + inet/filter/limit-563 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-563 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-563 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-563 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 311 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 571 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-304 - inet6/filter/INPUT -i eth0 -j limit-304 - inet/filter/limit-304 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-304 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-304 -m limit --limit 1/second -j LOG - inet6/filter/limit-304 -m limit --limit 1/second -j LOG - inet/filter/limit-304 -j ACCEPT - inet6/filter/limit-304 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-564 + inet6/filter/INPUT -i eth0 -j limit-564 + inet/filter/limit-564 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-564 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-564 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-564 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4625,25 +8465,25 @@ Filter 311 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 312 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 572 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-305 - inet6/filter/INPUT -i eth0 -j limit-305 - inet/filter/limit-305 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-305 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-305 -m limit --limit 1/second -j LOG - inet6/filter/limit-305 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-565 + inet6/filter/INPUT -i eth0 -j limit-565 + inet/filter/limit-565 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-565 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-565 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-565 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 313 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 573 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-306 - inet6/filter/INPUT -i eth0 -j limit-306 - inet/filter/limit-306 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-306 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-306 -j ACCEPT - inet6/filter/limit-306 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-566 + inet6/filter/INPUT -i eth0 -j limit-566 + inet/filter/limit-566 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-566 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-566 -j ACCEPT + inet6/filter/limit-566 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4651,21 +8491,23 @@ Filter 313 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 314 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 574 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 315 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 575 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-308 - inet6/filter/INPUT -i eth0 -j limit-308 - inet/filter/limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-568 + inet6/filter/INPUT -i eth0 -j limit-568 + inet/filter/limit-568 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-568 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-568 -m limit --limit 1/second -j LOG + inet6/filter/limit-568 -m limit --limit 1/second -j LOG + inet/filter/limit-568 -j ACCEPT + inet6/filter/limit-568 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4673,27 +8515,25 @@ Filter 315 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 316 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 576 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-309 - inet6/filter/INPUT -i eth0 -j limit-309 - inet/filter/limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-569 + inet6/filter/INPUT -i eth0 -j limit-569 + inet/filter/limit-569 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-569 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-569 -m limit --limit 1/second -j LOG + inet6/filter/limit-569 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 317 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 577 {"flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-310 - inet6/filter/INPUT -i eth0 -j limit-310 - inet/filter/limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-310 -m limit --limit 1/second -j LOG - inet6/filter/limit-310 -m limit --limit 1/second -j LOG - inet/filter/limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-570 + inet6/filter/INPUT -i eth0 -j limit-570 + inet/filter/limit-570 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-570 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-570 -j ACCEPT + inet6/filter/limit-570 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4701,25 +8541,21 @@ Filter 317 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 318 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 578 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-311 - inet6/filter/INPUT -i eth0 -j limit-311 - inet/filter/limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 319 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 579 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-312 - inet6/filter/INPUT -i eth0 -j limit-312 - inet/filter/limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-572 + inet6/filter/INPUT -i eth0 -j limit-572 + inet/filter/limit-572 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-572 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-572 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-572 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4727,25 +8563,27 @@ Filter 319 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 320 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 580 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-313 - inet6/filter/INPUT -i eth0 -j limit-313 - inet/filter/limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-573 + inet6/filter/INPUT -i eth0 -j limit-573 + inet/filter/limit-573 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-573 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-573 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-573 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 321 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 581 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-314 - inet6/filter/INPUT -i eth0 -j limit-314 - inet/filter/limit-314 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-314 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-314 -j ACCEPT - inet6/filter/limit-314 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-574 + inet6/filter/INPUT -i eth0 -j limit-574 + inet/filter/limit-574 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-574 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-574 -m limit --limit 1/second -j LOG + inet6/filter/limit-574 -m limit --limit 1/second -j LOG + inet/filter/limit-574 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-574 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4753,23 +8591,25 @@ Filter 321 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 322 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 582 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/INPUT -i eth0 -j limit-575 + inet6/filter/INPUT -i eth0 -j limit-575 + inet/filter/limit-575 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-575 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-575 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-575 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 323 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 583 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-316 - inet6/filter/INPUT -i eth0 -j limit-316 - inet/filter/limit-316 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-316 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-316 -m limit --limit 1/second -j LOG - inet6/filter/limit-316 -m limit --limit 1/second -j LOG - inet/filter/limit-316 -j ACCEPT - inet6/filter/limit-316 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-576 + inet6/filter/INPUT -i eth0 -j limit-576 + inet/filter/limit-576 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-576 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-576 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-576 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4777,25 +8617,25 @@ Filter 323 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 324 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 584 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-317 - inet6/filter/INPUT -i eth0 -j limit-317 - inet/filter/limit-317 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-317 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-317 -m limit --limit 1/second -j LOG - inet6/filter/limit-317 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-577 + inet6/filter/INPUT -i eth0 -j limit-577 + inet/filter/limit-577 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-577 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-577 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-577 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 325 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 585 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-318 - inet6/filter/INPUT -i eth0 -j limit-318 - inet/filter/limit-318 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-318 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-318 -j ACCEPT - inet6/filter/limit-318 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-578 + inet6/filter/INPUT -i eth0 -j limit-578 + inet/filter/limit-578 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-578 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-578 -j ACCEPT + inet6/filter/limit-578 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4803,23 +8643,23 @@ Filter 325 {"flow-limit":{"addr":"dest","count":1,"log": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 326 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 586 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 327 {"flow-limit":150,"in":"A","no-track":true,"out":"_fw"} +Filter 587 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-320 - inet6/filter/INPUT -i eth0 -j limit-320 - inet/filter/limit-320 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-320 -j ACCEPT - inet6/filter/limit-320 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-320 -j ACCEPT - inet/filter/limit-320 -m limit --limit 1/second -j LOG - inet6/filter/limit-320 -m limit --limit 1/second -j LOG - inet/filter/limit-320 -j DROP - inet6/filter/limit-320 -j DROP + inet/filter/INPUT -i eth0 -j limit-580 + inet6/filter/INPUT -i eth0 -j limit-580 + inet/filter/limit-580 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-580 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-580 -m limit --limit 1/second -j LOG + inet6/filter/limit-580 -m limit --limit 1/second -j LOG + inet/filter/limit-580 -j ACCEPT + inet6/filter/limit-580 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4827,33 +8667,25 @@ Filter 327 {"flow-limit":150,"in":"A","no-track":true,"o inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 328 {"action":"pass","flow-limit":150,"in":"A","no-track":true,"out":"_fw"} +Filter 588 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-321 - inet6/filter/INPUT -i eth0 -j limit-321 - inet/filter/limit-321 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-321 -j RETURN - inet6/filter/limit-321 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-321 -j RETURN - inet/filter/limit-321 -m limit --limit 1/second -j LOG - inet6/filter/limit-321 -m limit --limit 1/second -j LOG - inet/filter/limit-321 -j DROP - inet6/filter/limit-321 -j DROP + inet/filter/INPUT -i eth0 -j limit-581 + inet6/filter/INPUT -i eth0 -j limit-581 + inet/filter/limit-581 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-581 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-581 -m limit --limit 1/second -j LOG + inet6/filter/limit-581 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 329 {"flow-limit":150,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 589 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-322 - inet6/filter/INPUT -i eth0 -j limit-322 - inet/filter/limit-322 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-322 -j logaccept-4 - inet6/filter/limit-322 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-322 -j logaccept-4 - inet/filter/logaccept-4 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG - inet/filter/logaccept-4 -j ACCEPT - inet6/filter/logaccept-4 -j ACCEPT - inet/filter/limit-322 -m limit --limit 1/second -j LOG - inet6/filter/limit-322 -m limit --limit 1/second -j LOG - inet/filter/limit-322 -j DROP - inet6/filter/limit-322 -j DROP + inet/filter/INPUT -i eth0 -j limit-582 + inet6/filter/INPUT -i eth0 -j limit-582 + inet/filter/limit-582 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-582 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-582 -j ACCEPT + inet6/filter/limit-582 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4861,16 +8693,21 @@ Filter 329 {"flow-limit":150,"in":"A","log":true,"no-tra inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 330 {"flow-limit":150,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 590 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 591 {"flow-limit":{"count":1,"interval":5,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-323 - inet6/filter/INPUT -i eth0 -j limit-323 - inet/filter/limit-323 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-323 -j ACCEPT - inet6/filter/limit-323 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-323 -j ACCEPT - inet/filter/limit-323 -m limit --limit 1/second -j LOG - inet6/filter/limit-323 -m limit --limit 1/second -j LOG - inet/filter/limit-323 -j DROP - inet6/filter/limit-323 -j DROP + inet/filter/INPUT -i eth0 -j limit-584 + inet6/filter/INPUT -i eth0 -j limit-584 + inet/filter/limit-584 -m recent --name limit-584 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-584 -m recent --name limit-584 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4878,16 +8715,27 @@ Filter 330 {"flow-limit":150,"in":"A","log":"none","no-t inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 331 {"flow-limit":{"count":150},"in":"A","no-track":true,"out":"_fw"} +Filter 592 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-324 - inet6/filter/INPUT -i eth0 -j limit-324 - inet/filter/limit-324 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-324 -j ACCEPT - inet6/filter/limit-324 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-324 -j ACCEPT - inet/filter/limit-324 -m limit --limit 1/second -j LOG - inet6/filter/limit-324 -m limit --limit 1/second -j LOG - inet/filter/limit-324 -j DROP - inet6/filter/limit-324 -j DROP + inet/filter/INPUT -i eth0 -j limit-585 + inet6/filter/INPUT -i eth0 -j limit-585 + inet/filter/limit-585 -m recent --name limit-585 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-585 -m recent --name limit-585 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 593 {"flow-limit":{"count":1,"interval":5,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-586 + inet6/filter/INPUT -i eth0 -j limit-586 + inet/filter/limit-586 -m recent --name limit-586 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-586 -m recent --name limit-586 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-586 -m limit --limit 1/second -j LOG + inet6/filter/limit-586 -m limit --limit 1/second -j LOG + inet/filter/limit-586 -m recent --name limit-586 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-586 -m recent --name limit-586 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4895,33 +8743,25 @@ Filter 331 {"flow-limit":{"count":150},"in":"A","no-trac inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 332 {"action":"pass","flow-limit":{"count":150},"in":"A","no-track":true,"out":"_fw"} +Filter 594 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-325 - inet6/filter/INPUT -i eth0 -j limit-325 - inet/filter/limit-325 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-325 -j RETURN - inet6/filter/limit-325 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-325 -j RETURN - inet/filter/limit-325 -m limit --limit 1/second -j LOG - inet6/filter/limit-325 -m limit --limit 1/second -j LOG - inet/filter/limit-325 -j DROP - inet6/filter/limit-325 -j DROP + inet/filter/INPUT -i eth0 -j limit-587 + inet6/filter/INPUT -i eth0 -j limit-587 + inet/filter/limit-587 -m recent --name limit-587 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-587 -m recent --name limit-587 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-587 -m recent --name limit-587 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-587 -m recent --name limit-587 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 333 {"flow-limit":{"count":150},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 595 {"flow-limit":{"count":1,"interval":5,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-326 - inet6/filter/INPUT -i eth0 -j limit-326 - inet/filter/limit-326 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-326 -j logaccept-5 - inet6/filter/limit-326 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-326 -j logaccept-5 - inet/filter/logaccept-5 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-5 -m limit --limit 1/second -j LOG - inet/filter/logaccept-5 -j ACCEPT - inet6/filter/logaccept-5 -j ACCEPT - inet/filter/limit-326 -m limit --limit 1/second -j LOG - inet6/filter/limit-326 -m limit --limit 1/second -j LOG - inet/filter/limit-326 -j DROP - inet6/filter/limit-326 -j DROP + inet/filter/INPUT -i eth0 -j limit-588 + inet6/filter/INPUT -i eth0 -j limit-588 + inet/filter/limit-588 -m recent --name limit-588 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-588 -m recent --name limit-588 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-588 -m recent --name limit-588 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-588 -m recent --name limit-588 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4929,16 +8769,25 @@ Filter 333 {"flow-limit":{"count":150},"in":"A","log":tr inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 334 {"flow-limit":{"count":150},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 596 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-327 - inet6/filter/INPUT -i eth0 -j limit-327 - inet/filter/limit-327 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-327 -j ACCEPT - inet6/filter/limit-327 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-327 -j ACCEPT - inet/filter/limit-327 -m limit --limit 1/second -j LOG - inet6/filter/limit-327 -m limit --limit 1/second -j LOG - inet/filter/limit-327 -j DROP - inet6/filter/limit-327 -j DROP + inet/filter/INPUT -i eth0 -j limit-589 + inet6/filter/INPUT -i eth0 -j limit-589 + inet/filter/limit-589 -m recent --name limit-589 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-589 -m recent --name limit-589 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-589 -m recent --name limit-589 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-589 -m recent --name limit-589 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 597 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-590 + inet6/filter/INPUT -i eth0 -j limit-590 + inet/filter/limit-590 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-590 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-590 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-590 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4946,14 +8795,27 @@ Filter 334 {"flow-limit":{"count":150},"in":"A","log":"n inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 335 {"flow-limit":{"count":150,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 598 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-328 - inet6/filter/INPUT -i eth0 -j limit-328 - inet/filter/limit-328 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-328 -j ACCEPT - inet6/filter/limit-328 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-328 -j ACCEPT - inet/filter/limit-328 -j DROP - inet6/filter/limit-328 -j DROP + inet/filter/INPUT -i eth0 -j limit-591 + inet6/filter/INPUT -i eth0 -j limit-591 + inet/filter/limit-591 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-591 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-591 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-591 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 599 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-592 + inet6/filter/INPUT -i eth0 -j limit-592 + inet/filter/limit-592 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-592 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-592 -m limit --limit 1/second -j LOG + inet6/filter/limit-592 -m limit --limit 1/second -j LOG + inet/filter/limit-592 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-592 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4961,29 +8823,51 @@ Filter 335 {"flow-limit":{"count":150,"log":false},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 336 {"action":"pass","flow-limit":{"count":150,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 600 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-329 - inet6/filter/INPUT -i eth0 -j limit-329 - inet/filter/limit-329 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-329 -j RETURN - inet6/filter/limit-329 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-329 -j RETURN - inet/filter/limit-329 -j DROP - inet6/filter/limit-329 -j DROP + inet/filter/INPUT -i eth0 -j limit-593 + inet6/filter/INPUT -i eth0 -j limit-593 + inet/filter/limit-593 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-593 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-593 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-593 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 337 {"flow-limit":{"count":150,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 601 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-330 - inet6/filter/INPUT -i eth0 -j limit-330 - inet/filter/limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-330 -j logaccept-6 - inet6/filter/limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-330 -j logaccept-6 - inet/filter/logaccept-6 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG - inet/filter/logaccept-6 -j ACCEPT - inet6/filter/logaccept-6 -j ACCEPT - inet/filter/limit-330 -j DROP - inet6/filter/limit-330 -j DROP + inet/filter/INPUT -i eth0 -j limit-594 + inet6/filter/INPUT -i eth0 -j limit-594 + inet/filter/limit-594 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-594 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-594 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-594 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 602 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-595 + inet6/filter/INPUT -i eth0 -j limit-595 + inet/filter/limit-595 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-595 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-595 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-595 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 603 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-596 + inet6/filter/INPUT -i eth0 -j limit-596 + inet/filter/limit-596 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-596 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-596 -j ACCEPT + inet6/filter/limit-596 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -4991,14 +8875,23 @@ Filter 337 {"flow-limit":{"count":150,"log":false},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 338 {"flow-limit":{"count":150,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 604 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 605 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-331 - inet6/filter/INPUT -i eth0 -j limit-331 - inet/filter/limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-331 -j ACCEPT - inet6/filter/limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-331 -j ACCEPT - inet/filter/limit-331 -j DROP - inet6/filter/limit-331 -j DROP + inet/filter/INPUT -i eth0 -j limit-598 + inet6/filter/INPUT -i eth0 -j limit-598 + inet/filter/limit-598 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-598 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-598 -m limit --limit 1/second -j LOG + inet6/filter/limit-598 -m limit --limit 1/second -j LOG + inet/filter/limit-598 -j ACCEPT + inet6/filter/limit-598 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -5006,14 +8899,25 @@ Filter 338 {"flow-limit":{"count":150,"log":false},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 339 {"flow-limit":{"count":150,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 606 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-599 + inet6/filter/INPUT -i eth0 -j limit-599 + inet/filter/limit-599 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-599 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-599 -m limit --limit 1/second -j LOG + inet6/filter/limit-599 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 607 {"flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-332 - inet6/filter/INPUT -i eth0 -j limit-332 - inet/filter/limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-332 -j ACCEPT - inet6/filter/limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-332 -j ACCEPT - inet/filter/limit-332 -j DROP - inet6/filter/limit-332 -j DROP + inet/filter/INPUT -i eth0 -j limit-600 + inet6/filter/INPUT -i eth0 -j limit-600 + inet/filter/limit-600 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-600 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-600 -j ACCEPT + inet6/filter/limit-600 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -5021,29 +8925,587 @@ Filter 339 {"flow-limit":{"count":150,"log":"none"},"in" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 340 {"action":"pass","flow-limit":{"count":150,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 608 {"action":"pass","flow-limit":{"count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-333 - inet6/filter/INPUT -i eth0 -j limit-333 - inet/filter/limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-333 -j RETURN - inet6/filter/limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-333 -j RETURN - inet/filter/limit-333 -j DROP - inet6/filter/limit-333 -j DROP + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 341 {"flow-limit":{"count":150,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 609 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-602 + inet6/filter/INPUT -i eth0 -j limit-602 + inet/filter/limit-602 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-602 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-602 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-602 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 610 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-603 + inet6/filter/INPUT -i eth0 -j limit-603 + inet/filter/limit-603 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-603 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-603 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-603 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 611 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-604 + inet6/filter/INPUT -i eth0 -j limit-604 + inet/filter/limit-604 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-604 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-604 -m limit --limit 1/second -j LOG + inet6/filter/limit-604 -m limit --limit 1/second -j LOG + inet/filter/limit-604 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-604 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 612 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-605 + inet6/filter/INPUT -i eth0 -j limit-605 + inet/filter/limit-605 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-605 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-605 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-605 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 613 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-606 + inet6/filter/INPUT -i eth0 -j limit-606 + inet/filter/limit-606 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-606 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-606 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-606 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 614 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-607 + inet6/filter/INPUT -i eth0 -j limit-607 + inet/filter/limit-607 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-607 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-607 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-607 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 615 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-608 + inet6/filter/INPUT -i eth0 -j limit-608 + inet/filter/limit-608 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-608 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-608 -j ACCEPT + inet6/filter/limit-608 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 616 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-334 - inet6/filter/INPUT -i eth0 -j limit-334 - inet/filter/limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-334 -j logaccept-7 - inet6/filter/limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-334 -j logaccept-7 + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 617 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-610 + inet6/filter/INPUT -i eth0 -j limit-610 + inet/filter/limit-610 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-610 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-610 -m limit --limit 1/second -j LOG + inet6/filter/limit-610 -m limit --limit 1/second -j LOG + inet/filter/limit-610 -j ACCEPT + inet6/filter/limit-610 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 618 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-611 + inet6/filter/INPUT -i eth0 -j limit-611 + inet/filter/limit-611 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-611 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-611 -m limit --limit 1/second -j LOG + inet6/filter/limit-611 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 619 {"flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-612 + inet6/filter/INPUT -i eth0 -j limit-612 + inet/filter/limit-612 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/limit-612 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/filter/limit-612 -j ACCEPT + inet6/filter/limit-612 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 620 {"action":"pass","flow-limit":{"addr":"dest","count":1,"interval":5,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 621 {"flow-limit":150,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-614 + inet6/filter/INPUT -i eth0 -j limit-614 + inet/filter/limit-614 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-614 -j ACCEPT + inet6/filter/limit-614 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-614 -j ACCEPT + inet/filter/limit-614 -m limit --limit 1/second -j LOG + inet6/filter/limit-614 -m limit --limit 1/second -j LOG + inet/filter/limit-614 -j DROP + inet6/filter/limit-614 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 622 {"action":"pass","flow-limit":150,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-615 + inet6/filter/INPUT -i eth0 -j limit-615 + inet/filter/limit-615 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-615 -j RETURN + inet6/filter/limit-615 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-615 -j RETURN + inet/filter/limit-615 -m limit --limit 1/second -j LOG + inet6/filter/limit-615 -m limit --limit 1/second -j LOG + inet/filter/limit-615 -j DROP + inet6/filter/limit-615 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 623 {"flow-limit":150,"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-616 + inet6/filter/INPUT -i eth0 -j limit-616 + inet/filter/limit-616 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-616 -j logaccept-7 + inet6/filter/limit-616 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-616 -j logaccept-7 inet/filter/logaccept-7 -m limit --limit 1/second -j LOG inet6/filter/logaccept-7 -m limit --limit 1/second -j LOG inet/filter/logaccept-7 -j ACCEPT inet6/filter/logaccept-7 -j ACCEPT - inet/filter/limit-334 -j DROP - inet6/filter/limit-334 -j DROP + inet/filter/limit-616 -m limit --limit 1/second -j LOG + inet6/filter/limit-616 -m limit --limit 1/second -j LOG + inet/filter/limit-616 -j DROP + inet6/filter/limit-616 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 624 {"flow-limit":150,"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-617 + inet6/filter/INPUT -i eth0 -j limit-617 + inet/filter/limit-617 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-617 -j ACCEPT + inet6/filter/limit-617 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-617 -j ACCEPT + inet/filter/limit-617 -m limit --limit 1/second -j LOG + inet6/filter/limit-617 -m limit --limit 1/second -j LOG + inet/filter/limit-617 -j DROP + inet6/filter/limit-617 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 625 {"flow-limit":{"count":150},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-618 + inet6/filter/INPUT -i eth0 -j limit-618 + inet/filter/limit-618 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-618 -j ACCEPT + inet6/filter/limit-618 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-618 -j ACCEPT + inet/filter/limit-618 -m limit --limit 1/second -j LOG + inet6/filter/limit-618 -m limit --limit 1/second -j LOG + inet/filter/limit-618 -j DROP + inet6/filter/limit-618 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 626 {"action":"pass","flow-limit":{"count":150},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-619 + inet6/filter/INPUT -i eth0 -j limit-619 + inet/filter/limit-619 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-619 -j RETURN + inet6/filter/limit-619 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-619 -j RETURN + inet/filter/limit-619 -m limit --limit 1/second -j LOG + inet6/filter/limit-619 -m limit --limit 1/second -j LOG + inet/filter/limit-619 -j DROP + inet6/filter/limit-619 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 627 {"flow-limit":{"count":150},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-620 + inet6/filter/INPUT -i eth0 -j limit-620 + inet/filter/limit-620 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-620 -j logaccept-8 + inet6/filter/limit-620 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-620 -j logaccept-8 + inet/filter/logaccept-8 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-8 -m limit --limit 1/second -j LOG + inet/filter/logaccept-8 -j ACCEPT + inet6/filter/logaccept-8 -j ACCEPT + inet/filter/limit-620 -m limit --limit 1/second -j LOG + inet6/filter/limit-620 -m limit --limit 1/second -j LOG + inet/filter/limit-620 -j DROP + inet6/filter/limit-620 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 628 {"flow-limit":{"count":150},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-621 + inet6/filter/INPUT -i eth0 -j limit-621 + inet/filter/limit-621 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-621 -j ACCEPT + inet6/filter/limit-621 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-621 -j ACCEPT + inet/filter/limit-621 -m limit --limit 1/second -j LOG + inet6/filter/limit-621 -m limit --limit 1/second -j LOG + inet/filter/limit-621 -j DROP + inet6/filter/limit-621 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 629 {"flow-limit":{"count":150,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-622 + inet6/filter/INPUT -i eth0 -j limit-622 + inet/filter/limit-622 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-622 -j ACCEPT + inet6/filter/limit-622 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-622 -j ACCEPT + inet/filter/limit-622 -j DROP + inet6/filter/limit-622 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 630 {"action":"pass","flow-limit":{"count":150,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-623 + inet6/filter/INPUT -i eth0 -j limit-623 + inet/filter/limit-623 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-623 -j RETURN + inet6/filter/limit-623 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-623 -j RETURN + inet/filter/limit-623 -j DROP + inet6/filter/limit-623 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 631 {"flow-limit":{"count":150,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-624 + inet6/filter/INPUT -i eth0 -j limit-624 + inet/filter/limit-624 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-624 -j logaccept-9 + inet6/filter/limit-624 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-624 -j logaccept-9 + inet/filter/logaccept-9 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-9 -m limit --limit 1/second -j LOG + inet/filter/logaccept-9 -j ACCEPT + inet6/filter/logaccept-9 -j ACCEPT + inet/filter/limit-624 -j DROP + inet6/filter/limit-624 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 632 {"flow-limit":{"count":150,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-625 + inet6/filter/INPUT -i eth0 -j limit-625 + inet/filter/limit-625 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-625 -j ACCEPT + inet6/filter/limit-625 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-625 -j ACCEPT + inet/filter/limit-625 -j DROP + inet6/filter/limit-625 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 633 {"flow-limit":{"count":150,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-626 + inet6/filter/INPUT -i eth0 -j limit-626 + inet/filter/limit-626 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-626 -j ACCEPT + inet6/filter/limit-626 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-626 -j ACCEPT + inet/filter/limit-626 -j DROP + inet6/filter/limit-626 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 634 {"action":"pass","flow-limit":{"count":150,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-627 + inet6/filter/INPUT -i eth0 -j limit-627 + inet/filter/limit-627 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-627 -j RETURN + inet6/filter/limit-627 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-627 -j RETURN + inet/filter/limit-627 -j DROP + inet6/filter/limit-627 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 635 {"flow-limit":{"count":150,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-628 + inet6/filter/INPUT -i eth0 -j limit-628 + inet/filter/limit-628 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-628 -j logaccept-10 + inet6/filter/limit-628 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-628 -j logaccept-10 + inet/filter/logaccept-10 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-10 -m limit --limit 1/second -j LOG + inet/filter/logaccept-10 -j ACCEPT + inet6/filter/logaccept-10 -j ACCEPT + inet/filter/limit-628 -j DROP + inet6/filter/limit-628 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 636 {"flow-limit":{"count":150,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-629 + inet6/filter/INPUT -i eth0 -j limit-629 + inet/filter/limit-629 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-629 -j ACCEPT + inet6/filter/limit-629 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-629 -j ACCEPT + inet/filter/limit-629 -j DROP + inet6/filter/limit-629 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 637 {"flow-limit":{"count":150,"interval":5},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-630 + inet6/filter/INPUT -i eth0 -j limit-630 + inet/filter/limit-630 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-630 -j ACCEPT + inet6/filter/limit-630 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-630 -j ACCEPT + inet/filter/limit-630 -m limit --limit 1/second -j LOG + inet6/filter/limit-630 -m limit --limit 1/second -j LOG + inet/filter/limit-630 -j DROP + inet6/filter/limit-630 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 638 {"action":"pass","flow-limit":{"count":150,"interval":5},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-631 + inet6/filter/INPUT -i eth0 -j limit-631 + inet/filter/limit-631 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-631 -j RETURN + inet6/filter/limit-631 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-631 -j RETURN + inet/filter/limit-631 -m limit --limit 1/second -j LOG + inet6/filter/limit-631 -m limit --limit 1/second -j LOG + inet/filter/limit-631 -j DROP + inet6/filter/limit-631 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 639 {"flow-limit":{"count":150,"interval":5},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-632 + inet6/filter/INPUT -i eth0 -j limit-632 + inet/filter/limit-632 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-632 -j logaccept-11 + inet6/filter/limit-632 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-632 -j logaccept-11 + inet/filter/logaccept-11 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-11 -m limit --limit 1/second -j LOG + inet/filter/logaccept-11 -j ACCEPT + inet6/filter/logaccept-11 -j ACCEPT + inet/filter/limit-632 -m limit --limit 1/second -j LOG + inet6/filter/limit-632 -m limit --limit 1/second -j LOG + inet/filter/limit-632 -j DROP + inet6/filter/limit-632 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 640 {"flow-limit":{"count":150,"interval":5},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-633 + inet6/filter/INPUT -i eth0 -j limit-633 + inet/filter/limit-633 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-633 -j ACCEPT + inet6/filter/limit-633 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-633 -j ACCEPT + inet/filter/limit-633 -m limit --limit 1/second -j LOG + inet6/filter/limit-633 -m limit --limit 1/second -j LOG + inet/filter/limit-633 -j DROP + inet6/filter/limit-633 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 641 {"flow-limit":{"count":150,"interval":5,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-634 + inet6/filter/INPUT -i eth0 -j limit-634 + inet/filter/limit-634 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-634 -j ACCEPT + inet6/filter/limit-634 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-634 -j ACCEPT + inet/filter/limit-634 -j DROP + inet6/filter/limit-634 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 642 {"action":"pass","flow-limit":{"count":150,"interval":5,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-635 + inet6/filter/INPUT -i eth0 -j limit-635 + inet/filter/limit-635 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-635 -j RETURN + inet6/filter/limit-635 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-635 -j RETURN + inet/filter/limit-635 -j DROP + inet6/filter/limit-635 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 643 {"flow-limit":{"count":150,"interval":5,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-636 + inet6/filter/INPUT -i eth0 -j limit-636 + inet/filter/limit-636 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-636 -j logaccept-12 + inet6/filter/limit-636 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-636 -j logaccept-12 + inet/filter/logaccept-12 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-12 -m limit --limit 1/second -j LOG + inet/filter/logaccept-12 -j ACCEPT + inet6/filter/logaccept-12 -j ACCEPT + inet/filter/limit-636 -j DROP + inet6/filter/limit-636 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 644 {"flow-limit":{"count":150,"interval":5,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-637 + inet6/filter/INPUT -i eth0 -j limit-637 + inet/filter/limit-637 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-637 -j ACCEPT + inet6/filter/limit-637 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-637 -j ACCEPT + inet/filter/limit-637 -j DROP + inet6/filter/limit-637 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 645 {"flow-limit":{"count":150,"interval":5,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-638 + inet6/filter/INPUT -i eth0 -j limit-638 + inet/filter/limit-638 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-638 -j ACCEPT + inet6/filter/limit-638 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-638 -j ACCEPT + inet/filter/limit-638 -j DROP + inet6/filter/limit-638 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 646 {"action":"pass","flow-limit":{"count":150,"interval":5,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-639 + inet6/filter/INPUT -i eth0 -j limit-639 + inet/filter/limit-639 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-639 -j RETURN + inet6/filter/limit-639 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-639 -j RETURN + inet/filter/limit-639 -j DROP + inet6/filter/limit-639 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 647 {"flow-limit":{"count":150,"interval":5,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-640 + inet6/filter/INPUT -i eth0 -j limit-640 + inet/filter/limit-640 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-640 -j logaccept-13 + inet6/filter/limit-640 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-640 -j logaccept-13 + inet/filter/logaccept-13 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-13 -m limit --limit 1/second -j LOG + inet/filter/logaccept-13 -j ACCEPT + inet6/filter/logaccept-13 -j ACCEPT + inet/filter/limit-640 -j DROP + inet6/filter/limit-640 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -5051,14 +9513,14 @@ Filter 341 {"flow-limit":{"count":150,"log":"none"},"in" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 342 {"flow-limit":{"count":150,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 648 {"flow-limit":{"count":150,"interval":5,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-335 - inet6/filter/INPUT -i eth0 -j limit-335 - inet/filter/limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-335 -j ACCEPT - inet6/filter/limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-335 -j ACCEPT - inet/filter/limit-335 -j DROP - inet6/filter/limit-335 -j DROP + inet/filter/INPUT -i eth0 -j limit-641 + inet6/filter/INPUT -i eth0 -j limit-641 + inet/filter/limit-641 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-641 -j ACCEPT + inet6/filter/limit-641 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-641 -j ACCEPT + inet/filter/limit-641 -j DROP + inet6/filter/limit-641 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -5066,7 +9528,7 @@ Filter 342 {"flow-limit":{"count":150,"log":"none"},"in" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 343 {"update-limit":"foo"} +Filter 649 {"update-limit":"foo"} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -5075,7 +9537,7 @@ Filter 343 {"update-limit":"foo"} inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 344 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} +Filter 650 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -5084,7 +9546,7 @@ Filter 344 {"update-limit":{"addr":"src","measure":"conn inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 345 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} +Filter 651 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set @@ -5093,7 +9555,7 @@ Filter 345 {"update-limit":{"addr":"dest","measure":"con inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 346 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} +Filter 652 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -5102,7 +9564,7 @@ Filter 346 {"update-limit":{"addr":"src","measure":"flow inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 347 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} +Filter 653 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set @@ -5111,7 +9573,7 @@ Filter 347 {"update-limit":{"addr":"dest","measure":"flo inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 348 {} +Filter 654 {} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -5120,20 +9582,20 @@ Filter 348 {} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 349 {"action":"drop"} +Filter 655 {"action":"drop"} (log) - inet/filter/FORWARD -j logdrop-109 - inet6/filter/FORWARD -j logdrop-109 - inet/filter/INPUT -j logdrop-109 - inet6/filter/INPUT -j logdrop-109 - inet/filter/OUTPUT -j logdrop-109 - inet6/filter/OUTPUT -j logdrop-109 - inet/filter/logdrop-109 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-109 -m limit --limit 1/second -j LOG - inet/filter/logdrop-109 -j DROP - inet6/filter/logdrop-109 -j DROP - -Filter 350 {"action":"pass"} + inet/filter/FORWARD -j logdrop-199 + inet6/filter/FORWARD -j logdrop-199 + inet/filter/INPUT -j logdrop-199 + inet6/filter/INPUT -j logdrop-199 + inet/filter/OUTPUT -j logdrop-199 + inet6/filter/OUTPUT -j logdrop-199 + inet/filter/logdrop-199 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-199 -m limit --limit 1/second -j LOG + inet/filter/logdrop-199 -j DROP + inet6/filter/logdrop-199 -j DROP + +Filter 656 {"action":"pass"} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -5142,7 +9604,7 @@ Filter 350 {"action":"pass"} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 351 {"log":false} +Filter 657 {"log":false} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -5151,7 +9613,7 @@ Filter 351 {"log":false} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 352 {"action":"drop","log":false} +Filter 658 {"action":"drop","log":false} (log) inet/filter/FORWARD -j DROP inet6/filter/FORWARD -j DROP @@ -5160,7 +9622,7 @@ Filter 352 {"action":"drop","log":false} inet/filter/OUTPUT -j DROP inet6/filter/OUTPUT -j DROP -Filter 353 {"action":"pass","log":false} +Filter 659 {"action":"pass","log":false} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -5169,33 +9631,33 @@ Filter 353 {"action":"pass","log":false} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 354 {"log":true} +Filter 660 {"log":true} (log) - inet/filter/FORWARD -j logaccept-8 - inet6/filter/FORWARD -j logaccept-8 - inet/filter/INPUT -j logaccept-8 - inet6/filter/INPUT -j logaccept-8 - inet/filter/OUTPUT -j logaccept-8 - inet6/filter/OUTPUT -j logaccept-8 - inet/filter/logaccept-8 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-8 -m limit --limit 1/second -j LOG - inet/filter/logaccept-8 -j ACCEPT - inet6/filter/logaccept-8 -j ACCEPT - -Filter 355 {"action":"drop","log":true} + inet/filter/FORWARD -j logaccept-14 + inet6/filter/FORWARD -j logaccept-14 + inet/filter/INPUT -j logaccept-14 + inet6/filter/INPUT -j logaccept-14 + inet/filter/OUTPUT -j logaccept-14 + inet6/filter/OUTPUT -j logaccept-14 + inet/filter/logaccept-14 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-14 -m limit --limit 1/second -j LOG + inet/filter/logaccept-14 -j ACCEPT + inet6/filter/logaccept-14 -j ACCEPT + +Filter 661 {"action":"drop","log":true} (log) - inet/filter/FORWARD -j logdrop-110 - inet6/filter/FORWARD -j logdrop-110 - inet/filter/INPUT -j logdrop-110 - inet6/filter/INPUT -j logdrop-110 - inet/filter/OUTPUT -j logdrop-110 - inet6/filter/OUTPUT -j logdrop-110 - inet/filter/logdrop-110 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-110 -m limit --limit 1/second -j LOG - inet/filter/logdrop-110 -j DROP - inet6/filter/logdrop-110 -j DROP - -Filter 356 {"action":"pass","log":true} + inet/filter/FORWARD -j logdrop-200 + inet6/filter/FORWARD -j logdrop-200 + inet/filter/INPUT -j logdrop-200 + inet6/filter/INPUT -j logdrop-200 + inet/filter/OUTPUT -j logdrop-200 + inet6/filter/OUTPUT -j logdrop-200 + inet/filter/logdrop-200 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-200 -m limit --limit 1/second -j LOG + inet/filter/logdrop-200 -j DROP + inet6/filter/logdrop-200 -j DROP + +Filter 662 {"action":"pass","log":true} (log) inet/filter/FORWARD -j logpass-0 inet6/filter/FORWARD -j logpass-0 @@ -5206,7 +9668,7 @@ Filter 356 {"action":"pass","log":true} inet/filter/logpass-0 -m limit --limit 1/second -j LOG inet6/filter/logpass-0 -m limit --limit 1/second -j LOG -Filter 357 {"log":"none"} +Filter 663 {"log":"none"} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -5215,7 +9677,7 @@ Filter 357 {"log":"none"} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 358 {"action":"drop","log":"none"} +Filter 664 {"action":"drop","log":"none"} (log) inet/filter/FORWARD -j DROP inet6/filter/FORWARD -j DROP @@ -5224,7 +9686,7 @@ Filter 358 {"action":"drop","log":"none"} inet/filter/OUTPUT -j DROP inet6/filter/OUTPUT -j DROP -Filter 359 {"action":"pass","log":"none"} +Filter 665 {"action":"pass","log":"none"} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -5233,7 +9695,7 @@ Filter 359 {"action":"pass","log":"none"} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 360 {"in":"_fw","no-track":true,"service":"http"} +Filter 666 {"in":"_fw","no-track":true,"service":"http"} (no-track) inet/filter/OUTPUT -p tcp --dport 80 -j ACCEPT inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT @@ -5244,7 +9706,7 @@ Filter 360 {"in":"_fw","no-track":true,"service":"http"} inet/filter/INPUT -p tcp --sport 80 -j ACCEPT inet6/filter/INPUT -p tcp --sport 80 -j ACCEPT -Filter 361 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} +Filter 667 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} (no-track) inet/filter/FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT @@ -5267,7 +9729,7 @@ Filter 361 {"dest":"172.17.0.0\/16","no-track":true,"ser inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT -Filter 362 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} +Filter 668 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} (no-track) inet/filter/FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT inet/filter/INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT @@ -5280,7 +9742,7 @@ Filter 362 {"dest":"172.18.0.0\/16","no-track":true,"ser inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT -Filter 363 {"no-track":true,"out":"_fw","service":"ipsec"} +Filter 669 {"no-track":true,"out":"_fw","service":"ipsec"} (no-track) inet/filter/INPUT -p esp -j ACCEPT inet6/filter/INPUT -p esp -j ACCEPT @@ -5299,7 +9761,7 @@ Filter 363 {"no-track":true,"out":"_fw","service":"ipsec inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT inet6/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT -Filter 364 {"in":["_fw","A"]} +Filter 670 {"in":["_fw","A"]} (zone) inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT @@ -5308,12 +9770,12 @@ Filter 364 {"in":["_fw","A"]} inet/filter/INPUT -i eth0 -j ACCEPT inet6/filter/INPUT -i eth0 -j ACCEPT -Filter 365 {"in":"B","out":"C"} +Filter 671 {"in":"B","out":"C"} (zone) inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT -Filter 366 {"out":["_fw","B"]} +Filter 672 {"out":["_fw","B"]} (zone) inet/filter/INPUT -j ACCEPT inet6/filter/INPUT -j ACCEPT @@ -5322,7 +9784,7 @@ Filter 366 {"out":["_fw","B"]} inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT -Filter 367 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} +Filter 673 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} (zone) inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT @@ -5669,12 +10131,10 @@ hash:net family inet :limit-106 - [0:0] :limit-107 - [0:0] :limit-108 - [0:0] -:limit-109 - [0:0] :limit-11 - [0:0] :limit-110 - [0:0] :limit-111 - [0:0] :limit-112 - [0:0] -:limit-113 - [0:0] :limit-114 - [0:0] :limit-115 - [0:0] :limit-116 - [0:0] @@ -5683,11 +10143,9 @@ hash:net family inet :limit-119 - [0:0] :limit-12 - [0:0] :limit-120 - [0:0] -:limit-121 - [0:0] :limit-122 - [0:0] :limit-123 - [0:0] :limit-124 - [0:0] -:limit-125 - [0:0] :limit-126 - [0:0] :limit-127 - [0:0] :limit-128 - [0:0] @@ -5702,12 +10160,10 @@ hash:net family inet :limit-136 - [0:0] :limit-137 - [0:0] :limit-138 - [0:0] -:limit-139 - [0:0] :limit-14 - [0:0] :limit-140 - [0:0] :limit-141 - [0:0] :limit-142 - [0:0] -:limit-143 - [0:0] :limit-144 - [0:0] :limit-145 - [0:0] :limit-146 - [0:0] @@ -5716,11 +10172,9 @@ hash:net family inet :limit-149 - [0:0] :limit-15 - [0:0] :limit-150 - [0:0] -:limit-151 - [0:0] :limit-152 - [0:0] :limit-153 - [0:0] :limit-154 - [0:0] -:limit-155 - [0:0] :limit-156 - [0:0] :limit-157 - [0:0] :limit-158 - [0:0] @@ -5735,12 +10189,10 @@ hash:net family inet :limit-166 - [0:0] :limit-167 - [0:0] :limit-168 - [0:0] -:limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] :limit-171 - [0:0] :limit-172 - [0:0] -:limit-173 - [0:0] :limit-174 - [0:0] :limit-175 - [0:0] :limit-176 - [0:0] @@ -5749,11 +10201,9 @@ hash:net family inet :limit-179 - [0:0] :limit-18 - [0:0] :limit-180 - [0:0] -:limit-181 - [0:0] :limit-182 - [0:0] :limit-183 - [0:0] :limit-184 - [0:0] -:limit-185 - [0:0] :limit-186 - [0:0] :limit-187 - [0:0] :limit-188 - [0:0] @@ -5816,9 +10266,11 @@ hash:net family inet :limit-240 - [0:0] :limit-241 - [0:0] :limit-242 - [0:0] +:limit-243 - [0:0] :limit-244 - [0:0] :limit-245 - [0:0] :limit-246 - [0:0] +:limit-247 - [0:0] :limit-248 - [0:0] :limit-249 - [0:0] :limit-25 - [0:0] @@ -5827,9 +10279,11 @@ hash:net family inet :limit-252 - [0:0] :limit-253 - [0:0] :limit-254 - [0:0] +:limit-255 - [0:0] :limit-256 - [0:0] :limit-257 - [0:0] :limit-258 - [0:0] +:limit-259 - [0:0] :limit-26 - [0:0] :limit-260 - [0:0] :limit-261 - [0:0] @@ -5845,9 +10299,11 @@ hash:net family inet :limit-270 - [0:0] :limit-271 - [0:0] :limit-272 - [0:0] +:limit-273 - [0:0] :limit-274 - [0:0] :limit-275 - [0:0] :limit-276 - [0:0] +:limit-277 - [0:0] :limit-278 - [0:0] :limit-279 - [0:0] :limit-28 - [0:0] @@ -5856,9 +10312,11 @@ hash:net family inet :limit-282 - [0:0] :limit-283 - [0:0] :limit-284 - [0:0] +:limit-285 - [0:0] :limit-286 - [0:0] :limit-287 - [0:0] :limit-288 - [0:0] +:limit-289 - [0:0] :limit-29 - [0:0] :limit-290 - [0:0] :limit-291 - [0:0] @@ -5875,9 +10333,11 @@ hash:net family inet :limit-300 - [0:0] :limit-301 - [0:0] :limit-302 - [0:0] +:limit-303 - [0:0] :limit-304 - [0:0] :limit-305 - [0:0] :limit-306 - [0:0] +:limit-307 - [0:0] :limit-308 - [0:0] :limit-309 - [0:0] :limit-310 - [0:0] @@ -5885,9 +10345,11 @@ hash:net family inet :limit-312 - [0:0] :limit-313 - [0:0] :limit-314 - [0:0] +:limit-315 - [0:0] :limit-316 - [0:0] :limit-317 - [0:0] :limit-318 - [0:0] +:limit-319 - [0:0] :limit-32 - [0:0] :limit-320 - [0:0] :limit-321 - [0:0] @@ -5906,36 +10368,318 @@ hash:net family inet :limit-333 - [0:0] :limit-334 - [0:0] :limit-335 - [0:0] +:limit-336 - [0:0] +:limit-337 - [0:0] +:limit-338 - [0:0] +:limit-339 - [0:0] :limit-34 - [0:0] +:limit-340 - [0:0] +:limit-341 - [0:0] +:limit-342 - [0:0] +:limit-343 - [0:0] +:limit-344 - [0:0] +:limit-345 - [0:0] +:limit-346 - [0:0] +:limit-347 - [0:0] +:limit-348 - [0:0] +:limit-349 - [0:0] +:limit-350 - [0:0] +:limit-351 - [0:0] +:limit-352 - [0:0] +:limit-353 - [0:0] +:limit-354 - [0:0] +:limit-355 - [0:0] +:limit-356 - [0:0] +:limit-357 - [0:0] +:limit-358 - [0:0] +:limit-359 - [0:0] :limit-36 - [0:0] +:limit-360 - [0:0] +:limit-361 - [0:0] +:limit-362 - [0:0] +:limit-363 - [0:0] +:limit-364 - [0:0] +:limit-365 - [0:0] +:limit-366 - [0:0] +:limit-367 - [0:0] +:limit-368 - [0:0] +:limit-369 - [0:0] :limit-37 - [0:0] +:limit-370 - [0:0] +:limit-371 - [0:0] +:limit-372 - [0:0] +:limit-373 - [0:0] +:limit-374 - [0:0] +:limit-375 - [0:0] +:limit-376 - [0:0] +:limit-377 - [0:0] +:limit-378 - [0:0] +:limit-379 - [0:0] :limit-38 - [0:0] +:limit-380 - [0:0] +:limit-381 - [0:0] +:limit-382 - [0:0] +:limit-383 - [0:0] +:limit-384 - [0:0] +:limit-385 - [0:0] +:limit-386 - [0:0] +:limit-387 - [0:0] +:limit-388 - [0:0] +:limit-389 - [0:0] :limit-39 - [0:0] +:limit-390 - [0:0] +:limit-391 - [0:0] +:limit-392 - [0:0] +:limit-393 - [0:0] +:limit-394 - [0:0] +:limit-395 - [0:0] +:limit-396 - [0:0] +:limit-397 - [0:0] +:limit-398 - [0:0] +:limit-399 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] +:limit-400 - [0:0] +:limit-401 - [0:0] +:limit-402 - [0:0] +:limit-403 - [0:0] +:limit-404 - [0:0] +:limit-405 - [0:0] +:limit-406 - [0:0] +:limit-407 - [0:0] +:limit-408 - [0:0] +:limit-409 - [0:0] :limit-41 - [0:0] +:limit-410 - [0:0] +:limit-411 - [0:0] +:limit-412 - [0:0] +:limit-413 - [0:0] +:limit-414 - [0:0] +:limit-415 - [0:0] +:limit-416 - [0:0] +:limit-417 - [0:0] +:limit-418 - [0:0] +:limit-419 - [0:0] :limit-42 - [0:0] +:limit-420 - [0:0] +:limit-421 - [0:0] +:limit-422 - [0:0] +:limit-423 - [0:0] +:limit-424 - [0:0] +:limit-425 - [0:0] +:limit-426 - [0:0] +:limit-427 - [0:0] +:limit-428 - [0:0] +:limit-429 - [0:0] :limit-43 - [0:0] +:limit-430 - [0:0] +:limit-431 - [0:0] +:limit-432 - [0:0] +:limit-433 - [0:0] +:limit-434 - [0:0] +:limit-435 - [0:0] +:limit-436 - [0:0] +:limit-437 - [0:0] +:limit-438 - [0:0] +:limit-439 - [0:0] :limit-44 - [0:0] +:limit-440 - [0:0] +:limit-441 - [0:0] +:limit-442 - [0:0] +:limit-443 - [0:0] +:limit-444 - [0:0] +:limit-445 - [0:0] +:limit-446 - [0:0] +:limit-448 - [0:0] +:limit-449 - [0:0] :limit-45 - [0:0] +:limit-450 - [0:0] +:limit-452 - [0:0] +:limit-453 - [0:0] +:limit-454 - [0:0] +:limit-455 - [0:0] +:limit-456 - [0:0] +:limit-457 - [0:0] +:limit-458 - [0:0] :limit-46 - [0:0] +:limit-460 - [0:0] +:limit-461 - [0:0] +:limit-462 - [0:0] +:limit-464 - [0:0] +:limit-465 - [0:0] +:limit-466 - [0:0] +:limit-467 - [0:0] +:limit-468 - [0:0] +:limit-469 - [0:0] :limit-47 - [0:0] +:limit-470 - [0:0] +:limit-471 - [0:0] +:limit-472 - [0:0] +:limit-473 - [0:0] +:limit-474 - [0:0] +:limit-475 - [0:0] +:limit-476 - [0:0] +:limit-478 - [0:0] +:limit-479 - [0:0] :limit-48 - [0:0] +:limit-480 - [0:0] +:limit-482 - [0:0] +:limit-483 - [0:0] +:limit-484 - [0:0] +:limit-485 - [0:0] +:limit-486 - [0:0] +:limit-487 - [0:0] +:limit-488 - [0:0] +:limit-490 - [0:0] +:limit-491 - [0:0] +:limit-492 - [0:0] +:limit-494 - [0:0] +:limit-495 - [0:0] +:limit-496 - [0:0] +:limit-497 - [0:0] +:limit-498 - [0:0] +:limit-499 - [0:0] :limit-5 - [0:0] :limit-50 - [0:0] +:limit-500 - [0:0] +:limit-501 - [0:0] +:limit-502 - [0:0] +:limit-503 - [0:0] +:limit-504 - [0:0] +:limit-505 - [0:0] +:limit-506 - [0:0] +:limit-508 - [0:0] +:limit-509 - [0:0] :limit-51 - [0:0] +:limit-510 - [0:0] +:limit-512 - [0:0] +:limit-513 - [0:0] +:limit-514 - [0:0] +:limit-515 - [0:0] +:limit-516 - [0:0] +:limit-517 - [0:0] +:limit-518 - [0:0] :limit-52 - [0:0] +:limit-520 - [0:0] +:limit-521 - [0:0] +:limit-522 - [0:0] +:limit-524 - [0:0] +:limit-525 - [0:0] +:limit-526 - [0:0] +:limit-527 - [0:0] +:limit-528 - [0:0] +:limit-529 - [0:0] +:limit-530 - [0:0] +:limit-531 - [0:0] +:limit-532 - [0:0] +:limit-533 - [0:0] +:limit-534 - [0:0] +:limit-535 - [0:0] +:limit-536 - [0:0] +:limit-538 - [0:0] +:limit-539 - [0:0] :limit-54 - [0:0] +:limit-540 - [0:0] +:limit-542 - [0:0] +:limit-543 - [0:0] +:limit-544 - [0:0] +:limit-545 - [0:0] +:limit-546 - [0:0] +:limit-547 - [0:0] +:limit-548 - [0:0] :limit-55 - [0:0] +:limit-550 - [0:0] +:limit-551 - [0:0] +:limit-552 - [0:0] +:limit-554 - [0:0] +:limit-555 - [0:0] +:limit-556 - [0:0] +:limit-557 - [0:0] +:limit-558 - [0:0] +:limit-559 - [0:0] :limit-56 - [0:0] +:limit-560 - [0:0] +:limit-561 - [0:0] +:limit-562 - [0:0] +:limit-563 - [0:0] +:limit-564 - [0:0] +:limit-565 - [0:0] +:limit-566 - [0:0] +:limit-568 - [0:0] +:limit-569 - [0:0] :limit-57 - [0:0] +:limit-570 - [0:0] +:limit-572 - [0:0] +:limit-573 - [0:0] +:limit-574 - [0:0] +:limit-575 - [0:0] +:limit-576 - [0:0] +:limit-577 - [0:0] +:limit-578 - [0:0] :limit-58 - [0:0] +:limit-580 - [0:0] +:limit-581 - [0:0] +:limit-582 - [0:0] +:limit-584 - [0:0] +:limit-585 - [0:0] +:limit-586 - [0:0] +:limit-587 - [0:0] +:limit-588 - [0:0] +:limit-589 - [0:0] :limit-59 - [0:0] +:limit-590 - [0:0] +:limit-591 - [0:0] +:limit-592 - [0:0] +:limit-593 - [0:0] +:limit-594 - [0:0] +:limit-595 - [0:0] +:limit-596 - [0:0] +:limit-598 - [0:0] +:limit-599 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] +:limit-600 - [0:0] +:limit-602 - [0:0] +:limit-603 - [0:0] +:limit-604 - [0:0] +:limit-605 - [0:0] +:limit-606 - [0:0] +:limit-607 - [0:0] +:limit-608 - [0:0] +:limit-610 - [0:0] +:limit-611 - [0:0] +:limit-612 - [0:0] +:limit-614 - [0:0] +:limit-615 - [0:0] +:limit-616 - [0:0] +:limit-617 - [0:0] +:limit-618 - [0:0] +:limit-619 - [0:0] :limit-62 - [0:0] +:limit-620 - [0:0] +:limit-621 - [0:0] +:limit-622 - [0:0] +:limit-623 - [0:0] +:limit-624 - [0:0] +:limit-625 - [0:0] +:limit-626 - [0:0] +:limit-627 - [0:0] +:limit-628 - [0:0] +:limit-629 - [0:0] :limit-63 - [0:0] +:limit-630 - [0:0] +:limit-631 - [0:0] +:limit-632 - [0:0] +:limit-633 - [0:0] +:limit-634 - [0:0] +:limit-635 - [0:0] +:limit-636 - [0:0] +:limit-637 - [0:0] +:limit-638 - [0:0] +:limit-639 - [0:0] :limit-64 - [0:0] +:limit-640 - [0:0] +:limit-641 - [0:0] :limit-66 - [0:0] :limit-67 - [0:0] :limit-68 - [0:0] @@ -5971,6 +10715,11 @@ hash:net family inet :limit-99 - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] +:logaccept-10 - [0:0] +:logaccept-11 - [0:0] +:logaccept-12 - [0:0] +:logaccept-13 - [0:0] +:logaccept-14 - [0:0] :logaccept-2 - [0:0] :logaccept-3 - [0:0] :logaccept-4 - [0:0] @@ -5978,6 +10727,7 @@ hash:net family inet :logaccept-6 - [0:0] :logaccept-7 - [0:0] :logaccept-8 - [0:0] +:logaccept-9 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-10 - [0:0] @@ -5991,7 +10741,25 @@ hash:net family inet :logaccept-final-18 - [0:0] :logaccept-final-19 - [0:0] :logaccept-final-2 - [0:0] +:logaccept-final-20 - [0:0] +:logaccept-final-21 - [0:0] +:logaccept-final-22 - [0:0] +:logaccept-final-23 - [0:0] +:logaccept-final-24 - [0:0] +:logaccept-final-25 - [0:0] +:logaccept-final-26 - [0:0] +:logaccept-final-27 - [0:0] +:logaccept-final-28 - [0:0] +:logaccept-final-29 - [0:0] :logaccept-final-3 - [0:0] +:logaccept-final-30 - [0:0] +:logaccept-final-31 - [0:0] +:logaccept-final-32 - [0:0] +:logaccept-final-33 - [0:0] +:logaccept-final-34 - [0:0] +:logaccept-final-35 - [0:0] +:logaccept-final-36 - [0:0] +:logaccept-final-37 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] :logaccept-final-6 - [0:0] @@ -6005,21 +10773,105 @@ hash:net family inet :logdrop-101 - [0:0] :logdrop-102 - [0:0] :logdrop-103 - [0:0] +:logdrop-104 - [0:0] :logdrop-105 - [0:0] :logdrop-106 - [0:0] :logdrop-107 - [0:0] +:logdrop-108 - [0:0] :logdrop-109 - [0:0] :logdrop-11 - [0:0] :logdrop-110 - [0:0] +:logdrop-111 - [0:0] +:logdrop-112 - [0:0] +:logdrop-113 - [0:0] +:logdrop-114 - [0:0] +:logdrop-115 - [0:0] +:logdrop-116 - [0:0] +:logdrop-117 - [0:0] +:logdrop-118 - [0:0] +:logdrop-119 - [0:0] :logdrop-12 - [0:0] +:logdrop-120 - [0:0] +:logdrop-121 - [0:0] +:logdrop-122 - [0:0] +:logdrop-123 - [0:0] +:logdrop-124 - [0:0] +:logdrop-125 - [0:0] +:logdrop-126 - [0:0] +:logdrop-127 - [0:0] +:logdrop-128 - [0:0] +:logdrop-129 - [0:0] :logdrop-13 - [0:0] +:logdrop-130 - [0:0] +:logdrop-131 - [0:0] +:logdrop-132 - [0:0] +:logdrop-133 - [0:0] +:logdrop-134 - [0:0] +:logdrop-135 - [0:0] +:logdrop-136 - [0:0] +:logdrop-137 - [0:0] +:logdrop-138 - [0:0] +:logdrop-139 - [0:0] :logdrop-14 - [0:0] +:logdrop-140 - [0:0] +:logdrop-141 - [0:0] +:logdrop-142 - [0:0] +:logdrop-143 - [0:0] +:logdrop-144 - [0:0] +:logdrop-145 - [0:0] +:logdrop-146 - [0:0] +:logdrop-147 - [0:0] +:logdrop-148 - [0:0] +:logdrop-149 - [0:0] :logdrop-15 - [0:0] +:logdrop-150 - [0:0] +:logdrop-151 - [0:0] +:logdrop-153 - [0:0] +:logdrop-154 - [0:0] +:logdrop-155 - [0:0] +:logdrop-157 - [0:0] +:logdrop-158 - [0:0] +:logdrop-159 - [0:0] :logdrop-16 - [0:0] +:logdrop-160 - [0:0] +:logdrop-161 - [0:0] +:logdrop-162 - [0:0] +:logdrop-163 - [0:0] +:logdrop-165 - [0:0] +:logdrop-166 - [0:0] +:logdrop-167 - [0:0] +:logdrop-169 - [0:0] :logdrop-17 - [0:0] +:logdrop-170 - [0:0] +:logdrop-171 - [0:0] +:logdrop-172 - [0:0] +:logdrop-173 - [0:0] +:logdrop-174 - [0:0] +:logdrop-175 - [0:0] +:logdrop-176 - [0:0] +:logdrop-177 - [0:0] +:logdrop-178 - [0:0] +:logdrop-179 - [0:0] :logdrop-18 - [0:0] +:logdrop-180 - [0:0] +:logdrop-181 - [0:0] +:logdrop-183 - [0:0] +:logdrop-184 - [0:0] +:logdrop-185 - [0:0] +:logdrop-187 - [0:0] +:logdrop-188 - [0:0] +:logdrop-189 - [0:0] :logdrop-19 - [0:0] +:logdrop-190 - [0:0] +:logdrop-191 - [0:0] +:logdrop-192 - [0:0] +:logdrop-193 - [0:0] +:logdrop-195 - [0:0] +:logdrop-196 - [0:0] +:logdrop-197 - [0:0] +:logdrop-199 - [0:0] :logdrop-2 - [0:0] +:logdrop-200 - [0:0] :logdrop-21 - [0:0] :logdrop-22 - [0:0] :logdrop-23 - [0:0] @@ -6049,11 +10901,9 @@ hash:net family inet :logdrop-48 - [0:0] :logdrop-49 - [0:0] :logdrop-5 - [0:0] -:logdrop-50 - [0:0] :logdrop-51 - [0:0] :logdrop-52 - [0:0] :logdrop-53 - [0:0] -:logdrop-54 - [0:0] :logdrop-55 - [0:0] :logdrop-56 - [0:0] :logdrop-57 - [0:0] @@ -6062,11 +10912,9 @@ hash:net family inet :logdrop-6 - [0:0] :logdrop-60 - [0:0] :logdrop-61 - [0:0] -:logdrop-62 - [0:0] :logdrop-63 - [0:0] :logdrop-64 - [0:0] :logdrop-65 - [0:0] -:logdrop-66 - [0:0] :logdrop-67 - [0:0] :logdrop-68 - [0:0] :logdrop-69 - [0:0] @@ -6095,9 +10943,11 @@ hash:net family inet :logdrop-9 - [0:0] :logdrop-90 - [0:0] :logdrop-91 - [0:0] +:logdrop-92 - [0:0] :logdrop-93 - [0:0] :logdrop-94 - [0:0] :logdrop-95 - [0:0] +:logdrop-96 - [0:0] :logdrop-97 - [0:0] :logdrop-98 - [0:0] :logdrop-99 - [0:0] @@ -6107,6 +10957,210 @@ hash:net family inet :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-427 +-A FORWARD -j limit-426 +-A FORWARD -j limit-425 +-A FORWARD -j limit-424 +-A FORWARD -j limit-423 +-A FORWARD -j limit-422 +-A FORWARD -j limit-421 +-A FORWARD -j limit-420 +-A FORWARD -j limit-419 +-A FORWARD -j limit-418 +-A FORWARD -j limit-417 +-A FORWARD -j limit-416 +-A FORWARD -j limit-415 +-A FORWARD -j limit-414 +-A FORWARD -j limit-413 +-A FORWARD -j limit-412 +-A FORWARD -j limit-411 +-A FORWARD -j limit-410 +-A FORWARD -j limit-409 +-A FORWARD -j limit-408 +-A FORWARD -j limit-407 +-A FORWARD -j limit-406 +-A FORWARD -j limit-405 +-A FORWARD -j limit-404 +-A FORWARD -j limit-403 +-A FORWARD -j limit-402 +-A FORWARD -j limit-401 +-A FORWARD -j limit-400 +-A FORWARD -j limit-399 +-A FORWARD -j limit-398 +-A FORWARD -j limit-397 +-A FORWARD -j limit-396 +-A FORWARD -j limit-395 +-A FORWARD -j limit-394 +-A FORWARD -j limit-393 +-A FORWARD -j limit-392 +-A FORWARD -j limit-391 +-A FORWARD -j limit-390 +-A FORWARD -j limit-389 +-A FORWARD -j limit-388 +-A FORWARD -j limit-387 +-A FORWARD -j limit-386 +-A FORWARD -j limit-385 +-A FORWARD -j limit-384 +-A FORWARD -j limit-383 +-A FORWARD -j limit-382 +-A FORWARD -j limit-381 +-A FORWARD -j limit-380 +-A FORWARD -j limit-379 +-A FORWARD -j limit-378 +-A FORWARD -j limit-377 +-A FORWARD -j limit-376 +-A FORWARD -j limit-375 +-A FORWARD -j limit-374 +-A FORWARD -j limit-373 +-A FORWARD -j limit-372 +-A FORWARD -j limit-371 +-A FORWARD -j limit-370 +-A FORWARD -j limit-369 +-A FORWARD -j limit-368 +-A FORWARD -j limit-367 +-A FORWARD -j limit-366 +-A FORWARD -j limit-365 +-A FORWARD -j limit-364 +-A FORWARD -j limit-363 +-A FORWARD -j limit-362 +-A FORWARD -j limit-361 +-A FORWARD -j limit-360 +-A FORWARD -j limit-359 +-A FORWARD -j limit-358 +-A FORWARD -j limit-357 +-A FORWARD -j limit-356 +-A FORWARD -j limit-355 +-A FORWARD -j limit-354 +-A FORWARD -j limit-353 +-A FORWARD -j limit-352 +-A FORWARD -j limit-351 +-A FORWARD -j limit-350 +-A FORWARD -j limit-349 +-A FORWARD -j limit-348 +-A FORWARD -j limit-347 +-A FORWARD -j limit-346 +-A FORWARD -j limit-345 +-A FORWARD -j limit-344 +-A FORWARD -j limit-343 +-A FORWARD -j limit-342 +-A FORWARD -j limit-341 +-A FORWARD -j limit-340 +-A FORWARD -j limit-339 +-A FORWARD -j limit-338 +-A FORWARD -j limit-337 +-A FORWARD -j limit-336 +-A FORWARD -j limit-335 +-A FORWARD -j limit-334 +-A FORWARD -j limit-333 +-A FORWARD -j limit-332 +-A FORWARD -j limit-331 +-A FORWARD -j limit-330 +-A FORWARD -j limit-329 +-A FORWARD -j limit-328 +-A FORWARD -j limit-327 +-A FORWARD -j limit-326 +-A FORWARD -j limit-325 +-A FORWARD -j limit-324 +-A FORWARD -j limit-323 +-A FORWARD -j limit-322 +-A FORWARD -j limit-321 +-A FORWARD -j limit-320 +-A FORWARD -j limit-319 +-A FORWARD -j limit-318 +-A FORWARD -j limit-317 +-A FORWARD -j limit-316 +-A FORWARD -j limit-315 +-A FORWARD -j limit-314 +-A FORWARD -j limit-313 +-A FORWARD -j limit-312 +-A FORWARD -j limit-311 +-A FORWARD -j limit-310 +-A FORWARD -j limit-309 +-A FORWARD -j limit-308 +-A FORWARD -j limit-307 +-A FORWARD -j limit-306 +-A FORWARD -j limit-305 +-A FORWARD -j limit-304 +-A FORWARD -j limit-303 +-A FORWARD -j limit-302 +-A FORWARD -j limit-301 +-A FORWARD -j limit-300 +-A FORWARD -j limit-299 +-A FORWARD -j limit-298 +-A FORWARD -j limit-297 +-A FORWARD -j limit-296 +-A FORWARD -j limit-295 +-A FORWARD -j limit-294 +-A FORWARD -j limit-293 +-A FORWARD -j limit-292 +-A FORWARD -j limit-291 +-A FORWARD -j limit-290 +-A FORWARD -j limit-289 +-A FORWARD -j limit-288 +-A FORWARD -j limit-287 +-A FORWARD -j limit-286 +-A FORWARD -j limit-285 +-A FORWARD -j limit-284 +-A FORWARD -j limit-283 +-A FORWARD -j limit-282 +-A FORWARD -j limit-281 +-A FORWARD -j limit-280 +-A FORWARD -j limit-279 +-A FORWARD -j limit-278 +-A FORWARD -j limit-277 +-A FORWARD -j limit-276 +-A FORWARD -j limit-275 +-A FORWARD -j limit-274 +-A FORWARD -j limit-273 +-A FORWARD -j limit-272 +-A FORWARD -j limit-271 +-A FORWARD -j limit-270 +-A FORWARD -j limit-269 +-A FORWARD -j limit-268 +-A FORWARD -j limit-267 +-A FORWARD -j limit-266 +-A FORWARD -j limit-265 +-A FORWARD -j limit-264 +-A FORWARD -j limit-263 +-A FORWARD -j limit-262 +-A FORWARD -j limit-261 +-A FORWARD -j limit-260 +-A FORWARD -j limit-259 +-A FORWARD -j limit-258 +-A FORWARD -j limit-257 +-A FORWARD -j limit-256 +-A FORWARD -j limit-255 +-A FORWARD -j limit-254 +-A FORWARD -j limit-253 +-A FORWARD -j limit-252 +-A FORWARD -j limit-251 +-A FORWARD -j limit-250 +-A FORWARD -j limit-249 +-A FORWARD -j limit-248 +-A FORWARD -j limit-247 +-A FORWARD -j limit-246 +-A FORWARD -j limit-245 +-A FORWARD -j limit-244 +-A FORWARD -j limit-243 +-A FORWARD -j limit-242 +-A FORWARD -j limit-241 +-A FORWARD -j limit-240 +-A FORWARD -j limit-239 +-A FORWARD -j limit-238 +-A FORWARD -j limit-237 +-A FORWARD -j limit-236 +-A FORWARD -j limit-235 +-A FORWARD -j limit-234 +-A FORWARD -j limit-233 +-A FORWARD -j limit-232 +-A FORWARD -j limit-231 +-A FORWARD -j limit-230 +-A FORWARD -j limit-229 +-A FORWARD -j limit-228 +-A FORWARD -j limit-227 +-A FORWARD -j limit-226 +-A FORWARD -j limit-225 +-A FORWARD -j limit-224 -A FORWARD -j limit-223 -A FORWARD -j limit-222 -A FORWARD -j limit-221 @@ -6117,108 +11171,6 @@ hash:net family inet -A FORWARD -j limit-216 -A FORWARD -j limit-215 -A FORWARD -j limit-214 --A FORWARD -j limit-213 --A FORWARD -j limit-212 --A FORWARD -j limit-211 --A FORWARD -j limit-210 --A FORWARD -j limit-209 --A FORWARD -j limit-208 --A FORWARD -j limit-207 --A FORWARD -j limit-206 --A FORWARD -j limit-205 --A FORWARD -j limit-204 --A FORWARD -j limit-203 --A FORWARD -j limit-202 --A FORWARD -j limit-201 --A FORWARD -j limit-200 --A FORWARD -j limit-199 --A FORWARD -j limit-198 --A FORWARD -j limit-197 --A FORWARD -j limit-196 --A FORWARD -j limit-195 --A FORWARD -j limit-194 --A FORWARD -j limit-193 --A FORWARD -j limit-192 --A FORWARD -j limit-191 --A FORWARD -j limit-190 --A FORWARD -j limit-189 --A FORWARD -j limit-188 --A FORWARD -j limit-187 --A FORWARD -j limit-186 --A FORWARD -j limit-185 --A FORWARD -j limit-184 --A FORWARD -j limit-183 --A FORWARD -j limit-182 --A FORWARD -j limit-181 --A FORWARD -j limit-180 --A FORWARD -j limit-179 --A FORWARD -j limit-178 --A FORWARD -j limit-177 --A FORWARD -j limit-176 --A FORWARD -j limit-175 --A FORWARD -j limit-174 --A FORWARD -j limit-173 --A FORWARD -j limit-172 --A FORWARD -j limit-171 --A FORWARD -j limit-170 --A FORWARD -j limit-169 --A FORWARD -j limit-168 --A FORWARD -j limit-167 --A FORWARD -j limit-166 --A FORWARD -j limit-165 --A FORWARD -j limit-164 --A FORWARD -j limit-163 --A FORWARD -j limit-162 --A FORWARD -j limit-161 --A FORWARD -j limit-160 --A FORWARD -j limit-159 --A FORWARD -j limit-158 --A FORWARD -j limit-157 --A FORWARD -j limit-156 --A FORWARD -j limit-155 --A FORWARD -j limit-154 --A FORWARD -j limit-153 --A FORWARD -j limit-152 --A FORWARD -j limit-151 --A FORWARD -j limit-150 --A FORWARD -j limit-149 --A FORWARD -j limit-148 --A FORWARD -j limit-147 --A FORWARD -j limit-146 --A FORWARD -j limit-145 --A FORWARD -j limit-144 --A FORWARD -j limit-143 --A FORWARD -j limit-142 --A FORWARD -j limit-141 --A FORWARD -j limit-140 --A FORWARD -j limit-139 --A FORWARD -j limit-138 --A FORWARD -j limit-137 --A FORWARD -j limit-136 --A FORWARD -j limit-135 --A FORWARD -j limit-134 --A FORWARD -j limit-133 --A FORWARD -j limit-132 --A FORWARD -j limit-131 --A FORWARD -j limit-130 --A FORWARD -j limit-129 --A FORWARD -j limit-128 --A FORWARD -j limit-127 --A FORWARD -j limit-126 --A FORWARD -j limit-125 --A FORWARD -j limit-124 --A FORWARD -j limit-123 --A FORWARD -j limit-122 --A FORWARD -j limit-121 --A FORWARD -j limit-120 --A FORWARD -j limit-119 --A FORWARD -j limit-118 --A FORWARD -j limit-117 --A FORWARD -j limit-116 --A FORWARD -j limit-115 --A FORWARD -j limit-114 --A FORWARD -j limit-113 --A FORWARD -j limit-112 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -6335,9 +11287,111 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-106 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-107 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-108 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-109 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-110 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-111 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-112 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-54 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-114 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-115 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-116 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-117 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-118 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-119 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-120 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-62 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-122 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-123 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-124 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-66 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-126 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-127 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-128 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-129 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-130 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-131 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-132 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-133 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-134 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-135 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-136 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-137 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-138 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-140 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-141 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-142 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-144 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-145 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-146 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-147 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-148 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-149 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-150 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-152 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-153 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-154 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-156 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-157 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-158 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-159 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-160 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-161 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-162 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-163 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-164 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-165 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-166 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-167 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-168 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-170 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-171 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-172 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-174 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-175 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-176 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-177 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-178 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-179 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-180 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-182 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-183 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-184 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-186 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-187 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-188 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-189 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-190 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-191 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-192 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-193 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-194 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-195 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-196 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-197 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-198 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-199 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-200 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-201 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-202 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-203 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-204 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-205 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-206 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-207 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-208 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-209 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-210 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-211 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-212 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-213 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -6398,17 +11452,71 @@ hash:net family inet -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-19 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-20 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-21 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-22 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-23 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-24 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-25 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-26 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-27 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-28 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-29 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-30 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-31 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-32 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-33 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-34 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-35 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-36 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-37 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-109 +-A FORWARD -j logdrop-199 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD --A FORWARD -j logaccept-8 --A FORWARD -j logdrop-110 +-A FORWARD -j logaccept-14 +-A FORWARD -j logdrop-200 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -6471,6 +11579,210 @@ hash:net family inet -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-427 +-A INPUT -j limit-426 +-A INPUT -j limit-425 +-A INPUT -j limit-424 +-A INPUT -j limit-423 +-A INPUT -j limit-422 +-A INPUT -j limit-421 +-A INPUT -j limit-420 +-A INPUT -j limit-419 +-A INPUT -j limit-418 +-A INPUT -j limit-417 +-A INPUT -j limit-416 +-A INPUT -j limit-415 +-A INPUT -j limit-414 +-A INPUT -j limit-413 +-A INPUT -j limit-412 +-A INPUT -j limit-411 +-A INPUT -j limit-410 +-A INPUT -j limit-409 +-A INPUT -j limit-408 +-A INPUT -j limit-407 +-A INPUT -j limit-406 +-A INPUT -j limit-405 +-A INPUT -j limit-404 +-A INPUT -j limit-403 +-A INPUT -j limit-402 +-A INPUT -j limit-401 +-A INPUT -j limit-400 +-A INPUT -j limit-399 +-A INPUT -j limit-398 +-A INPUT -j limit-397 +-A INPUT -j limit-396 +-A INPUT -j limit-395 +-A INPUT -j limit-394 +-A INPUT -j limit-393 +-A INPUT -j limit-392 +-A INPUT -j limit-391 +-A INPUT -j limit-390 +-A INPUT -j limit-389 +-A INPUT -j limit-388 +-A INPUT -j limit-387 +-A INPUT -j limit-386 +-A INPUT -j limit-385 +-A INPUT -j limit-384 +-A INPUT -j limit-383 +-A INPUT -j limit-382 +-A INPUT -j limit-381 +-A INPUT -j limit-380 +-A INPUT -j limit-379 +-A INPUT -j limit-378 +-A INPUT -j limit-377 +-A INPUT -j limit-376 +-A INPUT -j limit-375 +-A INPUT -j limit-374 +-A INPUT -j limit-373 +-A INPUT -j limit-372 +-A INPUT -j limit-371 +-A INPUT -j limit-370 +-A INPUT -j limit-369 +-A INPUT -j limit-368 +-A INPUT -j limit-367 +-A INPUT -j limit-366 +-A INPUT -j limit-365 +-A INPUT -j limit-364 +-A INPUT -j limit-363 +-A INPUT -j limit-362 +-A INPUT -j limit-361 +-A INPUT -j limit-360 +-A INPUT -j limit-359 +-A INPUT -j limit-358 +-A INPUT -j limit-357 +-A INPUT -j limit-356 +-A INPUT -j limit-355 +-A INPUT -j limit-354 +-A INPUT -j limit-353 +-A INPUT -j limit-352 +-A INPUT -j limit-351 +-A INPUT -j limit-350 +-A INPUT -j limit-349 +-A INPUT -j limit-348 +-A INPUT -j limit-347 +-A INPUT -j limit-346 +-A INPUT -j limit-345 +-A INPUT -j limit-344 +-A INPUT -j limit-343 +-A INPUT -j limit-342 +-A INPUT -j limit-341 +-A INPUT -j limit-340 +-A INPUT -j limit-339 +-A INPUT -j limit-338 +-A INPUT -j limit-337 +-A INPUT -j limit-336 +-A INPUT -j limit-335 +-A INPUT -j limit-334 +-A INPUT -j limit-333 +-A INPUT -j limit-332 +-A INPUT -j limit-331 +-A INPUT -j limit-330 +-A INPUT -j limit-329 +-A INPUT -j limit-328 +-A INPUT -j limit-327 +-A INPUT -j limit-326 +-A INPUT -j limit-325 +-A INPUT -j limit-324 +-A INPUT -j limit-323 +-A INPUT -j limit-322 +-A INPUT -j limit-321 +-A INPUT -j limit-320 +-A INPUT -j limit-319 +-A INPUT -j limit-318 +-A INPUT -j limit-317 +-A INPUT -j limit-316 +-A INPUT -j limit-315 +-A INPUT -j limit-314 +-A INPUT -j limit-313 +-A INPUT -j limit-312 +-A INPUT -j limit-311 +-A INPUT -j limit-310 +-A INPUT -j limit-309 +-A INPUT -j limit-308 +-A INPUT -j limit-307 +-A INPUT -j limit-306 +-A INPUT -j limit-305 +-A INPUT -j limit-304 +-A INPUT -j limit-303 +-A INPUT -j limit-302 +-A INPUT -j limit-301 +-A INPUT -j limit-300 +-A INPUT -j limit-299 +-A INPUT -j limit-298 +-A INPUT -j limit-297 +-A INPUT -j limit-296 +-A INPUT -j limit-295 +-A INPUT -j limit-294 +-A INPUT -j limit-293 +-A INPUT -j limit-292 +-A INPUT -j limit-291 +-A INPUT -j limit-290 +-A INPUT -j limit-289 +-A INPUT -j limit-288 +-A INPUT -j limit-287 +-A INPUT -j limit-286 +-A INPUT -j limit-285 +-A INPUT -j limit-284 +-A INPUT -j limit-283 +-A INPUT -j limit-282 +-A INPUT -j limit-281 +-A INPUT -j limit-280 +-A INPUT -j limit-279 +-A INPUT -j limit-278 +-A INPUT -j limit-277 +-A INPUT -j limit-276 +-A INPUT -j limit-275 +-A INPUT -j limit-274 +-A INPUT -j limit-273 +-A INPUT -j limit-272 +-A INPUT -j limit-271 +-A INPUT -j limit-270 +-A INPUT -j limit-269 +-A INPUT -j limit-268 +-A INPUT -j limit-267 +-A INPUT -j limit-266 +-A INPUT -j limit-265 +-A INPUT -j limit-264 +-A INPUT -j limit-263 +-A INPUT -j limit-262 +-A INPUT -j limit-261 +-A INPUT -j limit-260 +-A INPUT -j limit-259 +-A INPUT -j limit-258 +-A INPUT -j limit-257 +-A INPUT -j limit-256 +-A INPUT -j limit-255 +-A INPUT -j limit-254 +-A INPUT -j limit-253 +-A INPUT -j limit-252 +-A INPUT -j limit-251 +-A INPUT -j limit-250 +-A INPUT -j limit-249 +-A INPUT -j limit-248 +-A INPUT -j limit-247 +-A INPUT -j limit-246 +-A INPUT -j limit-245 +-A INPUT -j limit-244 +-A INPUT -j limit-243 +-A INPUT -j limit-242 +-A INPUT -j limit-241 +-A INPUT -j limit-240 +-A INPUT -j limit-239 +-A INPUT -j limit-238 +-A INPUT -j limit-237 +-A INPUT -j limit-236 +-A INPUT -j limit-235 +-A INPUT -j limit-234 +-A INPUT -j limit-233 +-A INPUT -j limit-232 +-A INPUT -j limit-231 +-A INPUT -j limit-230 +-A INPUT -j limit-229 +-A INPUT -j limit-228 +-A INPUT -j limit-227 +-A INPUT -j limit-226 +-A INPUT -j limit-225 +-A INPUT -j limit-224 -A INPUT -j limit-223 -A INPUT -j limit-222 -A INPUT -j limit-221 @@ -6481,108 +11793,6 @@ hash:net family inet -A INPUT -j limit-216 -A INPUT -j limit-215 -A INPUT -j limit-214 --A INPUT -j limit-213 --A INPUT -j limit-212 --A INPUT -j limit-211 --A INPUT -j limit-210 --A INPUT -j limit-209 --A INPUT -j limit-208 --A INPUT -j limit-207 --A INPUT -j limit-206 --A INPUT -j limit-205 --A INPUT -j limit-204 --A INPUT -j limit-203 --A INPUT -j limit-202 --A INPUT -j limit-201 --A INPUT -j limit-200 --A INPUT -j limit-199 --A INPUT -j limit-198 --A INPUT -j limit-197 --A INPUT -j limit-196 --A INPUT -j limit-195 --A INPUT -j limit-194 --A INPUT -j limit-193 --A INPUT -j limit-192 --A INPUT -j limit-191 --A INPUT -j limit-190 --A INPUT -j limit-189 --A INPUT -j limit-188 --A INPUT -j limit-187 --A INPUT -j limit-186 --A INPUT -j limit-185 --A INPUT -j limit-184 --A INPUT -j limit-183 --A INPUT -j limit-182 --A INPUT -j limit-181 --A INPUT -j limit-180 --A INPUT -j limit-179 --A INPUT -j limit-178 --A INPUT -j limit-177 --A INPUT -j limit-176 --A INPUT -j limit-175 --A INPUT -j limit-174 --A INPUT -j limit-173 --A INPUT -j limit-172 --A INPUT -j limit-171 --A INPUT -j limit-170 --A INPUT -j limit-169 --A INPUT -j limit-168 --A INPUT -j limit-167 --A INPUT -j limit-166 --A INPUT -j limit-165 --A INPUT -j limit-164 --A INPUT -j limit-163 --A INPUT -j limit-162 --A INPUT -j limit-161 --A INPUT -j limit-160 --A INPUT -j limit-159 --A INPUT -j limit-158 --A INPUT -j limit-157 --A INPUT -j limit-156 --A INPUT -j limit-155 --A INPUT -j limit-154 --A INPUT -j limit-153 --A INPUT -j limit-152 --A INPUT -j limit-151 --A INPUT -j limit-150 --A INPUT -j limit-149 --A INPUT -j limit-148 --A INPUT -j limit-147 --A INPUT -j limit-146 --A INPUT -j limit-145 --A INPUT -j limit-144 --A INPUT -j limit-143 --A INPUT -j limit-142 --A INPUT -j limit-141 --A INPUT -j limit-140 --A INPUT -j limit-139 --A INPUT -j limit-138 --A INPUT -j limit-137 --A INPUT -j limit-136 --A INPUT -j limit-135 --A INPUT -j limit-134 --A INPUT -j limit-133 --A INPUT -j limit-132 --A INPUT -j limit-131 --A INPUT -j limit-130 --A INPUT -j limit-129 --A INPUT -j limit-128 --A INPUT -j limit-127 --A INPUT -j limit-126 --A INPUT -j limit-125 --A INPUT -j limit-124 --A INPUT -j limit-123 --A INPUT -j limit-122 --A INPUT -j limit-121 --A INPUT -j limit-120 --A INPUT -j limit-119 --A INPUT -j limit-118 --A INPUT -j limit-117 --A INPUT -j limit-116 --A INPUT -j limit-115 --A INPUT -j limit-114 --A INPUT -j limit-113 --A INPUT -j limit-112 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -6651,129 +11861,285 @@ hash:net family inet -A INPUT -j ACCEPT -A INPUT -j logaccept-final-19 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-224 --A INPUT -i eth0 -j limit-225 --A INPUT -i eth0 -j limit-226 --A INPUT -i eth0 -j limit-227 --A INPUT -i eth0 -j limit-228 --A INPUT -i eth0 -j limit-229 --A INPUT -i eth0 -j limit-230 --A INPUT -i eth0 -j limit-231 --A INPUT -i eth0 -j limit-232 --A INPUT -i eth0 -j limit-233 --A INPUT -i eth0 -j limit-234 --A INPUT -i eth0 -j limit-235 --A INPUT -i eth0 -j limit-236 --A INPUT -i eth0 -j limit-237 --A INPUT -i eth0 -j limit-238 --A INPUT -i eth0 -j limit-239 --A INPUT -i eth0 -j limit-240 --A INPUT -i eth0 -j limit-241 --A INPUT -i eth0 -j limit-242 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-92 --A INPUT -i eth0 -j limit-244 --A INPUT -i eth0 -j limit-245 --A INPUT -i eth0 -j limit-246 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-96 --A INPUT -i eth0 -j limit-248 --A INPUT -i eth0 -j limit-249 --A INPUT -i eth0 -j limit-250 --A INPUT -i eth0 -j limit-251 --A INPUT -i eth0 -j limit-252 --A INPUT -i eth0 -j limit-253 --A INPUT -i eth0 -j limit-254 --A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-104 --A INPUT -i eth0 -j limit-256 --A INPUT -i eth0 -j limit-257 --A INPUT -i eth0 -j limit-258 --A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-108 --A INPUT -i eth0 -j limit-260 --A INPUT -i eth0 -j limit-261 --A INPUT -i eth0 -j limit-262 --A INPUT -i eth0 -j limit-263 --A INPUT -i eth0 -j limit-264 --A INPUT -i eth0 -j limit-265 --A INPUT -i eth0 -j limit-266 --A INPUT -i eth0 -j limit-267 --A INPUT -i eth0 -j limit-268 --A INPUT -i eth0 -j limit-269 --A INPUT -i eth0 -j limit-270 --A INPUT -i eth0 -j limit-271 --A INPUT -i eth0 -j limit-272 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-20 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-21 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-22 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-23 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-24 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-25 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-26 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-27 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-28 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-29 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-30 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-31 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-32 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-33 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-34 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-35 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-36 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-37 +-A INPUT -j ACCEPT +-A INPUT -i eth0 -j limit-428 +-A INPUT -i eth0 -j limit-429 +-A INPUT -i eth0 -j limit-430 +-A INPUT -i eth0 -j limit-431 +-A INPUT -i eth0 -j limit-432 +-A INPUT -i eth0 -j limit-433 +-A INPUT -i eth0 -j limit-434 +-A INPUT -i eth0 -j limit-435 +-A INPUT -i eth0 -j limit-436 +-A INPUT -i eth0 -j limit-437 +-A INPUT -i eth0 -j limit-438 +-A INPUT -i eth0 -j limit-439 +-A INPUT -i eth0 -j limit-440 +-A INPUT -i eth0 -j limit-441 +-A INPUT -i eth0 -j limit-442 +-A INPUT -i eth0 -j limit-443 +-A INPUT -i eth0 -j limit-444 +-A INPUT -i eth0 -j limit-445 +-A INPUT -i eth0 -j limit-446 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-152 +-A INPUT -i eth0 -j limit-448 +-A INPUT -i eth0 -j limit-449 +-A INPUT -i eth0 -j limit-450 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-156 +-A INPUT -i eth0 -j limit-452 +-A INPUT -i eth0 -j limit-453 +-A INPUT -i eth0 -j limit-454 +-A INPUT -i eth0 -j limit-455 +-A INPUT -i eth0 -j limit-456 +-A INPUT -i eth0 -j limit-457 +-A INPUT -i eth0 -j limit-458 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-164 +-A INPUT -i eth0 -j limit-460 +-A INPUT -i eth0 -j limit-461 +-A INPUT -i eth0 -j limit-462 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-168 +-A INPUT -i eth0 -j limit-464 +-A INPUT -i eth0 -j limit-465 +-A INPUT -i eth0 -j limit-466 +-A INPUT -i eth0 -j limit-467 +-A INPUT -i eth0 -j limit-468 +-A INPUT -i eth0 -j limit-469 +-A INPUT -i eth0 -j limit-470 +-A INPUT -i eth0 -j limit-471 +-A INPUT -i eth0 -j limit-472 +-A INPUT -i eth0 -j limit-473 +-A INPUT -i eth0 -j limit-474 +-A INPUT -i eth0 -j limit-475 +-A INPUT -i eth0 -j limit-476 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-274 --A INPUT -i eth0 -j limit-275 --A INPUT -i eth0 -j limit-276 +-A INPUT -i eth0 -j limit-478 +-A INPUT -i eth0 -j limit-479 +-A INPUT -i eth0 -j limit-480 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-278 --A INPUT -i eth0 -j limit-279 --A INPUT -i eth0 -j limit-280 --A INPUT -i eth0 -j limit-281 --A INPUT -i eth0 -j limit-282 --A INPUT -i eth0 -j limit-283 --A INPUT -i eth0 -j limit-284 +-A INPUT -i eth0 -j limit-482 +-A INPUT -i eth0 -j limit-483 +-A INPUT -i eth0 -j limit-484 +-A INPUT -i eth0 -j limit-485 +-A INPUT -i eth0 -j limit-486 +-A INPUT -i eth0 -j limit-487 +-A INPUT -i eth0 -j limit-488 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-286 --A INPUT -i eth0 -j limit-287 --A INPUT -i eth0 -j limit-288 +-A INPUT -i eth0 -j limit-490 +-A INPUT -i eth0 -j limit-491 +-A INPUT -i eth0 -j limit-492 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-290 --A INPUT -i eth0 -j limit-291 --A INPUT -i eth0 -j limit-292 --A INPUT -i eth0 -j limit-293 --A INPUT -i eth0 -j limit-294 --A INPUT -i eth0 -j limit-295 --A INPUT -i eth0 -j limit-296 --A INPUT -i eth0 -j limit-297 --A INPUT -i eth0 -j limit-298 --A INPUT -i eth0 -j limit-299 --A INPUT -i eth0 -j limit-300 --A INPUT -i eth0 -j limit-301 --A INPUT -i eth0 -j limit-302 +-A INPUT -i eth0 -j limit-494 +-A INPUT -i eth0 -j limit-495 +-A INPUT -i eth0 -j limit-496 +-A INPUT -i eth0 -j limit-497 +-A INPUT -i eth0 -j limit-498 +-A INPUT -i eth0 -j limit-499 +-A INPUT -i eth0 -j limit-500 +-A INPUT -i eth0 -j limit-501 +-A INPUT -i eth0 -j limit-502 +-A INPUT -i eth0 -j limit-503 +-A INPUT -i eth0 -j limit-504 +-A INPUT -i eth0 -j limit-505 +-A INPUT -i eth0 -j limit-506 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-304 --A INPUT -i eth0 -j limit-305 --A INPUT -i eth0 -j limit-306 +-A INPUT -i eth0 -j limit-508 +-A INPUT -i eth0 -j limit-509 +-A INPUT -i eth0 -j limit-510 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-308 --A INPUT -i eth0 -j limit-309 --A INPUT -i eth0 -j limit-310 --A INPUT -i eth0 -j limit-311 --A INPUT -i eth0 -j limit-312 --A INPUT -i eth0 -j limit-313 --A INPUT -i eth0 -j limit-314 +-A INPUT -i eth0 -j limit-512 +-A INPUT -i eth0 -j limit-513 +-A INPUT -i eth0 -j limit-514 +-A INPUT -i eth0 -j limit-515 +-A INPUT -i eth0 -j limit-516 +-A INPUT -i eth0 -j limit-517 +-A INPUT -i eth0 -j limit-518 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-316 --A INPUT -i eth0 -j limit-317 --A INPUT -i eth0 -j limit-318 +-A INPUT -i eth0 -j limit-520 +-A INPUT -i eth0 -j limit-521 +-A INPUT -i eth0 -j limit-522 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-320 --A INPUT -i eth0 -j limit-321 --A INPUT -i eth0 -j limit-322 --A INPUT -i eth0 -j limit-323 --A INPUT -i eth0 -j limit-324 --A INPUT -i eth0 -j limit-325 --A INPUT -i eth0 -j limit-326 --A INPUT -i eth0 -j limit-327 --A INPUT -i eth0 -j limit-328 --A INPUT -i eth0 -j limit-329 --A INPUT -i eth0 -j limit-330 --A INPUT -i eth0 -j limit-331 --A INPUT -i eth0 -j limit-332 --A INPUT -i eth0 -j limit-333 --A INPUT -i eth0 -j limit-334 --A INPUT -i eth0 -j limit-335 +-A INPUT -i eth0 -j limit-524 +-A INPUT -i eth0 -j limit-525 +-A INPUT -i eth0 -j limit-526 +-A INPUT -i eth0 -j limit-527 +-A INPUT -i eth0 -j limit-528 +-A INPUT -i eth0 -j limit-529 +-A INPUT -i eth0 -j limit-530 +-A INPUT -i eth0 -j limit-531 +-A INPUT -i eth0 -j limit-532 +-A INPUT -i eth0 -j limit-533 +-A INPUT -i eth0 -j limit-534 +-A INPUT -i eth0 -j limit-535 +-A INPUT -i eth0 -j limit-536 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-182 +-A INPUT -i eth0 -j limit-538 +-A INPUT -i eth0 -j limit-539 +-A INPUT -i eth0 -j limit-540 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-186 +-A INPUT -i eth0 -j limit-542 +-A INPUT -i eth0 -j limit-543 +-A INPUT -i eth0 -j limit-544 +-A INPUT -i eth0 -j limit-545 +-A INPUT -i eth0 -j limit-546 +-A INPUT -i eth0 -j limit-547 +-A INPUT -i eth0 -j limit-548 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-194 +-A INPUT -i eth0 -j limit-550 +-A INPUT -i eth0 -j limit-551 +-A INPUT -i eth0 -j limit-552 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-198 +-A INPUT -i eth0 -j limit-554 +-A INPUT -i eth0 -j limit-555 +-A INPUT -i eth0 -j limit-556 +-A INPUT -i eth0 -j limit-557 +-A INPUT -i eth0 -j limit-558 +-A INPUT -i eth0 -j limit-559 +-A INPUT -i eth0 -j limit-560 +-A INPUT -i eth0 -j limit-561 +-A INPUT -i eth0 -j limit-562 +-A INPUT -i eth0 -j limit-563 +-A INPUT -i eth0 -j limit-564 +-A INPUT -i eth0 -j limit-565 +-A INPUT -i eth0 -j limit-566 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-568 +-A INPUT -i eth0 -j limit-569 +-A INPUT -i eth0 -j limit-570 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-572 +-A INPUT -i eth0 -j limit-573 +-A INPUT -i eth0 -j limit-574 +-A INPUT -i eth0 -j limit-575 +-A INPUT -i eth0 -j limit-576 +-A INPUT -i eth0 -j limit-577 +-A INPUT -i eth0 -j limit-578 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-580 +-A INPUT -i eth0 -j limit-581 +-A INPUT -i eth0 -j limit-582 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-584 +-A INPUT -i eth0 -j limit-585 +-A INPUT -i eth0 -j limit-586 +-A INPUT -i eth0 -j limit-587 +-A INPUT -i eth0 -j limit-588 +-A INPUT -i eth0 -j limit-589 +-A INPUT -i eth0 -j limit-590 +-A INPUT -i eth0 -j limit-591 +-A INPUT -i eth0 -j limit-592 +-A INPUT -i eth0 -j limit-593 +-A INPUT -i eth0 -j limit-594 +-A INPUT -i eth0 -j limit-595 +-A INPUT -i eth0 -j limit-596 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-598 +-A INPUT -i eth0 -j limit-599 +-A INPUT -i eth0 -j limit-600 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-602 +-A INPUT -i eth0 -j limit-603 +-A INPUT -i eth0 -j limit-604 +-A INPUT -i eth0 -j limit-605 +-A INPUT -i eth0 -j limit-606 +-A INPUT -i eth0 -j limit-607 +-A INPUT -i eth0 -j limit-608 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-610 +-A INPUT -i eth0 -j limit-611 +-A INPUT -i eth0 -j limit-612 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-614 +-A INPUT -i eth0 -j limit-615 +-A INPUT -i eth0 -j limit-616 +-A INPUT -i eth0 -j limit-617 +-A INPUT -i eth0 -j limit-618 +-A INPUT -i eth0 -j limit-619 +-A INPUT -i eth0 -j limit-620 +-A INPUT -i eth0 -j limit-621 +-A INPUT -i eth0 -j limit-622 +-A INPUT -i eth0 -j limit-623 +-A INPUT -i eth0 -j limit-624 +-A INPUT -i eth0 -j limit-625 +-A INPUT -i eth0 -j limit-626 +-A INPUT -i eth0 -j limit-627 +-A INPUT -i eth0 -j limit-628 +-A INPUT -i eth0 -j limit-629 +-A INPUT -i eth0 -j limit-630 +-A INPUT -i eth0 -j limit-631 +-A INPUT -i eth0 -j limit-632 +-A INPUT -i eth0 -j limit-633 +-A INPUT -i eth0 -j limit-634 +-A INPUT -i eth0 -j limit-635 +-A INPUT -i eth0 -j limit-636 +-A INPUT -i eth0 -j limit-637 +-A INPUT -i eth0 -j limit-638 +-A INPUT -i eth0 -j limit-639 +-A INPUT -i eth0 -j limit-640 +-A INPUT -i eth0 -j limit-641 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-109 +-A INPUT -j logdrop-199 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT --A INPUT -j logaccept-8 --A INPUT -j logdrop-110 +-A INPUT -j logaccept-14 +-A INPUT -j logdrop-200 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -6792,6 +12158,210 @@ hash:net family inet -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-427 +-A OUTPUT -j limit-426 +-A OUTPUT -j limit-425 +-A OUTPUT -j limit-424 +-A OUTPUT -j limit-423 +-A OUTPUT -j limit-422 +-A OUTPUT -j limit-421 +-A OUTPUT -j limit-420 +-A OUTPUT -j limit-419 +-A OUTPUT -j limit-418 +-A OUTPUT -j limit-417 +-A OUTPUT -j limit-416 +-A OUTPUT -j limit-415 +-A OUTPUT -j limit-414 +-A OUTPUT -j limit-413 +-A OUTPUT -j limit-412 +-A OUTPUT -j limit-411 +-A OUTPUT -j limit-410 +-A OUTPUT -j limit-409 +-A OUTPUT -j limit-408 +-A OUTPUT -j limit-407 +-A OUTPUT -j limit-406 +-A OUTPUT -j limit-405 +-A OUTPUT -j limit-404 +-A OUTPUT -j limit-403 +-A OUTPUT -j limit-402 +-A OUTPUT -j limit-401 +-A OUTPUT -j limit-400 +-A OUTPUT -j limit-399 +-A OUTPUT -j limit-398 +-A OUTPUT -j limit-397 +-A OUTPUT -j limit-396 +-A OUTPUT -j limit-395 +-A OUTPUT -j limit-394 +-A OUTPUT -j limit-393 +-A OUTPUT -j limit-392 +-A OUTPUT -j limit-391 +-A OUTPUT -j limit-390 +-A OUTPUT -j limit-389 +-A OUTPUT -j limit-388 +-A OUTPUT -j limit-387 +-A OUTPUT -j limit-386 +-A OUTPUT -j limit-385 +-A OUTPUT -j limit-384 +-A OUTPUT -j limit-383 +-A OUTPUT -j limit-382 +-A OUTPUT -j limit-381 +-A OUTPUT -j limit-380 +-A OUTPUT -j limit-379 +-A OUTPUT -j limit-378 +-A OUTPUT -j limit-377 +-A OUTPUT -j limit-376 +-A OUTPUT -j limit-375 +-A OUTPUT -j limit-374 +-A OUTPUT -j limit-373 +-A OUTPUT -j limit-372 +-A OUTPUT -j limit-371 +-A OUTPUT -j limit-370 +-A OUTPUT -j limit-369 +-A OUTPUT -j limit-368 +-A OUTPUT -j limit-367 +-A OUTPUT -j limit-366 +-A OUTPUT -j limit-365 +-A OUTPUT -j limit-364 +-A OUTPUT -j limit-363 +-A OUTPUT -j limit-362 +-A OUTPUT -j limit-361 +-A OUTPUT -j limit-360 +-A OUTPUT -j limit-359 +-A OUTPUT -j limit-358 +-A OUTPUT -j limit-357 +-A OUTPUT -j limit-356 +-A OUTPUT -j limit-355 +-A OUTPUT -j limit-354 +-A OUTPUT -j limit-353 +-A OUTPUT -j limit-352 +-A OUTPUT -j limit-351 +-A OUTPUT -j limit-350 +-A OUTPUT -j limit-349 +-A OUTPUT -j limit-348 +-A OUTPUT -j limit-347 +-A OUTPUT -j limit-346 +-A OUTPUT -j limit-345 +-A OUTPUT -j limit-344 +-A OUTPUT -j limit-343 +-A OUTPUT -j limit-342 +-A OUTPUT -j limit-341 +-A OUTPUT -j limit-340 +-A OUTPUT -j limit-339 +-A OUTPUT -j limit-338 +-A OUTPUT -j limit-337 +-A OUTPUT -j limit-336 +-A OUTPUT -j limit-335 +-A OUTPUT -j limit-334 +-A OUTPUT -j limit-333 +-A OUTPUT -j limit-332 +-A OUTPUT -j limit-331 +-A OUTPUT -j limit-330 +-A OUTPUT -j limit-329 +-A OUTPUT -j limit-328 +-A OUTPUT -j limit-327 +-A OUTPUT -j limit-326 +-A OUTPUT -j limit-325 +-A OUTPUT -j limit-324 +-A OUTPUT -j limit-323 +-A OUTPUT -j limit-322 +-A OUTPUT -j limit-321 +-A OUTPUT -j limit-320 +-A OUTPUT -j limit-319 +-A OUTPUT -j limit-318 +-A OUTPUT -j limit-317 +-A OUTPUT -j limit-316 +-A OUTPUT -j limit-315 +-A OUTPUT -j limit-314 +-A OUTPUT -j limit-313 +-A OUTPUT -j limit-312 +-A OUTPUT -j limit-311 +-A OUTPUT -j limit-310 +-A OUTPUT -j limit-309 +-A OUTPUT -j limit-308 +-A OUTPUT -j limit-307 +-A OUTPUT -j limit-306 +-A OUTPUT -j limit-305 +-A OUTPUT -j limit-304 +-A OUTPUT -j limit-303 +-A OUTPUT -j limit-302 +-A OUTPUT -j limit-301 +-A OUTPUT -j limit-300 +-A OUTPUT -j limit-299 +-A OUTPUT -j limit-298 +-A OUTPUT -j limit-297 +-A OUTPUT -j limit-296 +-A OUTPUT -j limit-295 +-A OUTPUT -j limit-294 +-A OUTPUT -j limit-293 +-A OUTPUT -j limit-292 +-A OUTPUT -j limit-291 +-A OUTPUT -j limit-290 +-A OUTPUT -j limit-289 +-A OUTPUT -j limit-288 +-A OUTPUT -j limit-287 +-A OUTPUT -j limit-286 +-A OUTPUT -j limit-285 +-A OUTPUT -j limit-284 +-A OUTPUT -j limit-283 +-A OUTPUT -j limit-282 +-A OUTPUT -j limit-281 +-A OUTPUT -j limit-280 +-A OUTPUT -j limit-279 +-A OUTPUT -j limit-278 +-A OUTPUT -j limit-277 +-A OUTPUT -j limit-276 +-A OUTPUT -j limit-275 +-A OUTPUT -j limit-274 +-A OUTPUT -j limit-273 +-A OUTPUT -j limit-272 +-A OUTPUT -j limit-271 +-A OUTPUT -j limit-270 +-A OUTPUT -j limit-269 +-A OUTPUT -j limit-268 +-A OUTPUT -j limit-267 +-A OUTPUT -j limit-266 +-A OUTPUT -j limit-265 +-A OUTPUT -j limit-264 +-A OUTPUT -j limit-263 +-A OUTPUT -j limit-262 +-A OUTPUT -j limit-261 +-A OUTPUT -j limit-260 +-A OUTPUT -j limit-259 +-A OUTPUT -j limit-258 +-A OUTPUT -j limit-257 +-A OUTPUT -j limit-256 +-A OUTPUT -j limit-255 +-A OUTPUT -j limit-254 +-A OUTPUT -j limit-253 +-A OUTPUT -j limit-252 +-A OUTPUT -j limit-251 +-A OUTPUT -j limit-250 +-A OUTPUT -j limit-249 +-A OUTPUT -j limit-248 +-A OUTPUT -j limit-247 +-A OUTPUT -j limit-246 +-A OUTPUT -j limit-245 +-A OUTPUT -j limit-244 +-A OUTPUT -j limit-243 +-A OUTPUT -j limit-242 +-A OUTPUT -j limit-241 +-A OUTPUT -j limit-240 +-A OUTPUT -j limit-239 +-A OUTPUT -j limit-238 +-A OUTPUT -j limit-237 +-A OUTPUT -j limit-236 +-A OUTPUT -j limit-235 +-A OUTPUT -j limit-234 +-A OUTPUT -j limit-233 +-A OUTPUT -j limit-232 +-A OUTPUT -j limit-231 +-A OUTPUT -j limit-230 +-A OUTPUT -j limit-229 +-A OUTPUT -j limit-228 +-A OUTPUT -j limit-227 +-A OUTPUT -j limit-226 +-A OUTPUT -j limit-225 +-A OUTPUT -j limit-224 -A OUTPUT -j limit-223 -A OUTPUT -j limit-222 -A OUTPUT -j limit-221 @@ -6802,108 +12372,6 @@ hash:net family inet -A OUTPUT -j limit-216 -A OUTPUT -j limit-215 -A OUTPUT -j limit-214 --A OUTPUT -j limit-213 --A OUTPUT -j limit-212 --A OUTPUT -j limit-211 --A OUTPUT -j limit-210 --A OUTPUT -j limit-209 --A OUTPUT -j limit-208 --A OUTPUT -j limit-207 --A OUTPUT -j limit-206 --A OUTPUT -j limit-205 --A OUTPUT -j limit-204 --A OUTPUT -j limit-203 --A OUTPUT -j limit-202 --A OUTPUT -j limit-201 --A OUTPUT -j limit-200 --A OUTPUT -j limit-199 --A OUTPUT -j limit-198 --A OUTPUT -j limit-197 --A OUTPUT -j limit-196 --A OUTPUT -j limit-195 --A OUTPUT -j limit-194 --A OUTPUT -j limit-193 --A OUTPUT -j limit-192 --A OUTPUT -j limit-191 --A OUTPUT -j limit-190 --A OUTPUT -j limit-189 --A OUTPUT -j limit-188 --A OUTPUT -j limit-187 --A OUTPUT -j limit-186 --A OUTPUT -j limit-185 --A OUTPUT -j limit-184 --A OUTPUT -j limit-183 --A OUTPUT -j limit-182 --A OUTPUT -j limit-181 --A OUTPUT -j limit-180 --A OUTPUT -j limit-179 --A OUTPUT -j limit-178 --A OUTPUT -j limit-177 --A OUTPUT -j limit-176 --A OUTPUT -j limit-175 --A OUTPUT -j limit-174 --A OUTPUT -j limit-173 --A OUTPUT -j limit-172 --A OUTPUT -j limit-171 --A OUTPUT -j limit-170 --A OUTPUT -j limit-169 --A OUTPUT -j limit-168 --A OUTPUT -j limit-167 --A OUTPUT -j limit-166 --A OUTPUT -j limit-165 --A OUTPUT -j limit-164 --A OUTPUT -j limit-163 --A OUTPUT -j limit-162 --A OUTPUT -j limit-161 --A OUTPUT -j limit-160 --A OUTPUT -j limit-159 --A OUTPUT -j limit-158 --A OUTPUT -j limit-157 --A OUTPUT -j limit-156 --A OUTPUT -j limit-155 --A OUTPUT -j limit-154 --A OUTPUT -j limit-153 --A OUTPUT -j limit-152 --A OUTPUT -j limit-151 --A OUTPUT -j limit-150 --A OUTPUT -j limit-149 --A OUTPUT -j limit-148 --A OUTPUT -j limit-147 --A OUTPUT -j limit-146 --A OUTPUT -j limit-145 --A OUTPUT -j limit-144 --A OUTPUT -j limit-143 --A OUTPUT -j limit-142 --A OUTPUT -j limit-141 --A OUTPUT -j limit-140 --A OUTPUT -j limit-139 --A OUTPUT -j limit-138 --A OUTPUT -j limit-137 --A OUTPUT -j limit-136 --A OUTPUT -j limit-135 --A OUTPUT -j limit-134 --A OUTPUT -j limit-133 --A OUTPUT -j limit-132 --A OUTPUT -j limit-131 --A OUTPUT -j limit-130 --A OUTPUT -j limit-129 --A OUTPUT -j limit-128 --A OUTPUT -j limit-127 --A OUTPUT -j limit-126 --A OUTPUT -j limit-125 --A OUTPUT -j limit-124 --A OUTPUT -j limit-123 --A OUTPUT -j limit-122 --A OUTPUT -j limit-121 --A OUTPUT -j limit-120 --A OUTPUT -j limit-119 --A OUTPUT -j limit-118 --A OUTPUT -j limit-117 --A OUTPUT -j limit-116 --A OUTPUT -j limit-115 --A OUTPUT -j limit-114 --A OUTPUT -j limit-113 --A OUTPUT -j limit-112 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -7021,9 +12489,111 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-106 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-107 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-108 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-109 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-110 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-111 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-112 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-54 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-114 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-115 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-116 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-117 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-118 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-119 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-120 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-62 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-122 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-123 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-124 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-66 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-126 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-127 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-128 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-129 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-130 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-131 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-132 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-133 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-134 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-135 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-136 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-137 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-138 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-140 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-141 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-142 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-144 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-145 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-146 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-147 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-148 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-149 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-150 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-152 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-153 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-154 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-156 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-157 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-158 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-159 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-160 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-161 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-162 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-163 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-164 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-165 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-166 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-167 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-168 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-170 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-171 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-172 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-174 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-175 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-176 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-177 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-178 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-179 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-180 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-182 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-183 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-184 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-186 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-187 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-188 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-189 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-190 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-191 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-192 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-193 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-194 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-195 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-196 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-197 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-198 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-199 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-200 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-201 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-202 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-203 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-204 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-205 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-206 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-207 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-208 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-209 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-210 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-211 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-212 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-213 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -7084,6 +12654,114 @@ hash:net family inet -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-19 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-20 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-21 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-22 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-23 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-24 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-25 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-26 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-27 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-28 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-29 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-30 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-31 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-32 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-33 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-34 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-35 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-36 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-37 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -7148,13 +12826,13 @@ hash:net family inet -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-109 +-A OUTPUT -j logdrop-199 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT --A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-110 +-A OUTPUT -j logaccept-14 +-A OUTPUT -j logdrop-200 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -7180,574 +12858,1153 @@ hash:net family inet -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-100 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j ACCEPT --A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -j DROP --A limit-101 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN --A limit-101 -m limit --limit 1/second -j LOG --A limit-101 -j DROP --A limit-102 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j logaccept-1 --A limit-102 -m limit --limit 1/second -j LOG --A limit-102 -j DROP --A limit-103 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j ACCEPT --A limit-103 -m limit --limit 1/second -j LOG --A limit-103 -j DROP --A limit-104 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT --A limit-104 -j DROP --A limit-105 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN --A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-2 --A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT --A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT --A limit-108 -j DROP --A limit-109 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN --A limit-109 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-41 +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-42 +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set +-A limit-102 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-43 +-A limit-102 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-103 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-44 +-A limit-103 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-104 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-45 +-A limit-104 -m limit --limit 1/second -j LOG +-A limit-104 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-105 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-46 +-A limit-105 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-47 +-A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-48 +-A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-49 +-A limit-108 -j ACCEPT -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set --A limit-110 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-3 --A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT --A limit-111 -j DROP --A limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --set --A limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --set --A limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --set --A limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set --A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set +-A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-51 +-A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -j ACCEPT +-A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-52 +-A limit-111 -m limit --limit 1/second -j LOG +-A limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-53 +-A limit-112 -j ACCEPT +-A limit-114 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-55 +-A limit-114 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-115 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-56 +-A limit-115 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-116 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-57 +-A limit-116 -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-117 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-58 +-A limit-117 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-118 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-59 +-A limit-118 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-119 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-60 +-A limit-119 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set --A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 --A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set --A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 --A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-120 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-61 +-A limit-120 -j ACCEPT +-A limit-122 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-63 +-A limit-122 -m limit --limit 1/second -j LOG +-A limit-122 -j ACCEPT +-A limit-123 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-64 +-A limit-123 -m limit --limit 1/second -j LOG +-A limit-124 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-65 +-A limit-124 -j ACCEPT +-A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set +-A limit-128 -m recent --name limit-128 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-128 -m limit --limit 1/second -j LOG +-A limit-128 -m recent --name limit-128 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-129 -m recent --name limit-129 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-129 -m recent --name limit-129 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-55 --A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-56 --A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-57 --A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-58 --A limit-133 -m limit --limit 1/second -j LOG --A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-59 --A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-60 --A limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 --A limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 --A limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 --A limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 --A limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-130 -m recent --name limit-130 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-130 -m recent --name limit-130 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-131 -m recent --name limit-131 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-131 -m recent --name limit-131 --rsource --mask 255.255.255.255 --set +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-134 -m limit --limit 1/second -j LOG +-A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-136 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-136 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-137 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-137 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-138 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-138 -j ACCEPT -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 --A limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 --A limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-142 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 --A limit-143 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 --A limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 --A limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 --A limit-145 -m limit --limit 1/second -j LOG --A limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 --A limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 --A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set --A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set +-A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-140 -m limit --limit 1/second -j LOG +-A limit-140 -j ACCEPT +-A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-141 -m limit --limit 1/second -j LOG +-A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-142 -j ACCEPT +-A limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-146 -m limit --limit 1/second -j LOG +-A limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-148 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-148 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-149 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-149 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set --A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set --A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set --A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-150 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-150 -j ACCEPT +-A limit-152 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-152 -m limit --limit 1/second -j LOG +-A limit-152 -j ACCEPT +-A limit-153 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-153 -m limit --limit 1/second -j LOG +-A limit-154 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-154 -j ACCEPT +-A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set +-A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-158 -m limit --limit 1/second -j LOG +-A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-160 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-161 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-163 -m limit --limit 1/second -j LOG --A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set +-A limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-164 -m limit --limit 1/second -j LOG +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-168 -j ACCEPT -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-172 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-173 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-175 -m limit --limit 1/second -j LOG --A limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set --A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set +-A limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-170 -m limit --limit 1/second -j LOG +-A limit-170 -j ACCEPT +-A limit-171 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-171 -m limit --limit 1/second -j LOG +-A limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-172 -j ACCEPT +-A limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-176 -m limit --limit 1/second -j LOG +-A limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-178 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-178 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-179 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-179 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-18 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19 -A limit-18 -j ACCEPT --A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set --A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --set --A limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --set --A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-193 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-180 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-180 -j ACCEPT +-A limit-182 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-182 -m limit --limit 1/second -j LOG +-A limit-182 -j ACCEPT +-A limit-183 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-183 -m limit --limit 1/second -j LOG +-A limit-184 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-184 -j ACCEPT +-A limit-186 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-186 -j ACCEPT +-A limit-186 -m limit --limit 1/second -j LOG +-A limit-186 -j DROP +-A limit-187 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-187 -j RETURN +-A limit-187 -m limit --limit 1/second -j LOG +-A limit-187 -j DROP +-A limit-188 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-188 -j logaccept-0 +-A limit-188 -m limit --limit 1/second -j LOG +-A limit-188 -j DROP +-A limit-189 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-189 -j ACCEPT +-A limit-189 -m limit --limit 1/second -j LOG +-A limit-189 -j DROP +-A limit-190 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-190 -j ACCEPT +-A limit-190 -m limit --limit 1/second -j LOG +-A limit-190 -j DROP +-A limit-191 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-191 -j RETURN +-A limit-191 -m limit --limit 1/second -j LOG +-A limit-191 -j DROP +-A limit-192 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-192 -j logaccept-1 +-A limit-192 -m limit --limit 1/second -j LOG +-A limit-192 -j DROP +-A limit-193 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-193 -j ACCEPT -A limit-193 -m limit --limit 1/second -j LOG --A limit-194 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-195 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-193 -j DROP +-A limit-194 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-194 -j ACCEPT +-A limit-194 -j DROP +-A limit-195 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-195 -j RETURN +-A limit-195 -j DROP +-A limit-196 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-196 -j logaccept-2 +-A limit-196 -j DROP +-A limit-197 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-197 -j ACCEPT +-A limit-197 -j DROP +-A limit-198 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-198 -j ACCEPT +-A limit-198 -j DROP +-A limit-199 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-199 -j RETURN +-A limit-199 -j DROP -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-20 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG -A limit-20 -j ACCEPT --A limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-202 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-203 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-204 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-205 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-200 -j logaccept-3 +-A limit-200 -j DROP +-A limit-201 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-201 -j ACCEPT +-A limit-201 -j DROP +-A limit-202 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-202 -j ACCEPT +-A limit-202 -m limit --limit 1/second -j LOG +-A limit-202 -j DROP +-A limit-203 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-203 -j RETURN +-A limit-203 -m limit --limit 1/second -j LOG +-A limit-203 -j DROP +-A limit-204 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-204 -j logaccept-4 +-A limit-204 -m limit --limit 1/second -j LOG +-A limit-204 -j DROP +-A limit-205 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-205 -j ACCEPT -A limit-205 -m limit --limit 1/second -j LOG --A limit-206 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-207 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-208 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j RETURN --A limit-208 -m limit --limit 1/second -j LOG +-A limit-205 -j DROP +-A limit-206 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-206 -j ACCEPT +-A limit-206 -j DROP +-A limit-207 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-207 -j RETURN +-A limit-207 -j DROP +-A limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j logaccept-5 -A limit-208 -j DROP --A limit-209 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j RETURN --A limit-209 -m limit --limit 1/second -j LOG +-A limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j ACCEPT -A limit-209 -j DROP -A limit-21 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22 -A limit-21 -m limit --limit 1/second -j LOG --A limit-210 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j RETURN --A limit-210 -m limit --limit 1/second -j LOG +-A limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j ACCEPT -A limit-210 -j DROP --A limit-211 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN --A limit-211 -m limit --limit 1/second -j LOG +-A limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN -A limit-211 -j DROP --A limit-212 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j RETURN --A limit-212 -m limit --limit 1/second -j LOG +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j logaccept-6 -A limit-212 -j DROP --A limit-213 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN --A limit-213 -m limit --limit 1/second -j LOG +-A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j ACCEPT -A limit-213 -j DROP --A limit-214 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j RETURN --A limit-214 -m limit --limit 1/second -j LOG --A limit-214 -j DROP --A limit-215 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j RETURN --A limit-215 -m limit --limit 1/second -j LOG --A limit-215 -j DROP --A limit-216 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j RETURN --A limit-216 -j DROP --A limit-217 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN --A limit-217 -j DROP --A limit-218 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j RETURN --A limit-218 -j DROP --A limit-219 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j RETURN --A limit-219 -j DROP +-A limit-214 -m recent --name limit-214 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-214 -m recent --name limit-214 --rsource --mask 255.255.255.255 --set +-A limit-215 -m recent --name limit-215 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-68 +-A limit-215 -m recent --name limit-215 --rsource --mask 255.255.255.255 --set +-A limit-216 -m recent --name limit-216 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-216 -m recent --name limit-216 --rsource --mask 255.255.255.255 --set +-A limit-217 -m recent --name limit-217 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-217 -m recent --name limit-217 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-218 -m recent --name limit-218 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-218 -m recent --name limit-218 --rsource --mask 255.255.255.255 --set +-A limit-219 -m recent --name limit-219 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-72 +-A limit-219 -m recent --name limit-219 --rsource --mask 255.255.255.255 --set -A limit-22 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23 -A limit-22 -j ACCEPT --A limit-220 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j RETURN --A limit-220 -j DROP --A limit-221 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN --A limit-221 -j DROP --A limit-222 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j RETURN --A limit-222 -j DROP --A limit-223 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j RETURN --A limit-223 -j DROP --A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 --A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-220 -m recent --name limit-220 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 +-A limit-220 -m recent --name limit-220 --rsource --mask 255.255.255.255 --set +-A limit-221 -m recent --name limit-221 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-221 -m recent --name limit-221 --rsource --mask 255.255.255.255 --set +-A limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 +-A limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --set +-A limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 +-A limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 +-A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set +-A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 -A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set --A limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 --A limit-226 -m limit --limit 1/second -j LOG --A limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 --A limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 --A limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 --A limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --set --A limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 --A limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 --A limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --set --A limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 --A limit-232 -m limit --limit 1/second -j LOG --A limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 --A limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 --A limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 --A limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --set --A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-85 --A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-86 --A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-87 --A limit-238 -m limit --limit 1/second -j LOG --A limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-88 --A limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-226 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 +-A limit-226 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-227 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 +-A limit-227 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-228 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 +-A limit-228 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-229 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 +-A limit-229 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-230 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 +-A limit-230 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-231 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 +-A limit-231 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-232 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-85 +-A limit-233 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-86 +-A limit-234 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-87 +-A limit-235 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-88 +-A limit-235 -m limit --limit 1/second -j LOG +-A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-89 +-A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-90 +-A limit-238 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-91 +-A limit-238 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-239 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-92 +-A limit-239 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 -A limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-89 --A limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-90 --A limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-242 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-91 --A limit-242 -j ACCEPT --A limit-244 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-93 --A limit-244 -m limit --limit 1/second -j LOG --A limit-244 -j ACCEPT --A limit-245 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-94 --A limit-245 -m limit --limit 1/second -j LOG --A limit-246 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-95 --A limit-246 -j ACCEPT --A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-97 --A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-98 --A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-240 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-93 +-A limit-240 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-241 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-94 +-A limit-241 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-242 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-95 +-A limit-242 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-243 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-96 +-A limit-243 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-244 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-97 +-A limit-245 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-98 +-A limit-246 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-99 +-A limit-247 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-100 +-A limit-247 -m limit --limit 1/second -j LOG +-A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-101 +-A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-102 -A limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 -A limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-99 --A limit-250 -m limit --limit 1/second -j LOG --A limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-100 --A limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-101 --A limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-102 --A limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-254 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-103 --A limit-254 -j ACCEPT --A limit-256 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-105 --A limit-256 -m limit --limit 1/second -j LOG --A limit-256 -j ACCEPT --A limit-257 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-106 --A limit-257 -m limit --limit 1/second -j LOG --A limit-258 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-107 --A limit-258 -j ACCEPT +-A limit-250 -m recent --name limit-250 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-250 -m recent --name limit-250 --rsource --mask 255.255.255.255 --set +-A limit-251 -m recent --name limit-251 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-251 -m recent --name limit-251 --rsource --mask 255.255.255.255 --set +-A limit-252 -m recent --name limit-252 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-252 -m recent --name limit-252 --rsource --mask 255.255.255.255 --set +-A limit-253 -m recent --name limit-253 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-253 -m recent --name limit-253 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-254 -m recent --name limit-254 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-254 -m recent --name limit-254 --rsource --mask 255.255.255.255 --set +-A limit-255 -m recent --name limit-255 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-255 -m recent --name limit-255 --rsource --mask 255.255.255.255 --set +-A limit-256 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-256 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-257 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-257 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-258 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-258 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-259 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-259 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-26 -m limit --limit 1/second -j LOG -A limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --set --A limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-262 -m limit --limit 1/second -j LOG --A limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --set --A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-268 -m limit --limit 1/second -j LOG --A limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-260 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-260 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-261 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-261 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-262 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-263 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-264 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m limit --limit 1/second -j LOG +-A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-269 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-269 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 -A limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-272 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-272 -j ACCEPT --A limit-274 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-274 -m limit --limit 1/second -j LOG --A limit-274 -j ACCEPT --A limit-275 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-275 -m limit --limit 1/second -j LOG --A limit-276 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-276 -j ACCEPT --A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-270 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-270 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-271 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-271 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-272 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-272 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-273 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-273 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-274 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-275 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-276 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-277 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-277 -m limit --limit 1/second -j LOG +-A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 -A limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-280 -m limit --limit 1/second -j LOG --A limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-284 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-284 -j ACCEPT --A limit-286 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-286 -m limit --limit 1/second -j LOG --A limit-286 -j ACCEPT --A limit-287 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-287 -m limit --limit 1/second -j LOG --A limit-288 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-288 -j ACCEPT +-A limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --set +-A limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --set +-A limit-282 -m recent --name limit-282 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-282 -m recent --name limit-282 --rsource --mask 255.255.255.255 --set +-A limit-283 -m recent --name limit-283 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-283 -m recent --name limit-283 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-284 -m recent --name limit-284 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-284 -m recent --name limit-284 --rsource --mask 255.255.255.255 --set +-A limit-285 -m recent --name limit-285 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-285 -m recent --name limit-285 --rsource --mask 255.255.255.255 --set +-A limit-286 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-286 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-287 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-287 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-288 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-288 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-289 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-289 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 -A limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --set --A limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-292 -m limit --limit 1/second -j LOG --A limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --set --A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-298 -m limit --limit 1/second -j LOG --A limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-290 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-290 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-291 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-291 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-292 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-293 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-294 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m limit --limit 1/second -j LOG +-A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-299 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-299 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-30 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-31 -A limit-30 -j ACCEPT --A limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-302 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-302 -j ACCEPT --A limit-304 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-304 -m limit --limit 1/second -j LOG --A limit-304 -j ACCEPT --A limit-305 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-305 -m limit --limit 1/second -j LOG --A limit-306 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-306 -j ACCEPT --A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-310 -m limit --limit 1/second -j LOG --A limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-314 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-314 -j ACCEPT --A limit-316 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-316 -m limit --limit 1/second -j LOG --A limit-316 -j ACCEPT --A limit-317 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-317 -m limit --limit 1/second -j LOG --A limit-318 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-318 -j ACCEPT +-A limit-300 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-300 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-301 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-301 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-302 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-302 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-303 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-303 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-304 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-305 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-306 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-307 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-307 -m limit --limit 1/second -j LOG +-A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-310 -m recent --name limit-310 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-103 +-A limit-310 -m recent --name limit-310 --rsource --mask 255.255.255.255 --set +-A limit-311 -m recent --name limit-311 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-104 +-A limit-311 -m recent --name limit-311 --rsource --mask 255.255.255.255 --set +-A limit-312 -m recent --name limit-312 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-105 +-A limit-312 -m recent --name limit-312 --rsource --mask 255.255.255.255 --set +-A limit-313 -m recent --name limit-313 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-106 +-A limit-313 -m recent --name limit-313 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-314 -m recent --name limit-314 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-107 +-A limit-314 -m recent --name limit-314 --rsource --mask 255.255.255.255 --set +-A limit-315 -m recent --name limit-315 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-108 +-A limit-315 -m recent --name limit-315 --rsource --mask 255.255.255.255 --set +-A limit-316 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-109 +-A limit-316 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-317 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-110 +-A limit-317 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-318 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-111 +-A limit-318 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-319 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-112 +-A limit-319 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-32 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-33 -A limit-32 -m limit --limit 1/second -j LOG -A limit-32 -j ACCEPT --A limit-320 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-320 -j ACCEPT --A limit-320 -m limit --limit 1/second -j LOG --A limit-320 -j DROP --A limit-321 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-321 -j RETURN --A limit-321 -m limit --limit 1/second -j LOG --A limit-321 -j DROP --A limit-322 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-322 -j logaccept-4 --A limit-322 -m limit --limit 1/second -j LOG --A limit-322 -j DROP --A limit-323 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-323 -j ACCEPT --A limit-323 -m limit --limit 1/second -j LOG --A limit-323 -j DROP --A limit-324 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-324 -j ACCEPT --A limit-324 -m limit --limit 1/second -j LOG --A limit-324 -j DROP --A limit-325 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-325 -j RETURN +-A limit-320 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-113 +-A limit-320 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-321 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-114 +-A limit-321 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-322 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-115 +-A limit-323 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-116 +-A limit-324 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-117 +-A limit-325 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-118 -A limit-325 -m limit --limit 1/second -j LOG --A limit-325 -j DROP --A limit-326 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-326 -j logaccept-5 --A limit-326 -m limit --limit 1/second -j LOG --A limit-326 -j DROP --A limit-327 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-327 -j ACCEPT --A limit-327 -m limit --limit 1/second -j LOG --A limit-327 -j DROP --A limit-328 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-328 -j ACCEPT --A limit-328 -j DROP --A limit-329 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-329 -j RETURN --A limit-329 -j DROP +-A limit-326 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-119 +-A limit-327 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-120 +-A limit-328 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-121 +-A limit-328 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-329 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-122 +-A limit-329 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-33 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-34 -A limit-33 -m limit --limit 1/second -j LOG --A limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-330 -j logaccept-6 --A limit-330 -j DROP --A limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-331 -j ACCEPT --A limit-331 -j DROP --A limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-332 -j ACCEPT --A limit-332 -j DROP --A limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-333 -j RETURN --A limit-333 -j DROP --A limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-334 -j logaccept-7 --A limit-334 -j DROP --A limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-335 -j ACCEPT --A limit-335 -j DROP +-A limit-330 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-123 +-A limit-330 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-331 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-124 +-A limit-331 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-332 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-125 +-A limit-332 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-333 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-126 +-A limit-333 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-334 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-127 +-A limit-335 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-128 +-A limit-336 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-129 +-A limit-337 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-130 +-A limit-337 -m limit --limit 1/second -j LOG +-A limit-338 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-131 +-A limit-339 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-132 -A limit-34 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-35 -A limit-34 -j ACCEPT +-A limit-340 -m recent --name limit-340 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-340 -m recent --name limit-340 --rsource --mask 255.255.255.255 --set +-A limit-341 -m recent --name limit-341 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-341 -m recent --name limit-341 --rsource --mask 255.255.255.255 --set +-A limit-342 -m recent --name limit-342 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-342 -m recent --name limit-342 --rsource --mask 255.255.255.255 --set +-A limit-343 -m recent --name limit-343 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-343 -m recent --name limit-343 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-344 -m recent --name limit-344 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-344 -m recent --name limit-344 --rsource --mask 255.255.255.255 --set +-A limit-345 -m recent --name limit-345 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-345 -m recent --name limit-345 --rsource --mask 255.255.255.255 --set +-A limit-346 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-346 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-347 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-347 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-348 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-348 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-349 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-349 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-350 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-350 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-351 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-351 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-352 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-353 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-354 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-355 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-355 -m limit --limit 1/second -j LOG +-A limit-356 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-357 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-358 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-358 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-359 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-359 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-360 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-360 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-361 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-361 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-362 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-362 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-363 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-363 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-364 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-365 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-366 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-367 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-367 -m limit --limit 1/second -j LOG +-A limit-368 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-369 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP -A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --set +-A limit-370 -m recent --name limit-370 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-370 -m recent --name limit-370 --rsource --mask 255.255.255.255 --set +-A limit-371 -m recent --name limit-371 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-371 -m recent --name limit-371 --rsource --mask 255.255.255.255 --set +-A limit-372 -m recent --name limit-372 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-372 -m recent --name limit-372 --rsource --mask 255.255.255.255 --set +-A limit-373 -m recent --name limit-373 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-373 -m recent --name limit-373 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-374 -m recent --name limit-374 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-374 -m recent --name limit-374 --rsource --mask 255.255.255.255 --set +-A limit-375 -m recent --name limit-375 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-375 -m recent --name limit-375 --rsource --mask 255.255.255.255 --set +-A limit-376 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-376 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-377 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-377 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-378 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-378 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-379 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-379 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG -A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-380 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-380 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-381 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-381 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-382 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-383 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-384 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-385 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-385 -m limit --limit 1/second -j LOG +-A limit-386 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-387 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-388 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-388 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-389 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-389 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-390 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-390 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-391 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-391 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-392 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-392 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-393 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-393 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-394 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-395 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-396 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-397 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-397 -m limit --limit 1/second -j LOG +-A limit-398 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-399 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-400 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-400 -j RETURN +-A limit-400 -m limit --limit 1/second -j LOG +-A limit-400 -j DROP +-A limit-401 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-401 -j RETURN +-A limit-401 -m limit --limit 1/second -j LOG +-A limit-401 -j DROP +-A limit-402 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-402 -j RETURN +-A limit-402 -m limit --limit 1/second -j LOG +-A limit-402 -j DROP +-A limit-403 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-403 -j RETURN +-A limit-403 -m limit --limit 1/second -j LOG +-A limit-403 -j DROP +-A limit-404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-404 -j RETURN +-A limit-404 -m limit --limit 1/second -j LOG +-A limit-404 -j DROP +-A limit-405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-405 -j RETURN +-A limit-405 -m limit --limit 1/second -j LOG +-A limit-405 -j DROP +-A limit-406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-406 -j RETURN +-A limit-406 -m limit --limit 1/second -j LOG +-A limit-406 -j DROP +-A limit-407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-407 -j RETURN +-A limit-407 -m limit --limit 1/second -j LOG +-A limit-407 -j DROP +-A limit-408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-408 -j RETURN +-A limit-408 -j DROP +-A limit-409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-409 -j RETURN +-A limit-409 -j DROP -A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set +-A limit-410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-410 -j RETURN +-A limit-410 -j DROP +-A limit-411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-411 -j RETURN +-A limit-411 -j DROP +-A limit-412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-412 -j RETURN +-A limit-412 -j DROP +-A limit-413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-413 -j RETURN +-A limit-413 -j DROP +-A limit-414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-414 -j RETURN +-A limit-414 -j DROP +-A limit-415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-415 -j RETURN +-A limit-415 -j DROP +-A limit-416 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-416 -j RETURN +-A limit-416 -m limit --limit 1/second -j LOG +-A limit-416 -j DROP +-A limit-417 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-417 -j RETURN +-A limit-417 -m limit --limit 1/second -j LOG +-A limit-417 -j DROP +-A limit-418 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-418 -j RETURN +-A limit-418 -m limit --limit 1/second -j LOG +-A limit-418 -j DROP +-A limit-419 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-419 -j RETURN +-A limit-419 -m limit --limit 1/second -j LOG +-A limit-419 -j DROP -A limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-420 -j RETURN +-A limit-420 -j DROP +-A limit-421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-421 -j RETURN +-A limit-421 -j DROP +-A limit-422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-422 -j RETURN +-A limit-422 -j DROP +-A limit-423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-423 -j RETURN +-A limit-423 -j DROP +-A limit-424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-424 -j RETURN +-A limit-424 -j DROP +-A limit-425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-425 -j RETURN +-A limit-425 -j DROP +-A limit-426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-426 -j RETURN +-A limit-426 -j DROP +-A limit-427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-427 -j RETURN +-A limit-427 -j DROP +-A limit-428 -m recent --name limit-428 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-133 +-A limit-428 -m recent --name limit-428 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-429 -m recent --name limit-429 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-134 +-A limit-429 -m recent --name limit-429 --rsource --mask 255.255.255.255 --set -A limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-430 -m recent --name limit-430 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-135 +-A limit-430 -m limit --limit 1/second -j LOG +-A limit-430 -m recent --name limit-430 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-431 -m recent --name limit-431 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-136 +-A limit-431 -m recent --name limit-431 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-432 -m recent --name limit-432 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-137 +-A limit-432 -m recent --name limit-432 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-433 -m recent --name limit-433 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-138 +-A limit-433 -m recent --name limit-433 --rsource --mask 255.255.255.255 --set +-A limit-434 -m recent --name limit-434 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-139 +-A limit-434 -m recent --name limit-434 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-435 -m recent --name limit-435 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-140 +-A limit-435 -m recent --name limit-435 --rsource --mask 255.255.255.255 --set +-A limit-436 -m recent --name limit-436 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-141 +-A limit-436 -m limit --limit 1/second -j LOG +-A limit-436 -m recent --name limit-436 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-437 -m recent --name limit-437 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-142 +-A limit-437 -m recent --name limit-437 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-438 -m recent --name limit-438 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-143 +-A limit-438 -m recent --name limit-438 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-439 -m recent --name limit-439 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-144 +-A limit-439 -m recent --name limit-439 --rsource --mask 255.255.255.255 --set -A limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG -A limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-440 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-145 +-A limit-440 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-441 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-146 +-A limit-441 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-442 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-147 +-A limit-442 -m limit --limit 1/second -j LOG +-A limit-442 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-443 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-148 +-A limit-443 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-444 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-149 +-A limit-444 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-445 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-150 +-A limit-445 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-446 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-151 +-A limit-446 -j ACCEPT +-A limit-448 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-153 +-A limit-448 -m limit --limit 1/second -j LOG +-A limit-448 -j ACCEPT +-A limit-449 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-154 +-A limit-449 -m limit --limit 1/second -j LOG -A limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-450 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-155 +-A limit-450 -j ACCEPT +-A limit-452 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-157 +-A limit-452 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-453 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-158 +-A limit-453 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-454 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-159 +-A limit-454 -m limit --limit 1/second -j LOG +-A limit-454 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-455 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-160 +-A limit-455 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-456 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-161 +-A limit-456 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-457 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-162 +-A limit-457 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-458 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-163 +-A limit-458 -j ACCEPT -A limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-460 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-165 +-A limit-460 -m limit --limit 1/second -j LOG +-A limit-460 -j ACCEPT +-A limit-461 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-166 +-A limit-461 -m limit --limit 1/second -j LOG +-A limit-462 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-167 +-A limit-462 -j ACCEPT +-A limit-464 -m recent --name limit-464 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-464 -m recent --name limit-464 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-465 -m recent --name limit-465 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-465 -m recent --name limit-465 --rsource --mask 255.255.255.255 --set +-A limit-466 -m recent --name limit-466 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-466 -m limit --limit 1/second -j LOG +-A limit-466 -m recent --name limit-466 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-467 -m recent --name limit-467 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-467 -m recent --name limit-467 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-468 -m recent --name limit-468 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-468 -m recent --name limit-468 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-469 -m recent --name limit-469 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-469 -m recent --name limit-469 --rsource --mask 255.255.255.255 --set -A limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-470 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-470 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-471 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-471 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-472 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-472 -m limit --limit 1/second -j LOG +-A limit-472 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-473 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-473 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-474 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-474 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-475 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-475 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-476 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-476 -j ACCEPT +-A limit-478 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-478 -m limit --limit 1/second -j LOG +-A limit-478 -j ACCEPT +-A limit-479 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-479 -m limit --limit 1/second -j LOG -A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-48 -j ACCEPT +-A limit-480 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-480 -j ACCEPT +-A limit-482 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-482 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-483 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-483 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-484 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-484 -m limit --limit 1/second -j LOG +-A limit-484 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-485 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-485 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-486 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-486 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-487 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-487 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-488 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-488 -j ACCEPT +-A limit-490 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-490 -m limit --limit 1/second -j LOG +-A limit-490 -j ACCEPT +-A limit-491 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-491 -m limit --limit 1/second -j LOG +-A limit-492 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-492 -j ACCEPT +-A limit-494 -m recent --name limit-494 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-494 -m recent --name limit-494 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-495 -m recent --name limit-495 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-495 -m recent --name limit-495 --rsource --mask 255.255.255.255 --set +-A limit-496 -m recent --name limit-496 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-496 -m limit --limit 1/second -j LOG +-A limit-496 -m recent --name limit-496 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-497 -m recent --name limit-497 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-497 -m recent --name limit-497 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-498 -m recent --name limit-498 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-498 -m recent --name limit-498 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-499 -m recent --name limit-499 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-499 -m recent --name limit-499 --rsource --mask 255.255.255.255 --set -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set -A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-50 -m limit --limit 1/second -j LOG -A limit-50 -j ACCEPT +-A limit-500 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-500 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-501 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-501 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-502 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-502 -m limit --limit 1/second -j LOG +-A limit-502 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-503 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-503 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-504 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-504 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-505 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-505 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-506 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-506 -j ACCEPT +-A limit-508 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-508 -m limit --limit 1/second -j LOG +-A limit-508 -j ACCEPT +-A limit-509 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-509 -m limit --limit 1/second -j LOG -A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-51 -m limit --limit 1/second -j LOG +-A limit-510 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-510 -j ACCEPT +-A limit-512 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-512 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-513 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-513 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-514 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-514 -m limit --limit 1/second -j LOG +-A limit-514 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-515 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-515 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-516 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-516 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-517 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-517 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-518 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-518 -j ACCEPT -A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-52 -j ACCEPT +-A limit-520 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-520 -m limit --limit 1/second -j LOG +-A limit-520 -j ACCEPT +-A limit-521 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-521 -m limit --limit 1/second -j LOG +-A limit-522 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-522 -j ACCEPT +-A limit-524 -m recent --name limit-524 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-169 +-A limit-524 -m recent --name limit-524 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-525 -m recent --name limit-525 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-170 +-A limit-525 -m recent --name limit-525 --rsource --mask 255.255.255.255 --set +-A limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-171 +-A limit-526 -m limit --limit 1/second -j LOG +-A limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-172 +-A limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-173 +-A limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-174 +-A limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --set +-A limit-530 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-175 +-A limit-530 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-531 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-176 +-A limit-531 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-532 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-177 +-A limit-532 -m limit --limit 1/second -j LOG +-A limit-532 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-533 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-178 +-A limit-533 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-534 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-179 +-A limit-534 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-535 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-180 +-A limit-535 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-536 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-181 +-A limit-536 -j ACCEPT +-A limit-538 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-183 +-A limit-538 -m limit --limit 1/second -j LOG +-A limit-538 -j ACCEPT +-A limit-539 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-184 +-A limit-539 -m limit --limit 1/second -j LOG -A limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-540 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-185 +-A limit-540 -j ACCEPT +-A limit-542 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-187 +-A limit-542 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-543 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-188 +-A limit-543 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-544 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-189 +-A limit-544 -m limit --limit 1/second -j LOG +-A limit-544 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-545 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-190 +-A limit-545 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-546 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-191 +-A limit-546 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-547 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-192 +-A limit-547 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-548 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-193 +-A limit-548 -j ACCEPT -A limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-550 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-195 +-A limit-550 -m limit --limit 1/second -j LOG +-A limit-550 -j ACCEPT +-A limit-551 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-196 +-A limit-551 -m limit --limit 1/second -j LOG +-A limit-552 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-197 +-A limit-552 -j ACCEPT +-A limit-554 -m recent --name limit-554 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-554 -m recent --name limit-554 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-555 -m recent --name limit-555 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-555 -m recent --name limit-555 --rsource --mask 255.255.255.255 --set +-A limit-556 -m recent --name limit-556 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-556 -m limit --limit 1/second -j LOG +-A limit-556 -m recent --name limit-556 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-557 -m recent --name limit-557 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-557 -m recent --name limit-557 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-558 -m recent --name limit-558 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-558 -m recent --name limit-558 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-559 -m recent --name limit-559 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-559 -m recent --name limit-559 --rsource --mask 255.255.255.255 --set -A limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-56 -m limit --limit 1/second -j LOG -A limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-560 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-560 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-561 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-561 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-562 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-562 -m limit --limit 1/second -j LOG +-A limit-562 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-563 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-563 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-564 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-564 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-565 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-565 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-566 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-566 -j ACCEPT +-A limit-568 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-568 -m limit --limit 1/second -j LOG +-A limit-568 -j ACCEPT +-A limit-569 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-569 -m limit --limit 1/second -j LOG -A limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-570 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-570 -j ACCEPT +-A limit-572 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-572 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-573 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-573 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-574 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-574 -m limit --limit 1/second -j LOG +-A limit-574 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-575 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-575 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-576 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-576 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-577 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-577 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-578 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-578 -j ACCEPT -A limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-580 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-580 -m limit --limit 1/second -j LOG +-A limit-580 -j ACCEPT +-A limit-581 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-581 -m limit --limit 1/second -j LOG +-A limit-582 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-582 -j ACCEPT +-A limit-584 -m recent --name limit-584 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-584 -m recent --name limit-584 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-585 -m recent --name limit-585 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-585 -m recent --name limit-585 --rsource --mask 255.255.255.255 --set +-A limit-586 -m recent --name limit-586 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-586 -m limit --limit 1/second -j LOG +-A limit-586 -m recent --name limit-586 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-587 -m recent --name limit-587 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-587 -m recent --name limit-587 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-588 -m recent --name limit-588 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-588 -m recent --name limit-588 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-589 -m recent --name limit-589 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-589 -m recent --name limit-589 --rsource --mask 255.255.255.255 --set -A limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-590 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-590 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-591 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-591 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-592 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-592 -m limit --limit 1/second -j LOG +-A limit-592 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-593 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-593 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-594 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-594 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-595 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-595 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-596 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-596 -j ACCEPT +-A limit-598 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-598 -m limit --limit 1/second -j LOG +-A limit-598 -j ACCEPT +-A limit-599 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-599 -m limit --limit 1/second -j LOG -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-60 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-60 -j ACCEPT +-A limit-600 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-600 -j ACCEPT +-A limit-602 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-602 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-603 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-603 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-604 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-604 -m limit --limit 1/second -j LOG +-A limit-604 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-605 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-605 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-606 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-606 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-607 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-607 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-608 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-608 -j ACCEPT +-A limit-610 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-610 -m limit --limit 1/second -j LOG +-A limit-610 -j ACCEPT +-A limit-611 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-611 -m limit --limit 1/second -j LOG +-A limit-612 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-612 -j ACCEPT +-A limit-614 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-614 -j ACCEPT +-A limit-614 -m limit --limit 1/second -j LOG +-A limit-614 -j DROP +-A limit-615 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-615 -j RETURN +-A limit-615 -m limit --limit 1/second -j LOG +-A limit-615 -j DROP +-A limit-616 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-616 -j logaccept-7 +-A limit-616 -m limit --limit 1/second -j LOG +-A limit-616 -j DROP +-A limit-617 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-617 -j ACCEPT +-A limit-617 -m limit --limit 1/second -j LOG +-A limit-617 -j DROP +-A limit-618 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-618 -j ACCEPT +-A limit-618 -m limit --limit 1/second -j LOG +-A limit-618 -j DROP +-A limit-619 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-619 -j RETURN +-A limit-619 -m limit --limit 1/second -j LOG +-A limit-619 -j DROP -A limit-62 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-62 -m limit --limit 1/second -j LOG -A limit-62 -j ACCEPT +-A limit-620 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-620 -j logaccept-8 +-A limit-620 -m limit --limit 1/second -j LOG +-A limit-620 -j DROP +-A limit-621 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-621 -j ACCEPT +-A limit-621 -m limit --limit 1/second -j LOG +-A limit-621 -j DROP +-A limit-622 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-622 -j ACCEPT +-A limit-622 -j DROP +-A limit-623 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-623 -j RETURN +-A limit-623 -j DROP +-A limit-624 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-624 -j logaccept-9 +-A limit-624 -j DROP +-A limit-625 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-625 -j ACCEPT +-A limit-625 -j DROP +-A limit-626 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-626 -j ACCEPT +-A limit-626 -j DROP +-A limit-627 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-627 -j RETURN +-A limit-627 -j DROP +-A limit-628 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-628 -j logaccept-10 +-A limit-628 -j DROP +-A limit-629 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-629 -j ACCEPT +-A limit-629 -j DROP -A limit-63 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-63 -m limit --limit 1/second -j LOG +-A limit-630 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-630 -j ACCEPT +-A limit-630 -m limit --limit 1/second -j LOG +-A limit-630 -j DROP +-A limit-631 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-631 -j RETURN +-A limit-631 -m limit --limit 1/second -j LOG +-A limit-631 -j DROP +-A limit-632 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-632 -j logaccept-11 +-A limit-632 -m limit --limit 1/second -j LOG +-A limit-632 -j DROP +-A limit-633 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-633 -j ACCEPT +-A limit-633 -m limit --limit 1/second -j LOG +-A limit-633 -j DROP +-A limit-634 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-634 -j ACCEPT +-A limit-634 -j DROP +-A limit-635 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-635 -j RETURN +-A limit-635 -j DROP +-A limit-636 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-636 -j logaccept-12 +-A limit-636 -j DROP +-A limit-637 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-637 -j ACCEPT +-A limit-637 -j DROP +-A limit-638 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-638 -j ACCEPT +-A limit-638 -j DROP +-A limit-639 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-639 -j RETURN +-A limit-639 -j DROP -A limit-64 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-64 -j ACCEPT +-A limit-640 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-640 -j logaccept-13 +-A limit-640 -j DROP +-A limit-641 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-641 -j ACCEPT +-A limit-641 -j DROP -A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP @@ -7812,22 +14069,29 @@ hash:net family inet -A limit-93 -m limit --limit 1/second -j LOG -A limit-94 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-94 -j ACCEPT --A limit-96 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-96 -j ACCEPT --A limit-96 -m limit --limit 1/second -j LOG --A limit-96 -j DROP --A limit-97 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-97 -j RETURN --A limit-97 -m limit --limit 1/second -j LOG --A limit-97 -j DROP --A limit-98 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-98 -j logaccept-0 +-A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-37 +-A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-38 +-A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set +-A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-39 -A limit-98 -m limit --limit 1/second -j LOG --A limit-98 -j DROP --A limit-99 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-99 -j ACCEPT --A limit-99 -m limit --limit 1/second -j LOG --A limit-99 -j DROP +-A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-40 +-A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG -A logaccept-1 -j ACCEPT +-A logaccept-10 -m limit --limit 1/second -j LOG +-A logaccept-10 -j ACCEPT +-A logaccept-11 -m limit --limit 1/second -j LOG +-A logaccept-11 -j ACCEPT +-A logaccept-12 -m limit --limit 1/second -j LOG +-A logaccept-12 -j ACCEPT +-A logaccept-13 -m limit --limit 1/second -j LOG +-A logaccept-13 -j ACCEPT +-A logaccept-14 -m limit --limit 1/second -j LOG +-A logaccept-14 -j ACCEPT -A logaccept-2 -m limit --limit 1/second -j LOG -A logaccept-2 -j ACCEPT -A logaccept-3 -m limit --limit 1/second -j LOG @@ -7842,6 +14106,8 @@ hash:net family inet -A logaccept-7 -j ACCEPT -A logaccept-8 -m limit --limit 1/second -j LOG -A logaccept-8 -j ACCEPT +-A logaccept-9 -m limit --limit 1/second -j LOG +-A logaccept-9 -j ACCEPT -A logaccept-final-0 -m limit --limit 1/second -j LOG -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG @@ -7868,8 +14134,44 @@ hash:net family inet -A logaccept-final-19 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT +-A logaccept-final-20 -m limit --limit 1/second -j LOG +-A logaccept-final-20 -j ACCEPT +-A logaccept-final-21 -m limit --limit 1/second -j LOG +-A logaccept-final-21 -j ACCEPT +-A logaccept-final-22 -m limit --limit 1/second -j LOG +-A logaccept-final-22 -j ACCEPT +-A logaccept-final-23 -m limit --limit 1/second -j LOG +-A logaccept-final-23 -j ACCEPT +-A logaccept-final-24 -m limit --limit 1/second -j LOG +-A logaccept-final-24 -j ACCEPT +-A logaccept-final-25 -m limit --limit 1/second -j LOG +-A logaccept-final-25 -j ACCEPT +-A logaccept-final-26 -m limit --limit 1/second -j LOG +-A logaccept-final-26 -j ACCEPT +-A logaccept-final-27 -m limit --limit 1/second -j LOG +-A logaccept-final-27 -j ACCEPT +-A logaccept-final-28 -m limit --limit 1/second -j LOG +-A logaccept-final-28 -j ACCEPT +-A logaccept-final-29 -m limit --limit 1/second -j LOG +-A logaccept-final-29 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG -A logaccept-final-3 -j ACCEPT +-A logaccept-final-30 -m limit --limit 1/second -j LOG +-A logaccept-final-30 -j ACCEPT +-A logaccept-final-31 -m limit --limit 1/second -j LOG +-A logaccept-final-31 -j ACCEPT +-A logaccept-final-32 -m limit --limit 1/second -j LOG +-A logaccept-final-32 -j ACCEPT +-A logaccept-final-33 -m limit --limit 1/second -j LOG +-A logaccept-final-33 -j ACCEPT +-A logaccept-final-34 -m limit --limit 1/second -j LOG +-A logaccept-final-34 -j ACCEPT +-A logaccept-final-35 -m limit --limit 1/second -j LOG +-A logaccept-final-35 -j ACCEPT +-A logaccept-final-36 -m limit --limit 1/second -j LOG +-A logaccept-final-36 -j ACCEPT +-A logaccept-final-37 -m limit --limit 1/second -j LOG +-A logaccept-final-37 -j ACCEPT -A logaccept-final-4 -m limit --limit 1/second -j LOG -A logaccept-final-4 -j ACCEPT -A logaccept-final-5 -m limit --limit 1/second -j LOG @@ -7896,36 +14198,204 @@ hash:net family inet -A logdrop-102 -j DROP -A logdrop-103 -m limit --limit 1/second -j LOG -A logdrop-103 -j DROP +-A logdrop-104 -m limit --limit 1/second -j LOG +-A logdrop-104 -j DROP -A logdrop-105 -m limit --limit 1/second -j LOG -A logdrop-105 -j DROP -A logdrop-106 -m limit --limit 1/second -j LOG -A logdrop-106 -j DROP -A logdrop-107 -m limit --limit 1/second -j LOG -A logdrop-107 -j DROP +-A logdrop-108 -m limit --limit 1/second -j LOG +-A logdrop-108 -j DROP -A logdrop-109 -m limit --limit 1/second -j LOG -A logdrop-109 -j DROP -A logdrop-11 -m limit --limit 1/second -j LOG -A logdrop-11 -j DROP -A logdrop-110 -m limit --limit 1/second -j LOG -A logdrop-110 -j DROP +-A logdrop-111 -m limit --limit 1/second -j LOG +-A logdrop-111 -j DROP +-A logdrop-112 -m limit --limit 1/second -j LOG +-A logdrop-112 -j DROP +-A logdrop-113 -m limit --limit 1/second -j LOG +-A logdrop-113 -j DROP +-A logdrop-114 -m limit --limit 1/second -j LOG +-A logdrop-114 -j DROP +-A logdrop-115 -m limit --limit 1/second -j LOG +-A logdrop-115 -j DROP +-A logdrop-116 -m limit --limit 1/second -j LOG +-A logdrop-116 -j DROP +-A logdrop-117 -m limit --limit 1/second -j LOG +-A logdrop-117 -j DROP +-A logdrop-118 -m limit --limit 1/second -j LOG +-A logdrop-118 -j DROP +-A logdrop-119 -m limit --limit 1/second -j LOG +-A logdrop-119 -j DROP -A logdrop-12 -m limit --limit 1/second -j LOG -A logdrop-12 -j DROP +-A logdrop-120 -m limit --limit 1/second -j LOG +-A logdrop-120 -j DROP +-A logdrop-121 -m limit --limit 1/second -j LOG +-A logdrop-121 -j DROP +-A logdrop-122 -m limit --limit 1/second -j LOG +-A logdrop-122 -j DROP +-A logdrop-123 -m limit --limit 1/second -j LOG +-A logdrop-123 -j DROP +-A logdrop-124 -m limit --limit 1/second -j LOG +-A logdrop-124 -j DROP +-A logdrop-125 -m limit --limit 1/second -j LOG +-A logdrop-125 -j DROP +-A logdrop-126 -m limit --limit 1/second -j LOG +-A logdrop-126 -j DROP +-A logdrop-127 -m limit --limit 1/second -j LOG +-A logdrop-127 -j DROP +-A logdrop-128 -m limit --limit 1/second -j LOG +-A logdrop-128 -j DROP +-A logdrop-129 -m limit --limit 1/second -j LOG +-A logdrop-129 -j DROP -A logdrop-13 -m limit --limit 1/second -j LOG -A logdrop-13 -j DROP +-A logdrop-130 -m limit --limit 1/second -j LOG +-A logdrop-130 -j DROP +-A logdrop-131 -m limit --limit 1/second -j LOG +-A logdrop-131 -j DROP +-A logdrop-132 -m limit --limit 1/second -j LOG +-A logdrop-132 -j DROP +-A logdrop-133 -m limit --limit 1/second -j LOG +-A logdrop-133 -j DROP +-A logdrop-134 -m limit --limit 1/second -j LOG +-A logdrop-134 -j DROP +-A logdrop-135 -m limit --limit 1/second -j LOG +-A logdrop-135 -j DROP +-A logdrop-136 -m limit --limit 1/second -j LOG +-A logdrop-136 -j DROP +-A logdrop-137 -m limit --limit 1/second -j LOG +-A logdrop-137 -j DROP +-A logdrop-138 -m limit --limit 1/second -j LOG +-A logdrop-138 -j DROP +-A logdrop-139 -m limit --limit 1/second -j LOG +-A logdrop-139 -j DROP -A logdrop-14 -m limit --limit 1/second -j LOG -A logdrop-14 -j DROP +-A logdrop-140 -m limit --limit 1/second -j LOG +-A logdrop-140 -j DROP +-A logdrop-141 -m limit --limit 1/second -j LOG +-A logdrop-141 -j DROP +-A logdrop-142 -m limit --limit 1/second -j LOG +-A logdrop-142 -j DROP +-A logdrop-143 -m limit --limit 1/second -j LOG +-A logdrop-143 -j DROP +-A logdrop-144 -m limit --limit 1/second -j LOG +-A logdrop-144 -j DROP +-A logdrop-145 -m limit --limit 1/second -j LOG +-A logdrop-145 -j DROP +-A logdrop-146 -m limit --limit 1/second -j LOG +-A logdrop-146 -j DROP +-A logdrop-147 -m limit --limit 1/second -j LOG +-A logdrop-147 -j DROP +-A logdrop-148 -m limit --limit 1/second -j LOG +-A logdrop-148 -j DROP +-A logdrop-149 -m limit --limit 1/second -j LOG +-A logdrop-149 -j DROP -A logdrop-15 -m limit --limit 1/second -j LOG -A logdrop-15 -j DROP +-A logdrop-150 -m limit --limit 1/second -j LOG +-A logdrop-150 -j DROP +-A logdrop-151 -m limit --limit 1/second -j LOG +-A logdrop-151 -j DROP +-A logdrop-153 -m limit --limit 1/second -j LOG +-A logdrop-153 -j DROP +-A logdrop-154 -m limit --limit 1/second -j LOG +-A logdrop-154 -j DROP +-A logdrop-155 -m limit --limit 1/second -j LOG +-A logdrop-155 -j DROP +-A logdrop-157 -m limit --limit 1/second -j LOG +-A logdrop-157 -j DROP +-A logdrop-158 -m limit --limit 1/second -j LOG +-A logdrop-158 -j DROP +-A logdrop-159 -m limit --limit 1/second -j LOG +-A logdrop-159 -j DROP -A logdrop-16 -m limit --limit 1/second -j LOG -A logdrop-16 -j DROP +-A logdrop-160 -m limit --limit 1/second -j LOG +-A logdrop-160 -j DROP +-A logdrop-161 -m limit --limit 1/second -j LOG +-A logdrop-161 -j DROP +-A logdrop-162 -m limit --limit 1/second -j LOG +-A logdrop-162 -j DROP +-A logdrop-163 -m limit --limit 1/second -j LOG +-A logdrop-163 -j DROP +-A logdrop-165 -m limit --limit 1/second -j LOG +-A logdrop-165 -j DROP +-A logdrop-166 -m limit --limit 1/second -j LOG +-A logdrop-166 -j DROP +-A logdrop-167 -m limit --limit 1/second -j LOG +-A logdrop-167 -j DROP +-A logdrop-169 -m limit --limit 1/second -j LOG +-A logdrop-169 -j DROP -A logdrop-17 -m limit --limit 1/second -j LOG -A logdrop-17 -j DROP +-A logdrop-170 -m limit --limit 1/second -j LOG +-A logdrop-170 -j DROP +-A logdrop-171 -m limit --limit 1/second -j LOG +-A logdrop-171 -j DROP +-A logdrop-172 -m limit --limit 1/second -j LOG +-A logdrop-172 -j DROP +-A logdrop-173 -m limit --limit 1/second -j LOG +-A logdrop-173 -j DROP +-A logdrop-174 -m limit --limit 1/second -j LOG +-A logdrop-174 -j DROP +-A logdrop-175 -m limit --limit 1/second -j LOG +-A logdrop-175 -j DROP +-A logdrop-176 -m limit --limit 1/second -j LOG +-A logdrop-176 -j DROP +-A logdrop-177 -m limit --limit 1/second -j LOG +-A logdrop-177 -j DROP +-A logdrop-178 -m limit --limit 1/second -j LOG +-A logdrop-178 -j DROP +-A logdrop-179 -m limit --limit 1/second -j LOG +-A logdrop-179 -j DROP -A logdrop-18 -m limit --limit 1/second -j LOG -A logdrop-18 -j DROP +-A logdrop-180 -m limit --limit 1/second -j LOG +-A logdrop-180 -j DROP +-A logdrop-181 -m limit --limit 1/second -j LOG +-A logdrop-181 -j DROP +-A logdrop-183 -m limit --limit 1/second -j LOG +-A logdrop-183 -j DROP +-A logdrop-184 -m limit --limit 1/second -j LOG +-A logdrop-184 -j DROP +-A logdrop-185 -m limit --limit 1/second -j LOG +-A logdrop-185 -j DROP +-A logdrop-187 -m limit --limit 1/second -j LOG +-A logdrop-187 -j DROP +-A logdrop-188 -m limit --limit 1/second -j LOG +-A logdrop-188 -j DROP +-A logdrop-189 -m limit --limit 1/second -j LOG +-A logdrop-189 -j DROP -A logdrop-19 -m limit --limit 1/second -j LOG -A logdrop-19 -j DROP +-A logdrop-190 -m limit --limit 1/second -j LOG +-A logdrop-190 -j DROP +-A logdrop-191 -m limit --limit 1/second -j LOG +-A logdrop-191 -j DROP +-A logdrop-192 -m limit --limit 1/second -j LOG +-A logdrop-192 -j DROP +-A logdrop-193 -m limit --limit 1/second -j LOG +-A logdrop-193 -j DROP +-A logdrop-195 -m limit --limit 1/second -j LOG +-A logdrop-195 -j DROP +-A logdrop-196 -m limit --limit 1/second -j LOG +-A logdrop-196 -j DROP +-A logdrop-197 -m limit --limit 1/second -j LOG +-A logdrop-197 -j DROP +-A logdrop-199 -m limit --limit 1/second -j LOG +-A logdrop-199 -j DROP -A logdrop-2 -m limit --limit 1/second -j LOG -A logdrop-2 -j DROP +-A logdrop-200 -m limit --limit 1/second -j LOG +-A logdrop-200 -j DROP -A logdrop-21 -m limit --limit 1/second -j LOG -A logdrop-21 -j DROP -A logdrop-22 -m limit --limit 1/second -j LOG @@ -7984,16 +14454,12 @@ hash:net family inet -A logdrop-49 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG -A logdrop-5 -j DROP --A logdrop-50 -m limit --limit 1/second -j LOG --A logdrop-50 -j DROP -A logdrop-51 -m limit --limit 1/second -j LOG -A logdrop-51 -j DROP -A logdrop-52 -m limit --limit 1/second -j LOG -A logdrop-52 -j DROP -A logdrop-53 -m limit --limit 1/second -j LOG -A logdrop-53 -j DROP --A logdrop-54 -m limit --limit 1/second -j LOG --A logdrop-54 -j DROP -A logdrop-55 -m limit --limit 1/second -j LOG -A logdrop-55 -j DROP -A logdrop-56 -m limit --limit 1/second -j LOG @@ -8010,16 +14476,12 @@ hash:net family inet -A logdrop-60 -j DROP -A logdrop-61 -m limit --limit 1/second -j LOG -A logdrop-61 -j DROP --A logdrop-62 -m limit --limit 1/second -j LOG --A logdrop-62 -j DROP -A logdrop-63 -m limit --limit 1/second -j LOG -A logdrop-63 -j DROP -A logdrop-64 -m limit --limit 1/second -j LOG -A logdrop-64 -j DROP -A logdrop-65 -m limit --limit 1/second -j LOG -A logdrop-65 -j DROP --A logdrop-66 -m limit --limit 1/second -j LOG --A logdrop-66 -j DROP -A logdrop-67 -m limit --limit 1/second -j LOG -A logdrop-67 -j DROP -A logdrop-68 -m limit --limit 1/second -j LOG @@ -8076,12 +14538,16 @@ hash:net family inet -A logdrop-90 -j DROP -A logdrop-91 -m limit --limit 1/second -j LOG -A logdrop-91 -j DROP +-A logdrop-92 -m limit --limit 1/second -j LOG +-A logdrop-92 -j DROP -A logdrop-93 -m limit --limit 1/second -j LOG -A logdrop-93 -j DROP -A logdrop-94 -m limit --limit 1/second -j LOG -A logdrop-94 -j DROP -A logdrop-95 -m limit --limit 1/second -j LOG -A logdrop-95 -j DROP +-A logdrop-96 -m limit --limit 1/second -j LOG +-A logdrop-96 -j DROP -A logdrop-97 -m limit --limit 1/second -j LOG -A logdrop-97 -j DROP -A logdrop-98 -m limit --limit 1/second -j LOG @@ -8187,6 +14653,60 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -8310,6 +14830,108 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -8342,12 +14964,10 @@ COMMIT :limit-106 - [0:0] :limit-107 - [0:0] :limit-108 - [0:0] -:limit-109 - [0:0] :limit-11 - [0:0] :limit-110 - [0:0] :limit-111 - [0:0] :limit-112 - [0:0] -:limit-113 - [0:0] :limit-114 - [0:0] :limit-115 - [0:0] :limit-116 - [0:0] @@ -8356,11 +14976,9 @@ COMMIT :limit-119 - [0:0] :limit-12 - [0:0] :limit-120 - [0:0] -:limit-121 - [0:0] :limit-122 - [0:0] :limit-123 - [0:0] :limit-124 - [0:0] -:limit-125 - [0:0] :limit-126 - [0:0] :limit-127 - [0:0] :limit-128 - [0:0] @@ -8375,12 +14993,10 @@ COMMIT :limit-136 - [0:0] :limit-137 - [0:0] :limit-138 - [0:0] -:limit-139 - [0:0] :limit-14 - [0:0] :limit-140 - [0:0] :limit-141 - [0:0] :limit-142 - [0:0] -:limit-143 - [0:0] :limit-144 - [0:0] :limit-145 - [0:0] :limit-146 - [0:0] @@ -8389,11 +15005,9 @@ COMMIT :limit-149 - [0:0] :limit-15 - [0:0] :limit-150 - [0:0] -:limit-151 - [0:0] :limit-152 - [0:0] :limit-153 - [0:0] :limit-154 - [0:0] -:limit-155 - [0:0] :limit-156 - [0:0] :limit-157 - [0:0] :limit-158 - [0:0] @@ -8408,12 +15022,10 @@ COMMIT :limit-166 - [0:0] :limit-167 - [0:0] :limit-168 - [0:0] -:limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] :limit-171 - [0:0] :limit-172 - [0:0] -:limit-173 - [0:0] :limit-174 - [0:0] :limit-175 - [0:0] :limit-176 - [0:0] @@ -8422,11 +15034,9 @@ COMMIT :limit-179 - [0:0] :limit-18 - [0:0] :limit-180 - [0:0] -:limit-181 - [0:0] :limit-182 - [0:0] :limit-183 - [0:0] :limit-184 - [0:0] -:limit-185 - [0:0] :limit-186 - [0:0] :limit-187 - [0:0] :limit-188 - [0:0] @@ -8489,9 +15099,11 @@ COMMIT :limit-240 - [0:0] :limit-241 - [0:0] :limit-242 - [0:0] +:limit-243 - [0:0] :limit-244 - [0:0] :limit-245 - [0:0] :limit-246 - [0:0] +:limit-247 - [0:0] :limit-248 - [0:0] :limit-249 - [0:0] :limit-25 - [0:0] @@ -8500,9 +15112,11 @@ COMMIT :limit-252 - [0:0] :limit-253 - [0:0] :limit-254 - [0:0] +:limit-255 - [0:0] :limit-256 - [0:0] :limit-257 - [0:0] :limit-258 - [0:0] +:limit-259 - [0:0] :limit-26 - [0:0] :limit-260 - [0:0] :limit-261 - [0:0] @@ -8518,9 +15132,11 @@ COMMIT :limit-270 - [0:0] :limit-271 - [0:0] :limit-272 - [0:0] +:limit-273 - [0:0] :limit-274 - [0:0] :limit-275 - [0:0] :limit-276 - [0:0] +:limit-277 - [0:0] :limit-278 - [0:0] :limit-279 - [0:0] :limit-28 - [0:0] @@ -8529,9 +15145,11 @@ COMMIT :limit-282 - [0:0] :limit-283 - [0:0] :limit-284 - [0:0] +:limit-285 - [0:0] :limit-286 - [0:0] :limit-287 - [0:0] :limit-288 - [0:0] +:limit-289 - [0:0] :limit-29 - [0:0] :limit-290 - [0:0] :limit-291 - [0:0] @@ -8548,9 +15166,11 @@ COMMIT :limit-300 - [0:0] :limit-301 - [0:0] :limit-302 - [0:0] +:limit-303 - [0:0] :limit-304 - [0:0] :limit-305 - [0:0] :limit-306 - [0:0] +:limit-307 - [0:0] :limit-308 - [0:0] :limit-309 - [0:0] :limit-310 - [0:0] @@ -8558,9 +15178,11 @@ COMMIT :limit-312 - [0:0] :limit-313 - [0:0] :limit-314 - [0:0] +:limit-315 - [0:0] :limit-316 - [0:0] :limit-317 - [0:0] :limit-318 - [0:0] +:limit-319 - [0:0] :limit-32 - [0:0] :limit-320 - [0:0] :limit-321 - [0:0] @@ -8579,36 +15201,318 @@ COMMIT :limit-333 - [0:0] :limit-334 - [0:0] :limit-335 - [0:0] +:limit-336 - [0:0] +:limit-337 - [0:0] +:limit-338 - [0:0] +:limit-339 - [0:0] :limit-34 - [0:0] +:limit-340 - [0:0] +:limit-341 - [0:0] +:limit-342 - [0:0] +:limit-343 - [0:0] +:limit-344 - [0:0] +:limit-345 - [0:0] +:limit-346 - [0:0] +:limit-347 - [0:0] +:limit-348 - [0:0] +:limit-349 - [0:0] +:limit-350 - [0:0] +:limit-351 - [0:0] +:limit-352 - [0:0] +:limit-353 - [0:0] +:limit-354 - [0:0] +:limit-355 - [0:0] +:limit-356 - [0:0] +:limit-357 - [0:0] +:limit-358 - [0:0] +:limit-359 - [0:0] :limit-36 - [0:0] +:limit-360 - [0:0] +:limit-361 - [0:0] +:limit-362 - [0:0] +:limit-363 - [0:0] +:limit-364 - [0:0] +:limit-365 - [0:0] +:limit-366 - [0:0] +:limit-367 - [0:0] +:limit-368 - [0:0] +:limit-369 - [0:0] :limit-37 - [0:0] +:limit-370 - [0:0] +:limit-371 - [0:0] +:limit-372 - [0:0] +:limit-373 - [0:0] +:limit-374 - [0:0] +:limit-375 - [0:0] +:limit-376 - [0:0] +:limit-377 - [0:0] +:limit-378 - [0:0] +:limit-379 - [0:0] :limit-38 - [0:0] +:limit-380 - [0:0] +:limit-381 - [0:0] +:limit-382 - [0:0] +:limit-383 - [0:0] +:limit-384 - [0:0] +:limit-385 - [0:0] +:limit-386 - [0:0] +:limit-387 - [0:0] +:limit-388 - [0:0] +:limit-389 - [0:0] :limit-39 - [0:0] +:limit-390 - [0:0] +:limit-391 - [0:0] +:limit-392 - [0:0] +:limit-393 - [0:0] +:limit-394 - [0:0] +:limit-395 - [0:0] +:limit-396 - [0:0] +:limit-397 - [0:0] +:limit-398 - [0:0] +:limit-399 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] +:limit-400 - [0:0] +:limit-401 - [0:0] +:limit-402 - [0:0] +:limit-403 - [0:0] +:limit-404 - [0:0] +:limit-405 - [0:0] +:limit-406 - [0:0] +:limit-407 - [0:0] +:limit-408 - [0:0] +:limit-409 - [0:0] :limit-41 - [0:0] +:limit-410 - [0:0] +:limit-411 - [0:0] +:limit-412 - [0:0] +:limit-413 - [0:0] +:limit-414 - [0:0] +:limit-415 - [0:0] +:limit-416 - [0:0] +:limit-417 - [0:0] +:limit-418 - [0:0] +:limit-419 - [0:0] :limit-42 - [0:0] +:limit-420 - [0:0] +:limit-421 - [0:0] +:limit-422 - [0:0] +:limit-423 - [0:0] +:limit-424 - [0:0] +:limit-425 - [0:0] +:limit-426 - [0:0] +:limit-427 - [0:0] +:limit-428 - [0:0] +:limit-429 - [0:0] :limit-43 - [0:0] +:limit-430 - [0:0] +:limit-431 - [0:0] +:limit-432 - [0:0] +:limit-433 - [0:0] +:limit-434 - [0:0] +:limit-435 - [0:0] +:limit-436 - [0:0] +:limit-437 - [0:0] +:limit-438 - [0:0] +:limit-439 - [0:0] :limit-44 - [0:0] +:limit-440 - [0:0] +:limit-441 - [0:0] +:limit-442 - [0:0] +:limit-443 - [0:0] +:limit-444 - [0:0] +:limit-445 - [0:0] +:limit-446 - [0:0] +:limit-448 - [0:0] +:limit-449 - [0:0] :limit-45 - [0:0] +:limit-450 - [0:0] +:limit-452 - [0:0] +:limit-453 - [0:0] +:limit-454 - [0:0] +:limit-455 - [0:0] +:limit-456 - [0:0] +:limit-457 - [0:0] +:limit-458 - [0:0] :limit-46 - [0:0] +:limit-460 - [0:0] +:limit-461 - [0:0] +:limit-462 - [0:0] +:limit-464 - [0:0] +:limit-465 - [0:0] +:limit-466 - [0:0] +:limit-467 - [0:0] +:limit-468 - [0:0] +:limit-469 - [0:0] :limit-47 - [0:0] +:limit-470 - [0:0] +:limit-471 - [0:0] +:limit-472 - [0:0] +:limit-473 - [0:0] +:limit-474 - [0:0] +:limit-475 - [0:0] +:limit-476 - [0:0] +:limit-478 - [0:0] +:limit-479 - [0:0] :limit-48 - [0:0] +:limit-480 - [0:0] +:limit-482 - [0:0] +:limit-483 - [0:0] +:limit-484 - [0:0] +:limit-485 - [0:0] +:limit-486 - [0:0] +:limit-487 - [0:0] +:limit-488 - [0:0] +:limit-490 - [0:0] +:limit-491 - [0:0] +:limit-492 - [0:0] +:limit-494 - [0:0] +:limit-495 - [0:0] +:limit-496 - [0:0] +:limit-497 - [0:0] +:limit-498 - [0:0] +:limit-499 - [0:0] :limit-5 - [0:0] :limit-50 - [0:0] +:limit-500 - [0:0] +:limit-501 - [0:0] +:limit-502 - [0:0] +:limit-503 - [0:0] +:limit-504 - [0:0] +:limit-505 - [0:0] +:limit-506 - [0:0] +:limit-508 - [0:0] +:limit-509 - [0:0] :limit-51 - [0:0] +:limit-510 - [0:0] +:limit-512 - [0:0] +:limit-513 - [0:0] +:limit-514 - [0:0] +:limit-515 - [0:0] +:limit-516 - [0:0] +:limit-517 - [0:0] +:limit-518 - [0:0] :limit-52 - [0:0] +:limit-520 - [0:0] +:limit-521 - [0:0] +:limit-522 - [0:0] +:limit-524 - [0:0] +:limit-525 - [0:0] +:limit-526 - [0:0] +:limit-527 - [0:0] +:limit-528 - [0:0] +:limit-529 - [0:0] +:limit-530 - [0:0] +:limit-531 - [0:0] +:limit-532 - [0:0] +:limit-533 - [0:0] +:limit-534 - [0:0] +:limit-535 - [0:0] +:limit-536 - [0:0] +:limit-538 - [0:0] +:limit-539 - [0:0] :limit-54 - [0:0] +:limit-540 - [0:0] +:limit-542 - [0:0] +:limit-543 - [0:0] +:limit-544 - [0:0] +:limit-545 - [0:0] +:limit-546 - [0:0] +:limit-547 - [0:0] +:limit-548 - [0:0] :limit-55 - [0:0] +:limit-550 - [0:0] +:limit-551 - [0:0] +:limit-552 - [0:0] +:limit-554 - [0:0] +:limit-555 - [0:0] +:limit-556 - [0:0] +:limit-557 - [0:0] +:limit-558 - [0:0] +:limit-559 - [0:0] :limit-56 - [0:0] +:limit-560 - [0:0] +:limit-561 - [0:0] +:limit-562 - [0:0] +:limit-563 - [0:0] +:limit-564 - [0:0] +:limit-565 - [0:0] +:limit-566 - [0:0] +:limit-568 - [0:0] +:limit-569 - [0:0] :limit-57 - [0:0] +:limit-570 - [0:0] +:limit-572 - [0:0] +:limit-573 - [0:0] +:limit-574 - [0:0] +:limit-575 - [0:0] +:limit-576 - [0:0] +:limit-577 - [0:0] +:limit-578 - [0:0] :limit-58 - [0:0] +:limit-580 - [0:0] +:limit-581 - [0:0] +:limit-582 - [0:0] +:limit-584 - [0:0] +:limit-585 - [0:0] +:limit-586 - [0:0] +:limit-587 - [0:0] +:limit-588 - [0:0] +:limit-589 - [0:0] :limit-59 - [0:0] +:limit-590 - [0:0] +:limit-591 - [0:0] +:limit-592 - [0:0] +:limit-593 - [0:0] +:limit-594 - [0:0] +:limit-595 - [0:0] +:limit-596 - [0:0] +:limit-598 - [0:0] +:limit-599 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] +:limit-600 - [0:0] +:limit-602 - [0:0] +:limit-603 - [0:0] +:limit-604 - [0:0] +:limit-605 - [0:0] +:limit-606 - [0:0] +:limit-607 - [0:0] +:limit-608 - [0:0] +:limit-610 - [0:0] +:limit-611 - [0:0] +:limit-612 - [0:0] +:limit-614 - [0:0] +:limit-615 - [0:0] +:limit-616 - [0:0] +:limit-617 - [0:0] +:limit-618 - [0:0] +:limit-619 - [0:0] :limit-62 - [0:0] +:limit-620 - [0:0] +:limit-621 - [0:0] +:limit-622 - [0:0] +:limit-623 - [0:0] +:limit-624 - [0:0] +:limit-625 - [0:0] +:limit-626 - [0:0] +:limit-627 - [0:0] +:limit-628 - [0:0] +:limit-629 - [0:0] :limit-63 - [0:0] +:limit-630 - [0:0] +:limit-631 - [0:0] +:limit-632 - [0:0] +:limit-633 - [0:0] +:limit-634 - [0:0] +:limit-635 - [0:0] +:limit-636 - [0:0] +:limit-637 - [0:0] +:limit-638 - [0:0] +:limit-639 - [0:0] :limit-64 - [0:0] +:limit-640 - [0:0] +:limit-641 - [0:0] :limit-66 - [0:0] :limit-67 - [0:0] :limit-68 - [0:0] @@ -8644,6 +15548,11 @@ COMMIT :limit-99 - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] +:logaccept-10 - [0:0] +:logaccept-11 - [0:0] +:logaccept-12 - [0:0] +:logaccept-13 - [0:0] +:logaccept-14 - [0:0] :logaccept-2 - [0:0] :logaccept-3 - [0:0] :logaccept-4 - [0:0] @@ -8651,6 +15560,7 @@ COMMIT :logaccept-6 - [0:0] :logaccept-7 - [0:0] :logaccept-8 - [0:0] +:logaccept-9 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-10 - [0:0] @@ -8664,7 +15574,25 @@ COMMIT :logaccept-final-18 - [0:0] :logaccept-final-19 - [0:0] :logaccept-final-2 - [0:0] +:logaccept-final-20 - [0:0] +:logaccept-final-21 - [0:0] +:logaccept-final-22 - [0:0] +:logaccept-final-23 - [0:0] +:logaccept-final-24 - [0:0] +:logaccept-final-25 - [0:0] +:logaccept-final-26 - [0:0] +:logaccept-final-27 - [0:0] +:logaccept-final-28 - [0:0] +:logaccept-final-29 - [0:0] :logaccept-final-3 - [0:0] +:logaccept-final-30 - [0:0] +:logaccept-final-31 - [0:0] +:logaccept-final-32 - [0:0] +:logaccept-final-33 - [0:0] +:logaccept-final-34 - [0:0] +:logaccept-final-35 - [0:0] +:logaccept-final-36 - [0:0] +:logaccept-final-37 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] :logaccept-final-6 - [0:0] @@ -8678,21 +15606,105 @@ COMMIT :logdrop-101 - [0:0] :logdrop-102 - [0:0] :logdrop-103 - [0:0] +:logdrop-104 - [0:0] :logdrop-105 - [0:0] :logdrop-106 - [0:0] :logdrop-107 - [0:0] +:logdrop-108 - [0:0] :logdrop-109 - [0:0] :logdrop-11 - [0:0] :logdrop-110 - [0:0] +:logdrop-111 - [0:0] +:logdrop-112 - [0:0] +:logdrop-113 - [0:0] +:logdrop-114 - [0:0] +:logdrop-115 - [0:0] +:logdrop-116 - [0:0] +:logdrop-117 - [0:0] +:logdrop-118 - [0:0] +:logdrop-119 - [0:0] :logdrop-12 - [0:0] +:logdrop-120 - [0:0] +:logdrop-121 - [0:0] +:logdrop-122 - [0:0] +:logdrop-123 - [0:0] +:logdrop-124 - [0:0] +:logdrop-125 - [0:0] +:logdrop-126 - [0:0] +:logdrop-127 - [0:0] +:logdrop-128 - [0:0] +:logdrop-129 - [0:0] :logdrop-13 - [0:0] +:logdrop-130 - [0:0] +:logdrop-131 - [0:0] +:logdrop-132 - [0:0] +:logdrop-133 - [0:0] +:logdrop-134 - [0:0] +:logdrop-135 - [0:0] +:logdrop-136 - [0:0] +:logdrop-137 - [0:0] +:logdrop-138 - [0:0] +:logdrop-139 - [0:0] :logdrop-14 - [0:0] +:logdrop-140 - [0:0] +:logdrop-141 - [0:0] +:logdrop-142 - [0:0] +:logdrop-143 - [0:0] +:logdrop-144 - [0:0] +:logdrop-145 - [0:0] +:logdrop-146 - [0:0] +:logdrop-147 - [0:0] +:logdrop-148 - [0:0] +:logdrop-149 - [0:0] :logdrop-15 - [0:0] +:logdrop-150 - [0:0] +:logdrop-151 - [0:0] +:logdrop-153 - [0:0] +:logdrop-154 - [0:0] +:logdrop-155 - [0:0] +:logdrop-157 - [0:0] +:logdrop-158 - [0:0] +:logdrop-159 - [0:0] :logdrop-16 - [0:0] +:logdrop-160 - [0:0] +:logdrop-161 - [0:0] +:logdrop-162 - [0:0] +:logdrop-163 - [0:0] +:logdrop-165 - [0:0] +:logdrop-166 - [0:0] +:logdrop-167 - [0:0] +:logdrop-169 - [0:0] :logdrop-17 - [0:0] +:logdrop-170 - [0:0] +:logdrop-171 - [0:0] +:logdrop-172 - [0:0] +:logdrop-173 - [0:0] +:logdrop-174 - [0:0] +:logdrop-175 - [0:0] +:logdrop-176 - [0:0] +:logdrop-177 - [0:0] +:logdrop-178 - [0:0] +:logdrop-179 - [0:0] :logdrop-18 - [0:0] +:logdrop-180 - [0:0] +:logdrop-181 - [0:0] +:logdrop-183 - [0:0] +:logdrop-184 - [0:0] +:logdrop-185 - [0:0] +:logdrop-187 - [0:0] +:logdrop-188 - [0:0] +:logdrop-189 - [0:0] :logdrop-19 - [0:0] +:logdrop-190 - [0:0] +:logdrop-191 - [0:0] +:logdrop-192 - [0:0] +:logdrop-193 - [0:0] +:logdrop-195 - [0:0] +:logdrop-196 - [0:0] +:logdrop-197 - [0:0] +:logdrop-199 - [0:0] :logdrop-2 - [0:0] +:logdrop-200 - [0:0] :logdrop-21 - [0:0] :logdrop-22 - [0:0] :logdrop-23 - [0:0] @@ -8722,11 +15734,9 @@ COMMIT :logdrop-48 - [0:0] :logdrop-49 - [0:0] :logdrop-5 - [0:0] -:logdrop-50 - [0:0] :logdrop-51 - [0:0] :logdrop-52 - [0:0] :logdrop-53 - [0:0] -:logdrop-54 - [0:0] :logdrop-55 - [0:0] :logdrop-56 - [0:0] :logdrop-57 - [0:0] @@ -8735,11 +15745,9 @@ COMMIT :logdrop-6 - [0:0] :logdrop-60 - [0:0] :logdrop-61 - [0:0] -:logdrop-62 - [0:0] :logdrop-63 - [0:0] :logdrop-64 - [0:0] :logdrop-65 - [0:0] -:logdrop-66 - [0:0] :logdrop-67 - [0:0] :logdrop-68 - [0:0] :logdrop-69 - [0:0] @@ -8768,9 +15776,11 @@ COMMIT :logdrop-9 - [0:0] :logdrop-90 - [0:0] :logdrop-91 - [0:0] +:logdrop-92 - [0:0] :logdrop-93 - [0:0] :logdrop-94 - [0:0] :logdrop-95 - [0:0] +:logdrop-96 - [0:0] :logdrop-97 - [0:0] :logdrop-98 - [0:0] :logdrop-99 - [0:0] @@ -8780,6 +15790,210 @@ COMMIT :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-427 +-A FORWARD -j limit-426 +-A FORWARD -j limit-425 +-A FORWARD -j limit-424 +-A FORWARD -j limit-423 +-A FORWARD -j limit-422 +-A FORWARD -j limit-421 +-A FORWARD -j limit-420 +-A FORWARD -j limit-419 +-A FORWARD -j limit-418 +-A FORWARD -j limit-417 +-A FORWARD -j limit-416 +-A FORWARD -j limit-415 +-A FORWARD -j limit-414 +-A FORWARD -j limit-413 +-A FORWARD -j limit-412 +-A FORWARD -j limit-411 +-A FORWARD -j limit-410 +-A FORWARD -j limit-409 +-A FORWARD -j limit-408 +-A FORWARD -j limit-407 +-A FORWARD -j limit-406 +-A FORWARD -j limit-405 +-A FORWARD -j limit-404 +-A FORWARD -j limit-403 +-A FORWARD -j limit-402 +-A FORWARD -j limit-401 +-A FORWARD -j limit-400 +-A FORWARD -j limit-399 +-A FORWARD -j limit-398 +-A FORWARD -j limit-397 +-A FORWARD -j limit-396 +-A FORWARD -j limit-395 +-A FORWARD -j limit-394 +-A FORWARD -j limit-393 +-A FORWARD -j limit-392 +-A FORWARD -j limit-391 +-A FORWARD -j limit-390 +-A FORWARD -j limit-389 +-A FORWARD -j limit-388 +-A FORWARD -j limit-387 +-A FORWARD -j limit-386 +-A FORWARD -j limit-385 +-A FORWARD -j limit-384 +-A FORWARD -j limit-383 +-A FORWARD -j limit-382 +-A FORWARD -j limit-381 +-A FORWARD -j limit-380 +-A FORWARD -j limit-379 +-A FORWARD -j limit-378 +-A FORWARD -j limit-377 +-A FORWARD -j limit-376 +-A FORWARD -j limit-375 +-A FORWARD -j limit-374 +-A FORWARD -j limit-373 +-A FORWARD -j limit-372 +-A FORWARD -j limit-371 +-A FORWARD -j limit-370 +-A FORWARD -j limit-369 +-A FORWARD -j limit-368 +-A FORWARD -j limit-367 +-A FORWARD -j limit-366 +-A FORWARD -j limit-365 +-A FORWARD -j limit-364 +-A FORWARD -j limit-363 +-A FORWARD -j limit-362 +-A FORWARD -j limit-361 +-A FORWARD -j limit-360 +-A FORWARD -j limit-359 +-A FORWARD -j limit-358 +-A FORWARD -j limit-357 +-A FORWARD -j limit-356 +-A FORWARD -j limit-355 +-A FORWARD -j limit-354 +-A FORWARD -j limit-353 +-A FORWARD -j limit-352 +-A FORWARD -j limit-351 +-A FORWARD -j limit-350 +-A FORWARD -j limit-349 +-A FORWARD -j limit-348 +-A FORWARD -j limit-347 +-A FORWARD -j limit-346 +-A FORWARD -j limit-345 +-A FORWARD -j limit-344 +-A FORWARD -j limit-343 +-A FORWARD -j limit-342 +-A FORWARD -j limit-341 +-A FORWARD -j limit-340 +-A FORWARD -j limit-339 +-A FORWARD -j limit-338 +-A FORWARD -j limit-337 +-A FORWARD -j limit-336 +-A FORWARD -j limit-335 +-A FORWARD -j limit-334 +-A FORWARD -j limit-333 +-A FORWARD -j limit-332 +-A FORWARD -j limit-331 +-A FORWARD -j limit-330 +-A FORWARD -j limit-329 +-A FORWARD -j limit-328 +-A FORWARD -j limit-327 +-A FORWARD -j limit-326 +-A FORWARD -j limit-325 +-A FORWARD -j limit-324 +-A FORWARD -j limit-323 +-A FORWARD -j limit-322 +-A FORWARD -j limit-321 +-A FORWARD -j limit-320 +-A FORWARD -j limit-319 +-A FORWARD -j limit-318 +-A FORWARD -j limit-317 +-A FORWARD -j limit-316 +-A FORWARD -j limit-315 +-A FORWARD -j limit-314 +-A FORWARD -j limit-313 +-A FORWARD -j limit-312 +-A FORWARD -j limit-311 +-A FORWARD -j limit-310 +-A FORWARD -j limit-309 +-A FORWARD -j limit-308 +-A FORWARD -j limit-307 +-A FORWARD -j limit-306 +-A FORWARD -j limit-305 +-A FORWARD -j limit-304 +-A FORWARD -j limit-303 +-A FORWARD -j limit-302 +-A FORWARD -j limit-301 +-A FORWARD -j limit-300 +-A FORWARD -j limit-299 +-A FORWARD -j limit-298 +-A FORWARD -j limit-297 +-A FORWARD -j limit-296 +-A FORWARD -j limit-295 +-A FORWARD -j limit-294 +-A FORWARD -j limit-293 +-A FORWARD -j limit-292 +-A FORWARD -j limit-291 +-A FORWARD -j limit-290 +-A FORWARD -j limit-289 +-A FORWARD -j limit-288 +-A FORWARD -j limit-287 +-A FORWARD -j limit-286 +-A FORWARD -j limit-285 +-A FORWARD -j limit-284 +-A FORWARD -j limit-283 +-A FORWARD -j limit-282 +-A FORWARD -j limit-281 +-A FORWARD -j limit-280 +-A FORWARD -j limit-279 +-A FORWARD -j limit-278 +-A FORWARD -j limit-277 +-A FORWARD -j limit-276 +-A FORWARD -j limit-275 +-A FORWARD -j limit-274 +-A FORWARD -j limit-273 +-A FORWARD -j limit-272 +-A FORWARD -j limit-271 +-A FORWARD -j limit-270 +-A FORWARD -j limit-269 +-A FORWARD -j limit-268 +-A FORWARD -j limit-267 +-A FORWARD -j limit-266 +-A FORWARD -j limit-265 +-A FORWARD -j limit-264 +-A FORWARD -j limit-263 +-A FORWARD -j limit-262 +-A FORWARD -j limit-261 +-A FORWARD -j limit-260 +-A FORWARD -j limit-259 +-A FORWARD -j limit-258 +-A FORWARD -j limit-257 +-A FORWARD -j limit-256 +-A FORWARD -j limit-255 +-A FORWARD -j limit-254 +-A FORWARD -j limit-253 +-A FORWARD -j limit-252 +-A FORWARD -j limit-251 +-A FORWARD -j limit-250 +-A FORWARD -j limit-249 +-A FORWARD -j limit-248 +-A FORWARD -j limit-247 +-A FORWARD -j limit-246 +-A FORWARD -j limit-245 +-A FORWARD -j limit-244 +-A FORWARD -j limit-243 +-A FORWARD -j limit-242 +-A FORWARD -j limit-241 +-A FORWARD -j limit-240 +-A FORWARD -j limit-239 +-A FORWARD -j limit-238 +-A FORWARD -j limit-237 +-A FORWARD -j limit-236 +-A FORWARD -j limit-235 +-A FORWARD -j limit-234 +-A FORWARD -j limit-233 +-A FORWARD -j limit-232 +-A FORWARD -j limit-231 +-A FORWARD -j limit-230 +-A FORWARD -j limit-229 +-A FORWARD -j limit-228 +-A FORWARD -j limit-227 +-A FORWARD -j limit-226 +-A FORWARD -j limit-225 +-A FORWARD -j limit-224 -A FORWARD -j limit-223 -A FORWARD -j limit-222 -A FORWARD -j limit-221 @@ -8790,108 +16004,6 @@ COMMIT -A FORWARD -j limit-216 -A FORWARD -j limit-215 -A FORWARD -j limit-214 --A FORWARD -j limit-213 --A FORWARD -j limit-212 --A FORWARD -j limit-211 --A FORWARD -j limit-210 --A FORWARD -j limit-209 --A FORWARD -j limit-208 --A FORWARD -j limit-207 --A FORWARD -j limit-206 --A FORWARD -j limit-205 --A FORWARD -j limit-204 --A FORWARD -j limit-203 --A FORWARD -j limit-202 --A FORWARD -j limit-201 --A FORWARD -j limit-200 --A FORWARD -j limit-199 --A FORWARD -j limit-198 --A FORWARD -j limit-197 --A FORWARD -j limit-196 --A FORWARD -j limit-195 --A FORWARD -j limit-194 --A FORWARD -j limit-193 --A FORWARD -j limit-192 --A FORWARD -j limit-191 --A FORWARD -j limit-190 --A FORWARD -j limit-189 --A FORWARD -j limit-188 --A FORWARD -j limit-187 --A FORWARD -j limit-186 --A FORWARD -j limit-185 --A FORWARD -j limit-184 --A FORWARD -j limit-183 --A FORWARD -j limit-182 --A FORWARD -j limit-181 --A FORWARD -j limit-180 --A FORWARD -j limit-179 --A FORWARD -j limit-178 --A FORWARD -j limit-177 --A FORWARD -j limit-176 --A FORWARD -j limit-175 --A FORWARD -j limit-174 --A FORWARD -j limit-173 --A FORWARD -j limit-172 --A FORWARD -j limit-171 --A FORWARD -j limit-170 --A FORWARD -j limit-169 --A FORWARD -j limit-168 --A FORWARD -j limit-167 --A FORWARD -j limit-166 --A FORWARD -j limit-165 --A FORWARD -j limit-164 --A FORWARD -j limit-163 --A FORWARD -j limit-162 --A FORWARD -j limit-161 --A FORWARD -j limit-160 --A FORWARD -j limit-159 --A FORWARD -j limit-158 --A FORWARD -j limit-157 --A FORWARD -j limit-156 --A FORWARD -j limit-155 --A FORWARD -j limit-154 --A FORWARD -j limit-153 --A FORWARD -j limit-152 --A FORWARD -j limit-151 --A FORWARD -j limit-150 --A FORWARD -j limit-149 --A FORWARD -j limit-148 --A FORWARD -j limit-147 --A FORWARD -j limit-146 --A FORWARD -j limit-145 --A FORWARD -j limit-144 --A FORWARD -j limit-143 --A FORWARD -j limit-142 --A FORWARD -j limit-141 --A FORWARD -j limit-140 --A FORWARD -j limit-139 --A FORWARD -j limit-138 --A FORWARD -j limit-137 --A FORWARD -j limit-136 --A FORWARD -j limit-135 --A FORWARD -j limit-134 --A FORWARD -j limit-133 --A FORWARD -j limit-132 --A FORWARD -j limit-131 --A FORWARD -j limit-130 --A FORWARD -j limit-129 --A FORWARD -j limit-128 --A FORWARD -j limit-127 --A FORWARD -j limit-126 --A FORWARD -j limit-125 --A FORWARD -j limit-124 --A FORWARD -j limit-123 --A FORWARD -j limit-122 --A FORWARD -j limit-121 --A FORWARD -j limit-120 --A FORWARD -j limit-119 --A FORWARD -j limit-118 --A FORWARD -j limit-117 --A FORWARD -j limit-116 --A FORWARD -j limit-115 --A FORWARD -j limit-114 --A FORWARD -j limit-113 --A FORWARD -j limit-112 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -9008,9 +16120,111 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-106 -A FORWARD -o eth1 -d fc00::/7 -j limit-107 -A FORWARD -o eth1 -d fc00::/7 -j limit-108 --A FORWARD -o eth1 -d fc00::/7 -j limit-109 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -A FORWARD -o eth1 -d fc00::/7 -j limit-110 -A FORWARD -o eth1 -d fc00::/7 -j limit-111 +-A FORWARD -o eth1 -d fc00::/7 -j limit-112 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-54 +-A FORWARD -o eth1 -d fc00::/7 -j limit-114 +-A FORWARD -o eth1 -d fc00::/7 -j limit-115 +-A FORWARD -o eth1 -d fc00::/7 -j limit-116 +-A FORWARD -o eth1 -d fc00::/7 -j limit-117 +-A FORWARD -o eth1 -d fc00::/7 -j limit-118 +-A FORWARD -o eth1 -d fc00::/7 -j limit-119 +-A FORWARD -o eth1 -d fc00::/7 -j limit-120 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-62 +-A FORWARD -o eth1 -d fc00::/7 -j limit-122 +-A FORWARD -o eth1 -d fc00::/7 -j limit-123 +-A FORWARD -o eth1 -d fc00::/7 -j limit-124 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-66 +-A FORWARD -o eth1 -d fc00::/7 -j limit-126 +-A FORWARD -o eth1 -d fc00::/7 -j limit-127 +-A FORWARD -o eth1 -d fc00::/7 -j limit-128 +-A FORWARD -o eth1 -d fc00::/7 -j limit-129 +-A FORWARD -o eth1 -d fc00::/7 -j limit-130 +-A FORWARD -o eth1 -d fc00::/7 -j limit-131 +-A FORWARD -o eth1 -d fc00::/7 -j limit-132 +-A FORWARD -o eth1 -d fc00::/7 -j limit-133 +-A FORWARD -o eth1 -d fc00::/7 -j limit-134 +-A FORWARD -o eth1 -d fc00::/7 -j limit-135 +-A FORWARD -o eth1 -d fc00::/7 -j limit-136 +-A FORWARD -o eth1 -d fc00::/7 -j limit-137 +-A FORWARD -o eth1 -d fc00::/7 -j limit-138 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-140 +-A FORWARD -o eth1 -d fc00::/7 -j limit-141 +-A FORWARD -o eth1 -d fc00::/7 -j limit-142 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-144 +-A FORWARD -o eth1 -d fc00::/7 -j limit-145 +-A FORWARD -o eth1 -d fc00::/7 -j limit-146 +-A FORWARD -o eth1 -d fc00::/7 -j limit-147 +-A FORWARD -o eth1 -d fc00::/7 -j limit-148 +-A FORWARD -o eth1 -d fc00::/7 -j limit-149 +-A FORWARD -o eth1 -d fc00::/7 -j limit-150 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-152 +-A FORWARD -o eth1 -d fc00::/7 -j limit-153 +-A FORWARD -o eth1 -d fc00::/7 -j limit-154 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-156 +-A FORWARD -o eth1 -d fc00::/7 -j limit-157 +-A FORWARD -o eth1 -d fc00::/7 -j limit-158 +-A FORWARD -o eth1 -d fc00::/7 -j limit-159 +-A FORWARD -o eth1 -d fc00::/7 -j limit-160 +-A FORWARD -o eth1 -d fc00::/7 -j limit-161 +-A FORWARD -o eth1 -d fc00::/7 -j limit-162 +-A FORWARD -o eth1 -d fc00::/7 -j limit-163 +-A FORWARD -o eth1 -d fc00::/7 -j limit-164 +-A FORWARD -o eth1 -d fc00::/7 -j limit-165 +-A FORWARD -o eth1 -d fc00::/7 -j limit-166 +-A FORWARD -o eth1 -d fc00::/7 -j limit-167 +-A FORWARD -o eth1 -d fc00::/7 -j limit-168 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-170 +-A FORWARD -o eth1 -d fc00::/7 -j limit-171 +-A FORWARD -o eth1 -d fc00::/7 -j limit-172 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-174 +-A FORWARD -o eth1 -d fc00::/7 -j limit-175 +-A FORWARD -o eth1 -d fc00::/7 -j limit-176 +-A FORWARD -o eth1 -d fc00::/7 -j limit-177 +-A FORWARD -o eth1 -d fc00::/7 -j limit-178 +-A FORWARD -o eth1 -d fc00::/7 -j limit-179 +-A FORWARD -o eth1 -d fc00::/7 -j limit-180 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-182 +-A FORWARD -o eth1 -d fc00::/7 -j limit-183 +-A FORWARD -o eth1 -d fc00::/7 -j limit-184 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-186 +-A FORWARD -o eth1 -d fc00::/7 -j limit-187 +-A FORWARD -o eth1 -d fc00::/7 -j limit-188 +-A FORWARD -o eth1 -d fc00::/7 -j limit-189 +-A FORWARD -o eth1 -d fc00::/7 -j limit-190 +-A FORWARD -o eth1 -d fc00::/7 -j limit-191 +-A FORWARD -o eth1 -d fc00::/7 -j limit-192 +-A FORWARD -o eth1 -d fc00::/7 -j limit-193 +-A FORWARD -o eth1 -d fc00::/7 -j limit-194 +-A FORWARD -o eth1 -d fc00::/7 -j limit-195 +-A FORWARD -o eth1 -d fc00::/7 -j limit-196 +-A FORWARD -o eth1 -d fc00::/7 -j limit-197 +-A FORWARD -o eth1 -d fc00::/7 -j limit-198 +-A FORWARD -o eth1 -d fc00::/7 -j limit-199 +-A FORWARD -o eth1 -d fc00::/7 -j limit-200 +-A FORWARD -o eth1 -d fc00::/7 -j limit-201 +-A FORWARD -o eth1 -d fc00::/7 -j limit-202 +-A FORWARD -o eth1 -d fc00::/7 -j limit-203 +-A FORWARD -o eth1 -d fc00::/7 -j limit-204 +-A FORWARD -o eth1 -d fc00::/7 -j limit-205 +-A FORWARD -o eth1 -d fc00::/7 -j limit-206 +-A FORWARD -o eth1 -d fc00::/7 -j limit-207 +-A FORWARD -o eth1 -d fc00::/7 -j limit-208 +-A FORWARD -o eth1 -d fc00::/7 -j limit-209 +-A FORWARD -o eth1 -d fc00::/7 -j limit-210 +-A FORWARD -o eth1 -d fc00::/7 -j limit-211 +-A FORWARD -o eth1 -d fc00::/7 -j limit-212 +-A FORWARD -o eth1 -d fc00::/7 -j limit-213 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -9071,17 +16285,71 @@ COMMIT -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-19 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-20 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-21 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-22 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-23 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-24 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-25 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-26 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-27 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-28 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-29 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-30 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-31 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-32 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-33 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-34 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-35 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-36 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-37 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-109 +-A FORWARD -j logdrop-199 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD --A FORWARD -j logaccept-8 --A FORWARD -j logdrop-110 +-A FORWARD -j logaccept-14 +-A FORWARD -j logdrop-200 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -9114,6 +16382,210 @@ COMMIT -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-427 +-A INPUT -j limit-426 +-A INPUT -j limit-425 +-A INPUT -j limit-424 +-A INPUT -j limit-423 +-A INPUT -j limit-422 +-A INPUT -j limit-421 +-A INPUT -j limit-420 +-A INPUT -j limit-419 +-A INPUT -j limit-418 +-A INPUT -j limit-417 +-A INPUT -j limit-416 +-A INPUT -j limit-415 +-A INPUT -j limit-414 +-A INPUT -j limit-413 +-A INPUT -j limit-412 +-A INPUT -j limit-411 +-A INPUT -j limit-410 +-A INPUT -j limit-409 +-A INPUT -j limit-408 +-A INPUT -j limit-407 +-A INPUT -j limit-406 +-A INPUT -j limit-405 +-A INPUT -j limit-404 +-A INPUT -j limit-403 +-A INPUT -j limit-402 +-A INPUT -j limit-401 +-A INPUT -j limit-400 +-A INPUT -j limit-399 +-A INPUT -j limit-398 +-A INPUT -j limit-397 +-A INPUT -j limit-396 +-A INPUT -j limit-395 +-A INPUT -j limit-394 +-A INPUT -j limit-393 +-A INPUT -j limit-392 +-A INPUT -j limit-391 +-A INPUT -j limit-390 +-A INPUT -j limit-389 +-A INPUT -j limit-388 +-A INPUT -j limit-387 +-A INPUT -j limit-386 +-A INPUT -j limit-385 +-A INPUT -j limit-384 +-A INPUT -j limit-383 +-A INPUT -j limit-382 +-A INPUT -j limit-381 +-A INPUT -j limit-380 +-A INPUT -j limit-379 +-A INPUT -j limit-378 +-A INPUT -j limit-377 +-A INPUT -j limit-376 +-A INPUT -j limit-375 +-A INPUT -j limit-374 +-A INPUT -j limit-373 +-A INPUT -j limit-372 +-A INPUT -j limit-371 +-A INPUT -j limit-370 +-A INPUT -j limit-369 +-A INPUT -j limit-368 +-A INPUT -j limit-367 +-A INPUT -j limit-366 +-A INPUT -j limit-365 +-A INPUT -j limit-364 +-A INPUT -j limit-363 +-A INPUT -j limit-362 +-A INPUT -j limit-361 +-A INPUT -j limit-360 +-A INPUT -j limit-359 +-A INPUT -j limit-358 +-A INPUT -j limit-357 +-A INPUT -j limit-356 +-A INPUT -j limit-355 +-A INPUT -j limit-354 +-A INPUT -j limit-353 +-A INPUT -j limit-352 +-A INPUT -j limit-351 +-A INPUT -j limit-350 +-A INPUT -j limit-349 +-A INPUT -j limit-348 +-A INPUT -j limit-347 +-A INPUT -j limit-346 +-A INPUT -j limit-345 +-A INPUT -j limit-344 +-A INPUT -j limit-343 +-A INPUT -j limit-342 +-A INPUT -j limit-341 +-A INPUT -j limit-340 +-A INPUT -j limit-339 +-A INPUT -j limit-338 +-A INPUT -j limit-337 +-A INPUT -j limit-336 +-A INPUT -j limit-335 +-A INPUT -j limit-334 +-A INPUT -j limit-333 +-A INPUT -j limit-332 +-A INPUT -j limit-331 +-A INPUT -j limit-330 +-A INPUT -j limit-329 +-A INPUT -j limit-328 +-A INPUT -j limit-327 +-A INPUT -j limit-326 +-A INPUT -j limit-325 +-A INPUT -j limit-324 +-A INPUT -j limit-323 +-A INPUT -j limit-322 +-A INPUT -j limit-321 +-A INPUT -j limit-320 +-A INPUT -j limit-319 +-A INPUT -j limit-318 +-A INPUT -j limit-317 +-A INPUT -j limit-316 +-A INPUT -j limit-315 +-A INPUT -j limit-314 +-A INPUT -j limit-313 +-A INPUT -j limit-312 +-A INPUT -j limit-311 +-A INPUT -j limit-310 +-A INPUT -j limit-309 +-A INPUT -j limit-308 +-A INPUT -j limit-307 +-A INPUT -j limit-306 +-A INPUT -j limit-305 +-A INPUT -j limit-304 +-A INPUT -j limit-303 +-A INPUT -j limit-302 +-A INPUT -j limit-301 +-A INPUT -j limit-300 +-A INPUT -j limit-299 +-A INPUT -j limit-298 +-A INPUT -j limit-297 +-A INPUT -j limit-296 +-A INPUT -j limit-295 +-A INPUT -j limit-294 +-A INPUT -j limit-293 +-A INPUT -j limit-292 +-A INPUT -j limit-291 +-A INPUT -j limit-290 +-A INPUT -j limit-289 +-A INPUT -j limit-288 +-A INPUT -j limit-287 +-A INPUT -j limit-286 +-A INPUT -j limit-285 +-A INPUT -j limit-284 +-A INPUT -j limit-283 +-A INPUT -j limit-282 +-A INPUT -j limit-281 +-A INPUT -j limit-280 +-A INPUT -j limit-279 +-A INPUT -j limit-278 +-A INPUT -j limit-277 +-A INPUT -j limit-276 +-A INPUT -j limit-275 +-A INPUT -j limit-274 +-A INPUT -j limit-273 +-A INPUT -j limit-272 +-A INPUT -j limit-271 +-A INPUT -j limit-270 +-A INPUT -j limit-269 +-A INPUT -j limit-268 +-A INPUT -j limit-267 +-A INPUT -j limit-266 +-A INPUT -j limit-265 +-A INPUT -j limit-264 +-A INPUT -j limit-263 +-A INPUT -j limit-262 +-A INPUT -j limit-261 +-A INPUT -j limit-260 +-A INPUT -j limit-259 +-A INPUT -j limit-258 +-A INPUT -j limit-257 +-A INPUT -j limit-256 +-A INPUT -j limit-255 +-A INPUT -j limit-254 +-A INPUT -j limit-253 +-A INPUT -j limit-252 +-A INPUT -j limit-251 +-A INPUT -j limit-250 +-A INPUT -j limit-249 +-A INPUT -j limit-248 +-A INPUT -j limit-247 +-A INPUT -j limit-246 +-A INPUT -j limit-245 +-A INPUT -j limit-244 +-A INPUT -j limit-243 +-A INPUT -j limit-242 +-A INPUT -j limit-241 +-A INPUT -j limit-240 +-A INPUT -j limit-239 +-A INPUT -j limit-238 +-A INPUT -j limit-237 +-A INPUT -j limit-236 +-A INPUT -j limit-235 +-A INPUT -j limit-234 +-A INPUT -j limit-233 +-A INPUT -j limit-232 +-A INPUT -j limit-231 +-A INPUT -j limit-230 +-A INPUT -j limit-229 +-A INPUT -j limit-228 +-A INPUT -j limit-227 +-A INPUT -j limit-226 +-A INPUT -j limit-225 +-A INPUT -j limit-224 -A INPUT -j limit-223 -A INPUT -j limit-222 -A INPUT -j limit-221 @@ -9124,108 +16596,6 @@ COMMIT -A INPUT -j limit-216 -A INPUT -j limit-215 -A INPUT -j limit-214 --A INPUT -j limit-213 --A INPUT -j limit-212 --A INPUT -j limit-211 --A INPUT -j limit-210 --A INPUT -j limit-209 --A INPUT -j limit-208 --A INPUT -j limit-207 --A INPUT -j limit-206 --A INPUT -j limit-205 --A INPUT -j limit-204 --A INPUT -j limit-203 --A INPUT -j limit-202 --A INPUT -j limit-201 --A INPUT -j limit-200 --A INPUT -j limit-199 --A INPUT -j limit-198 --A INPUT -j limit-197 --A INPUT -j limit-196 --A INPUT -j limit-195 --A INPUT -j limit-194 --A INPUT -j limit-193 --A INPUT -j limit-192 --A INPUT -j limit-191 --A INPUT -j limit-190 --A INPUT -j limit-189 --A INPUT -j limit-188 --A INPUT -j limit-187 --A INPUT -j limit-186 --A INPUT -j limit-185 --A INPUT -j limit-184 --A INPUT -j limit-183 --A INPUT -j limit-182 --A INPUT -j limit-181 --A INPUT -j limit-180 --A INPUT -j limit-179 --A INPUT -j limit-178 --A INPUT -j limit-177 --A INPUT -j limit-176 --A INPUT -j limit-175 --A INPUT -j limit-174 --A INPUT -j limit-173 --A INPUT -j limit-172 --A INPUT -j limit-171 --A INPUT -j limit-170 --A INPUT -j limit-169 --A INPUT -j limit-168 --A INPUT -j limit-167 --A INPUT -j limit-166 --A INPUT -j limit-165 --A INPUT -j limit-164 --A INPUT -j limit-163 --A INPUT -j limit-162 --A INPUT -j limit-161 --A INPUT -j limit-160 --A INPUT -j limit-159 --A INPUT -j limit-158 --A INPUT -j limit-157 --A INPUT -j limit-156 --A INPUT -j limit-155 --A INPUT -j limit-154 --A INPUT -j limit-153 --A INPUT -j limit-152 --A INPUT -j limit-151 --A INPUT -j limit-150 --A INPUT -j limit-149 --A INPUT -j limit-148 --A INPUT -j limit-147 --A INPUT -j limit-146 --A INPUT -j limit-145 --A INPUT -j limit-144 --A INPUT -j limit-143 --A INPUT -j limit-142 --A INPUT -j limit-141 --A INPUT -j limit-140 --A INPUT -j limit-139 --A INPUT -j limit-138 --A INPUT -j limit-137 --A INPUT -j limit-136 --A INPUT -j limit-135 --A INPUT -j limit-134 --A INPUT -j limit-133 --A INPUT -j limit-132 --A INPUT -j limit-131 --A INPUT -j limit-130 --A INPUT -j limit-129 --A INPUT -j limit-128 --A INPUT -j limit-127 --A INPUT -j limit-126 --A INPUT -j limit-125 --A INPUT -j limit-124 --A INPUT -j limit-123 --A INPUT -j limit-122 --A INPUT -j limit-121 --A INPUT -j limit-120 --A INPUT -j limit-119 --A INPUT -j limit-118 --A INPUT -j limit-117 --A INPUT -j limit-116 --A INPUT -j limit-115 --A INPUT -j limit-114 --A INPUT -j limit-113 --A INPUT -j limit-112 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -9294,129 +16664,285 @@ COMMIT -A INPUT -j ACCEPT -A INPUT -j logaccept-final-19 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-224 --A INPUT -i eth0 -j limit-225 --A INPUT -i eth0 -j limit-226 --A INPUT -i eth0 -j limit-227 --A INPUT -i eth0 -j limit-228 --A INPUT -i eth0 -j limit-229 --A INPUT -i eth0 -j limit-230 --A INPUT -i eth0 -j limit-231 --A INPUT -i eth0 -j limit-232 --A INPUT -i eth0 -j limit-233 --A INPUT -i eth0 -j limit-234 --A INPUT -i eth0 -j limit-235 --A INPUT -i eth0 -j limit-236 --A INPUT -i eth0 -j limit-237 --A INPUT -i eth0 -j limit-238 --A INPUT -i eth0 -j limit-239 --A INPUT -i eth0 -j limit-240 --A INPUT -i eth0 -j limit-241 --A INPUT -i eth0 -j limit-242 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-92 --A INPUT -i eth0 -j limit-244 --A INPUT -i eth0 -j limit-245 --A INPUT -i eth0 -j limit-246 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-96 --A INPUT -i eth0 -j limit-248 --A INPUT -i eth0 -j limit-249 --A INPUT -i eth0 -j limit-250 --A INPUT -i eth0 -j limit-251 --A INPUT -i eth0 -j limit-252 --A INPUT -i eth0 -j limit-253 --A INPUT -i eth0 -j limit-254 --A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-104 --A INPUT -i eth0 -j limit-256 --A INPUT -i eth0 -j limit-257 --A INPUT -i eth0 -j limit-258 --A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-108 --A INPUT -i eth0 -j limit-260 --A INPUT -i eth0 -j limit-261 --A INPUT -i eth0 -j limit-262 --A INPUT -i eth0 -j limit-263 --A INPUT -i eth0 -j limit-264 --A INPUT -i eth0 -j limit-265 --A INPUT -i eth0 -j limit-266 --A INPUT -i eth0 -j limit-267 --A INPUT -i eth0 -j limit-268 --A INPUT -i eth0 -j limit-269 --A INPUT -i eth0 -j limit-270 --A INPUT -i eth0 -j limit-271 --A INPUT -i eth0 -j limit-272 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-20 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-21 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-22 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-23 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-24 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-25 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-26 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-27 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-28 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-29 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-30 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-31 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-32 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-33 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-34 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-35 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-36 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-37 +-A INPUT -j ACCEPT +-A INPUT -i eth0 -j limit-428 +-A INPUT -i eth0 -j limit-429 +-A INPUT -i eth0 -j limit-430 +-A INPUT -i eth0 -j limit-431 +-A INPUT -i eth0 -j limit-432 +-A INPUT -i eth0 -j limit-433 +-A INPUT -i eth0 -j limit-434 +-A INPUT -i eth0 -j limit-435 +-A INPUT -i eth0 -j limit-436 +-A INPUT -i eth0 -j limit-437 +-A INPUT -i eth0 -j limit-438 +-A INPUT -i eth0 -j limit-439 +-A INPUT -i eth0 -j limit-440 +-A INPUT -i eth0 -j limit-441 +-A INPUT -i eth0 -j limit-442 +-A INPUT -i eth0 -j limit-443 +-A INPUT -i eth0 -j limit-444 +-A INPUT -i eth0 -j limit-445 +-A INPUT -i eth0 -j limit-446 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-152 +-A INPUT -i eth0 -j limit-448 +-A INPUT -i eth0 -j limit-449 +-A INPUT -i eth0 -j limit-450 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-156 +-A INPUT -i eth0 -j limit-452 +-A INPUT -i eth0 -j limit-453 +-A INPUT -i eth0 -j limit-454 +-A INPUT -i eth0 -j limit-455 +-A INPUT -i eth0 -j limit-456 +-A INPUT -i eth0 -j limit-457 +-A INPUT -i eth0 -j limit-458 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-164 +-A INPUT -i eth0 -j limit-460 +-A INPUT -i eth0 -j limit-461 +-A INPUT -i eth0 -j limit-462 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-168 +-A INPUT -i eth0 -j limit-464 +-A INPUT -i eth0 -j limit-465 +-A INPUT -i eth0 -j limit-466 +-A INPUT -i eth0 -j limit-467 +-A INPUT -i eth0 -j limit-468 +-A INPUT -i eth0 -j limit-469 +-A INPUT -i eth0 -j limit-470 +-A INPUT -i eth0 -j limit-471 +-A INPUT -i eth0 -j limit-472 +-A INPUT -i eth0 -j limit-473 +-A INPUT -i eth0 -j limit-474 +-A INPUT -i eth0 -j limit-475 +-A INPUT -i eth0 -j limit-476 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-274 --A INPUT -i eth0 -j limit-275 --A INPUT -i eth0 -j limit-276 +-A INPUT -i eth0 -j limit-478 +-A INPUT -i eth0 -j limit-479 +-A INPUT -i eth0 -j limit-480 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-278 --A INPUT -i eth0 -j limit-279 --A INPUT -i eth0 -j limit-280 --A INPUT -i eth0 -j limit-281 --A INPUT -i eth0 -j limit-282 --A INPUT -i eth0 -j limit-283 --A INPUT -i eth0 -j limit-284 +-A INPUT -i eth0 -j limit-482 +-A INPUT -i eth0 -j limit-483 +-A INPUT -i eth0 -j limit-484 +-A INPUT -i eth0 -j limit-485 +-A INPUT -i eth0 -j limit-486 +-A INPUT -i eth0 -j limit-487 +-A INPUT -i eth0 -j limit-488 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-286 --A INPUT -i eth0 -j limit-287 --A INPUT -i eth0 -j limit-288 +-A INPUT -i eth0 -j limit-490 +-A INPUT -i eth0 -j limit-491 +-A INPUT -i eth0 -j limit-492 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-290 --A INPUT -i eth0 -j limit-291 --A INPUT -i eth0 -j limit-292 --A INPUT -i eth0 -j limit-293 --A INPUT -i eth0 -j limit-294 --A INPUT -i eth0 -j limit-295 --A INPUT -i eth0 -j limit-296 --A INPUT -i eth0 -j limit-297 --A INPUT -i eth0 -j limit-298 --A INPUT -i eth0 -j limit-299 --A INPUT -i eth0 -j limit-300 --A INPUT -i eth0 -j limit-301 --A INPUT -i eth0 -j limit-302 +-A INPUT -i eth0 -j limit-494 +-A INPUT -i eth0 -j limit-495 +-A INPUT -i eth0 -j limit-496 +-A INPUT -i eth0 -j limit-497 +-A INPUT -i eth0 -j limit-498 +-A INPUT -i eth0 -j limit-499 +-A INPUT -i eth0 -j limit-500 +-A INPUT -i eth0 -j limit-501 +-A INPUT -i eth0 -j limit-502 +-A INPUT -i eth0 -j limit-503 +-A INPUT -i eth0 -j limit-504 +-A INPUT -i eth0 -j limit-505 +-A INPUT -i eth0 -j limit-506 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-304 --A INPUT -i eth0 -j limit-305 --A INPUT -i eth0 -j limit-306 +-A INPUT -i eth0 -j limit-508 +-A INPUT -i eth0 -j limit-509 +-A INPUT -i eth0 -j limit-510 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-308 --A INPUT -i eth0 -j limit-309 --A INPUT -i eth0 -j limit-310 --A INPUT -i eth0 -j limit-311 --A INPUT -i eth0 -j limit-312 --A INPUT -i eth0 -j limit-313 --A INPUT -i eth0 -j limit-314 +-A INPUT -i eth0 -j limit-512 +-A INPUT -i eth0 -j limit-513 +-A INPUT -i eth0 -j limit-514 +-A INPUT -i eth0 -j limit-515 +-A INPUT -i eth0 -j limit-516 +-A INPUT -i eth0 -j limit-517 +-A INPUT -i eth0 -j limit-518 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-316 --A INPUT -i eth0 -j limit-317 --A INPUT -i eth0 -j limit-318 +-A INPUT -i eth0 -j limit-520 +-A INPUT -i eth0 -j limit-521 +-A INPUT -i eth0 -j limit-522 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-320 --A INPUT -i eth0 -j limit-321 --A INPUT -i eth0 -j limit-322 --A INPUT -i eth0 -j limit-323 --A INPUT -i eth0 -j limit-324 --A INPUT -i eth0 -j limit-325 --A INPUT -i eth0 -j limit-326 --A INPUT -i eth0 -j limit-327 --A INPUT -i eth0 -j limit-328 --A INPUT -i eth0 -j limit-329 --A INPUT -i eth0 -j limit-330 --A INPUT -i eth0 -j limit-331 --A INPUT -i eth0 -j limit-332 --A INPUT -i eth0 -j limit-333 --A INPUT -i eth0 -j limit-334 --A INPUT -i eth0 -j limit-335 +-A INPUT -i eth0 -j limit-524 +-A INPUT -i eth0 -j limit-525 +-A INPUT -i eth0 -j limit-526 +-A INPUT -i eth0 -j limit-527 +-A INPUT -i eth0 -j limit-528 +-A INPUT -i eth0 -j limit-529 +-A INPUT -i eth0 -j limit-530 +-A INPUT -i eth0 -j limit-531 +-A INPUT -i eth0 -j limit-532 +-A INPUT -i eth0 -j limit-533 +-A INPUT -i eth0 -j limit-534 +-A INPUT -i eth0 -j limit-535 +-A INPUT -i eth0 -j limit-536 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-182 +-A INPUT -i eth0 -j limit-538 +-A INPUT -i eth0 -j limit-539 +-A INPUT -i eth0 -j limit-540 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-186 +-A INPUT -i eth0 -j limit-542 +-A INPUT -i eth0 -j limit-543 +-A INPUT -i eth0 -j limit-544 +-A INPUT -i eth0 -j limit-545 +-A INPUT -i eth0 -j limit-546 +-A INPUT -i eth0 -j limit-547 +-A INPUT -i eth0 -j limit-548 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-194 +-A INPUT -i eth0 -j limit-550 +-A INPUT -i eth0 -j limit-551 +-A INPUT -i eth0 -j limit-552 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-198 +-A INPUT -i eth0 -j limit-554 +-A INPUT -i eth0 -j limit-555 +-A INPUT -i eth0 -j limit-556 +-A INPUT -i eth0 -j limit-557 +-A INPUT -i eth0 -j limit-558 +-A INPUT -i eth0 -j limit-559 +-A INPUT -i eth0 -j limit-560 +-A INPUT -i eth0 -j limit-561 +-A INPUT -i eth0 -j limit-562 +-A INPUT -i eth0 -j limit-563 +-A INPUT -i eth0 -j limit-564 +-A INPUT -i eth0 -j limit-565 +-A INPUT -i eth0 -j limit-566 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-568 +-A INPUT -i eth0 -j limit-569 +-A INPUT -i eth0 -j limit-570 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-572 +-A INPUT -i eth0 -j limit-573 +-A INPUT -i eth0 -j limit-574 +-A INPUT -i eth0 -j limit-575 +-A INPUT -i eth0 -j limit-576 +-A INPUT -i eth0 -j limit-577 +-A INPUT -i eth0 -j limit-578 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-580 +-A INPUT -i eth0 -j limit-581 +-A INPUT -i eth0 -j limit-582 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-584 +-A INPUT -i eth0 -j limit-585 +-A INPUT -i eth0 -j limit-586 +-A INPUT -i eth0 -j limit-587 +-A INPUT -i eth0 -j limit-588 +-A INPUT -i eth0 -j limit-589 +-A INPUT -i eth0 -j limit-590 +-A INPUT -i eth0 -j limit-591 +-A INPUT -i eth0 -j limit-592 +-A INPUT -i eth0 -j limit-593 +-A INPUT -i eth0 -j limit-594 +-A INPUT -i eth0 -j limit-595 +-A INPUT -i eth0 -j limit-596 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-598 +-A INPUT -i eth0 -j limit-599 +-A INPUT -i eth0 -j limit-600 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-602 +-A INPUT -i eth0 -j limit-603 +-A INPUT -i eth0 -j limit-604 +-A INPUT -i eth0 -j limit-605 +-A INPUT -i eth0 -j limit-606 +-A INPUT -i eth0 -j limit-607 +-A INPUT -i eth0 -j limit-608 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-610 +-A INPUT -i eth0 -j limit-611 +-A INPUT -i eth0 -j limit-612 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-614 +-A INPUT -i eth0 -j limit-615 +-A INPUT -i eth0 -j limit-616 +-A INPUT -i eth0 -j limit-617 +-A INPUT -i eth0 -j limit-618 +-A INPUT -i eth0 -j limit-619 +-A INPUT -i eth0 -j limit-620 +-A INPUT -i eth0 -j limit-621 +-A INPUT -i eth0 -j limit-622 +-A INPUT -i eth0 -j limit-623 +-A INPUT -i eth0 -j limit-624 +-A INPUT -i eth0 -j limit-625 +-A INPUT -i eth0 -j limit-626 +-A INPUT -i eth0 -j limit-627 +-A INPUT -i eth0 -j limit-628 +-A INPUT -i eth0 -j limit-629 +-A INPUT -i eth0 -j limit-630 +-A INPUT -i eth0 -j limit-631 +-A INPUT -i eth0 -j limit-632 +-A INPUT -i eth0 -j limit-633 +-A INPUT -i eth0 -j limit-634 +-A INPUT -i eth0 -j limit-635 +-A INPUT -i eth0 -j limit-636 +-A INPUT -i eth0 -j limit-637 +-A INPUT -i eth0 -j limit-638 +-A INPUT -i eth0 -j limit-639 +-A INPUT -i eth0 -j limit-640 +-A INPUT -i eth0 -j limit-641 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-109 +-A INPUT -j logdrop-199 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT --A INPUT -j logaccept-8 --A INPUT -j logdrop-110 +-A INPUT -j logaccept-14 +-A INPUT -j logdrop-200 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -9429,6 +16955,210 @@ COMMIT -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-427 +-A OUTPUT -j limit-426 +-A OUTPUT -j limit-425 +-A OUTPUT -j limit-424 +-A OUTPUT -j limit-423 +-A OUTPUT -j limit-422 +-A OUTPUT -j limit-421 +-A OUTPUT -j limit-420 +-A OUTPUT -j limit-419 +-A OUTPUT -j limit-418 +-A OUTPUT -j limit-417 +-A OUTPUT -j limit-416 +-A OUTPUT -j limit-415 +-A OUTPUT -j limit-414 +-A OUTPUT -j limit-413 +-A OUTPUT -j limit-412 +-A OUTPUT -j limit-411 +-A OUTPUT -j limit-410 +-A OUTPUT -j limit-409 +-A OUTPUT -j limit-408 +-A OUTPUT -j limit-407 +-A OUTPUT -j limit-406 +-A OUTPUT -j limit-405 +-A OUTPUT -j limit-404 +-A OUTPUT -j limit-403 +-A OUTPUT -j limit-402 +-A OUTPUT -j limit-401 +-A OUTPUT -j limit-400 +-A OUTPUT -j limit-399 +-A OUTPUT -j limit-398 +-A OUTPUT -j limit-397 +-A OUTPUT -j limit-396 +-A OUTPUT -j limit-395 +-A OUTPUT -j limit-394 +-A OUTPUT -j limit-393 +-A OUTPUT -j limit-392 +-A OUTPUT -j limit-391 +-A OUTPUT -j limit-390 +-A OUTPUT -j limit-389 +-A OUTPUT -j limit-388 +-A OUTPUT -j limit-387 +-A OUTPUT -j limit-386 +-A OUTPUT -j limit-385 +-A OUTPUT -j limit-384 +-A OUTPUT -j limit-383 +-A OUTPUT -j limit-382 +-A OUTPUT -j limit-381 +-A OUTPUT -j limit-380 +-A OUTPUT -j limit-379 +-A OUTPUT -j limit-378 +-A OUTPUT -j limit-377 +-A OUTPUT -j limit-376 +-A OUTPUT -j limit-375 +-A OUTPUT -j limit-374 +-A OUTPUT -j limit-373 +-A OUTPUT -j limit-372 +-A OUTPUT -j limit-371 +-A OUTPUT -j limit-370 +-A OUTPUT -j limit-369 +-A OUTPUT -j limit-368 +-A OUTPUT -j limit-367 +-A OUTPUT -j limit-366 +-A OUTPUT -j limit-365 +-A OUTPUT -j limit-364 +-A OUTPUT -j limit-363 +-A OUTPUT -j limit-362 +-A OUTPUT -j limit-361 +-A OUTPUT -j limit-360 +-A OUTPUT -j limit-359 +-A OUTPUT -j limit-358 +-A OUTPUT -j limit-357 +-A OUTPUT -j limit-356 +-A OUTPUT -j limit-355 +-A OUTPUT -j limit-354 +-A OUTPUT -j limit-353 +-A OUTPUT -j limit-352 +-A OUTPUT -j limit-351 +-A OUTPUT -j limit-350 +-A OUTPUT -j limit-349 +-A OUTPUT -j limit-348 +-A OUTPUT -j limit-347 +-A OUTPUT -j limit-346 +-A OUTPUT -j limit-345 +-A OUTPUT -j limit-344 +-A OUTPUT -j limit-343 +-A OUTPUT -j limit-342 +-A OUTPUT -j limit-341 +-A OUTPUT -j limit-340 +-A OUTPUT -j limit-339 +-A OUTPUT -j limit-338 +-A OUTPUT -j limit-337 +-A OUTPUT -j limit-336 +-A OUTPUT -j limit-335 +-A OUTPUT -j limit-334 +-A OUTPUT -j limit-333 +-A OUTPUT -j limit-332 +-A OUTPUT -j limit-331 +-A OUTPUT -j limit-330 +-A OUTPUT -j limit-329 +-A OUTPUT -j limit-328 +-A OUTPUT -j limit-327 +-A OUTPUT -j limit-326 +-A OUTPUT -j limit-325 +-A OUTPUT -j limit-324 +-A OUTPUT -j limit-323 +-A OUTPUT -j limit-322 +-A OUTPUT -j limit-321 +-A OUTPUT -j limit-320 +-A OUTPUT -j limit-319 +-A OUTPUT -j limit-318 +-A OUTPUT -j limit-317 +-A OUTPUT -j limit-316 +-A OUTPUT -j limit-315 +-A OUTPUT -j limit-314 +-A OUTPUT -j limit-313 +-A OUTPUT -j limit-312 +-A OUTPUT -j limit-311 +-A OUTPUT -j limit-310 +-A OUTPUT -j limit-309 +-A OUTPUT -j limit-308 +-A OUTPUT -j limit-307 +-A OUTPUT -j limit-306 +-A OUTPUT -j limit-305 +-A OUTPUT -j limit-304 +-A OUTPUT -j limit-303 +-A OUTPUT -j limit-302 +-A OUTPUT -j limit-301 +-A OUTPUT -j limit-300 +-A OUTPUT -j limit-299 +-A OUTPUT -j limit-298 +-A OUTPUT -j limit-297 +-A OUTPUT -j limit-296 +-A OUTPUT -j limit-295 +-A OUTPUT -j limit-294 +-A OUTPUT -j limit-293 +-A OUTPUT -j limit-292 +-A OUTPUT -j limit-291 +-A OUTPUT -j limit-290 +-A OUTPUT -j limit-289 +-A OUTPUT -j limit-288 +-A OUTPUT -j limit-287 +-A OUTPUT -j limit-286 +-A OUTPUT -j limit-285 +-A OUTPUT -j limit-284 +-A OUTPUT -j limit-283 +-A OUTPUT -j limit-282 +-A OUTPUT -j limit-281 +-A OUTPUT -j limit-280 +-A OUTPUT -j limit-279 +-A OUTPUT -j limit-278 +-A OUTPUT -j limit-277 +-A OUTPUT -j limit-276 +-A OUTPUT -j limit-275 +-A OUTPUT -j limit-274 +-A OUTPUT -j limit-273 +-A OUTPUT -j limit-272 +-A OUTPUT -j limit-271 +-A OUTPUT -j limit-270 +-A OUTPUT -j limit-269 +-A OUTPUT -j limit-268 +-A OUTPUT -j limit-267 +-A OUTPUT -j limit-266 +-A OUTPUT -j limit-265 +-A OUTPUT -j limit-264 +-A OUTPUT -j limit-263 +-A OUTPUT -j limit-262 +-A OUTPUT -j limit-261 +-A OUTPUT -j limit-260 +-A OUTPUT -j limit-259 +-A OUTPUT -j limit-258 +-A OUTPUT -j limit-257 +-A OUTPUT -j limit-256 +-A OUTPUT -j limit-255 +-A OUTPUT -j limit-254 +-A OUTPUT -j limit-253 +-A OUTPUT -j limit-252 +-A OUTPUT -j limit-251 +-A OUTPUT -j limit-250 +-A OUTPUT -j limit-249 +-A OUTPUT -j limit-248 +-A OUTPUT -j limit-247 +-A OUTPUT -j limit-246 +-A OUTPUT -j limit-245 +-A OUTPUT -j limit-244 +-A OUTPUT -j limit-243 +-A OUTPUT -j limit-242 +-A OUTPUT -j limit-241 +-A OUTPUT -j limit-240 +-A OUTPUT -j limit-239 +-A OUTPUT -j limit-238 +-A OUTPUT -j limit-237 +-A OUTPUT -j limit-236 +-A OUTPUT -j limit-235 +-A OUTPUT -j limit-234 +-A OUTPUT -j limit-233 +-A OUTPUT -j limit-232 +-A OUTPUT -j limit-231 +-A OUTPUT -j limit-230 +-A OUTPUT -j limit-229 +-A OUTPUT -j limit-228 +-A OUTPUT -j limit-227 +-A OUTPUT -j limit-226 +-A OUTPUT -j limit-225 +-A OUTPUT -j limit-224 -A OUTPUT -j limit-223 -A OUTPUT -j limit-222 -A OUTPUT -j limit-221 @@ -9439,108 +17169,6 @@ COMMIT -A OUTPUT -j limit-216 -A OUTPUT -j limit-215 -A OUTPUT -j limit-214 --A OUTPUT -j limit-213 --A OUTPUT -j limit-212 --A OUTPUT -j limit-211 --A OUTPUT -j limit-210 --A OUTPUT -j limit-209 --A OUTPUT -j limit-208 --A OUTPUT -j limit-207 --A OUTPUT -j limit-206 --A OUTPUT -j limit-205 --A OUTPUT -j limit-204 --A OUTPUT -j limit-203 --A OUTPUT -j limit-202 --A OUTPUT -j limit-201 --A OUTPUT -j limit-200 --A OUTPUT -j limit-199 --A OUTPUT -j limit-198 --A OUTPUT -j limit-197 --A OUTPUT -j limit-196 --A OUTPUT -j limit-195 --A OUTPUT -j limit-194 --A OUTPUT -j limit-193 --A OUTPUT -j limit-192 --A OUTPUT -j limit-191 --A OUTPUT -j limit-190 --A OUTPUT -j limit-189 --A OUTPUT -j limit-188 --A OUTPUT -j limit-187 --A OUTPUT -j limit-186 --A OUTPUT -j limit-185 --A OUTPUT -j limit-184 --A OUTPUT -j limit-183 --A OUTPUT -j limit-182 --A OUTPUT -j limit-181 --A OUTPUT -j limit-180 --A OUTPUT -j limit-179 --A OUTPUT -j limit-178 --A OUTPUT -j limit-177 --A OUTPUT -j limit-176 --A OUTPUT -j limit-175 --A OUTPUT -j limit-174 --A OUTPUT -j limit-173 --A OUTPUT -j limit-172 --A OUTPUT -j limit-171 --A OUTPUT -j limit-170 --A OUTPUT -j limit-169 --A OUTPUT -j limit-168 --A OUTPUT -j limit-167 --A OUTPUT -j limit-166 --A OUTPUT -j limit-165 --A OUTPUT -j limit-164 --A OUTPUT -j limit-163 --A OUTPUT -j limit-162 --A OUTPUT -j limit-161 --A OUTPUT -j limit-160 --A OUTPUT -j limit-159 --A OUTPUT -j limit-158 --A OUTPUT -j limit-157 --A OUTPUT -j limit-156 --A OUTPUT -j limit-155 --A OUTPUT -j limit-154 --A OUTPUT -j limit-153 --A OUTPUT -j limit-152 --A OUTPUT -j limit-151 --A OUTPUT -j limit-150 --A OUTPUT -j limit-149 --A OUTPUT -j limit-148 --A OUTPUT -j limit-147 --A OUTPUT -j limit-146 --A OUTPUT -j limit-145 --A OUTPUT -j limit-144 --A OUTPUT -j limit-143 --A OUTPUT -j limit-142 --A OUTPUT -j limit-141 --A OUTPUT -j limit-140 --A OUTPUT -j limit-139 --A OUTPUT -j limit-138 --A OUTPUT -j limit-137 --A OUTPUT -j limit-136 --A OUTPUT -j limit-135 --A OUTPUT -j limit-134 --A OUTPUT -j limit-133 --A OUTPUT -j limit-132 --A OUTPUT -j limit-131 --A OUTPUT -j limit-130 --A OUTPUT -j limit-129 --A OUTPUT -j limit-128 --A OUTPUT -j limit-127 --A OUTPUT -j limit-126 --A OUTPUT -j limit-125 --A OUTPUT -j limit-124 --A OUTPUT -j limit-123 --A OUTPUT -j limit-122 --A OUTPUT -j limit-121 --A OUTPUT -j limit-120 --A OUTPUT -j limit-119 --A OUTPUT -j limit-118 --A OUTPUT -j limit-117 --A OUTPUT -j limit-116 --A OUTPUT -j limit-115 --A OUTPUT -j limit-114 --A OUTPUT -j limit-113 --A OUTPUT -j limit-112 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -9658,9 +17286,111 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-106 -A OUTPUT -o eth1 -d fc00::/7 -j limit-107 -A OUTPUT -o eth1 -d fc00::/7 -j limit-108 --A OUTPUT -o eth1 -d fc00::/7 -j limit-109 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -A OUTPUT -o eth1 -d fc00::/7 -j limit-110 -A OUTPUT -o eth1 -d fc00::/7 -j limit-111 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-112 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-54 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-114 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-115 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-116 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-117 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-118 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-119 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-120 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-62 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-122 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-123 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-124 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-66 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-126 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-127 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-128 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-129 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-130 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-131 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-132 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-133 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-134 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-135 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-136 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-137 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-138 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-140 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-141 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-142 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-144 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-145 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-146 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-147 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-148 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-149 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-150 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-152 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-153 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-154 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-156 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-157 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-158 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-159 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-160 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-161 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-162 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-163 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-164 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-165 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-166 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-167 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-168 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-170 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-171 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-172 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-174 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-175 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-176 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-177 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-178 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-179 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-180 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-182 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-183 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-184 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-186 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-187 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-188 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-189 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-190 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-191 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-192 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-193 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-194 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-195 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-196 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-197 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-198 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-199 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-200 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-201 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-202 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-203 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-204 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-205 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-206 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-207 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-208 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-209 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-210 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-211 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-212 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-213 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -9721,6 +17451,114 @@ COMMIT -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-19 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-20 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-21 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-22 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-23 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-24 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-25 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-26 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-27 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-28 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-29 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-30 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-31 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-32 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-33 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-34 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-35 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-36 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-37 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -9785,13 +17623,13 @@ COMMIT -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-109 +-A OUTPUT -j logdrop-199 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT --A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-110 +-A OUTPUT -j logaccept-14 +-A OUTPUT -j logdrop-200 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -9812,574 +17650,1153 @@ COMMIT -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-100 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j ACCEPT --A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -j DROP --A limit-101 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN --A limit-101 -m limit --limit 1/second -j LOG --A limit-101 -j DROP --A limit-102 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j logaccept-1 --A limit-102 -m limit --limit 1/second -j LOG --A limit-102 -j DROP --A limit-103 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j ACCEPT --A limit-103 -m limit --limit 1/second -j LOG --A limit-103 -j DROP --A limit-104 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT --A limit-104 -j DROP --A limit-105 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN --A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-2 --A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT --A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT --A limit-108 -j DROP --A limit-109 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN --A limit-109 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-41 +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-42 +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-102 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-43 +-A limit-102 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-103 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-44 +-A limit-103 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-104 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-45 +-A limit-104 -m limit --limit 1/second -j LOG +-A limit-104 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-105 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-46 +-A limit-105 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-47 +-A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-48 +-A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-49 +-A limit-108 -j ACCEPT -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-110 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-3 --A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT --A limit-111 -j DROP --A limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-51 +-A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -j ACCEPT +-A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-52 +-A limit-111 -m limit --limit 1/second -j LOG +-A limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-53 +-A limit-112 -j ACCEPT +-A limit-114 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-55 +-A limit-114 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-115 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-56 +-A limit-115 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-116 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-57 +-A limit-116 -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-117 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-58 +-A limit-117 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-118 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-59 +-A limit-118 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-119 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-60 +-A limit-119 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 --A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 --A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-120 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-61 +-A limit-120 -j ACCEPT +-A limit-122 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-63 +-A limit-122 -m limit --limit 1/second -j LOG +-A limit-122 -j ACCEPT +-A limit-123 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-64 +-A limit-123 -m limit --limit 1/second -j LOG +-A limit-124 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-65 +-A limit-124 -j ACCEPT +-A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-128 -m recent --name limit-128 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-128 -m limit --limit 1/second -j LOG +-A limit-128 -m recent --name limit-128 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-129 -m recent --name limit-129 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-129 -m recent --name limit-129 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-55 --A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-56 --A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-57 --A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-58 --A limit-133 -m limit --limit 1/second -j LOG --A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-59 --A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-60 --A limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 --A limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 --A limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 --A limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 --A limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-130 -m recent --name limit-130 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-130 -m recent --name limit-130 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-131 -m recent --name limit-131 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-131 -m recent --name limit-131 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-134 -m limit --limit 1/second -j LOG +-A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-136 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-136 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-137 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-137 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-138 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-138 -j ACCEPT -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 --A limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 --A limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-142 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 --A limit-143 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 --A limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 --A limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 --A limit-145 -m limit --limit 1/second -j LOG --A limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 --A limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 --A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-140 -m limit --limit 1/second -j LOG +-A limit-140 -j ACCEPT +-A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-141 -m limit --limit 1/second -j LOG +-A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-142 -j ACCEPT +-A limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-146 -m limit --limit 1/second -j LOG +-A limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-148 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-148 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-149 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-149 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-150 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-150 -j ACCEPT +-A limit-152 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-152 -m limit --limit 1/second -j LOG +-A limit-152 -j ACCEPT +-A limit-153 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-153 -m limit --limit 1/second -j LOG +-A limit-154 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-154 -j ACCEPT +-A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-158 -m limit --limit 1/second -j LOG +-A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-160 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-161 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-163 -m limit --limit 1/second -j LOG --A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-164 -m limit --limit 1/second -j LOG +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-168 -j ACCEPT -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-172 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-173 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-175 -m limit --limit 1/second -j LOG --A limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-170 -m limit --limit 1/second -j LOG +-A limit-170 -j ACCEPT +-A limit-171 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-171 -m limit --limit 1/second -j LOG +-A limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-172 -j ACCEPT +-A limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-176 -m limit --limit 1/second -j LOG +-A limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-178 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-178 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-179 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-179 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-18 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19 -A limit-18 -j ACCEPT --A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-193 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-180 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-180 -j ACCEPT +-A limit-182 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-182 -m limit --limit 1/second -j LOG +-A limit-182 -j ACCEPT +-A limit-183 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-183 -m limit --limit 1/second -j LOG +-A limit-184 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-184 -j ACCEPT +-A limit-186 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-186 -j ACCEPT +-A limit-186 -m limit --limit 1/second -j LOG +-A limit-186 -j DROP +-A limit-187 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-187 -j RETURN +-A limit-187 -m limit --limit 1/second -j LOG +-A limit-187 -j DROP +-A limit-188 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-188 -j logaccept-0 +-A limit-188 -m limit --limit 1/second -j LOG +-A limit-188 -j DROP +-A limit-189 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-189 -j ACCEPT +-A limit-189 -m limit --limit 1/second -j LOG +-A limit-189 -j DROP +-A limit-190 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-190 -j ACCEPT +-A limit-190 -m limit --limit 1/second -j LOG +-A limit-190 -j DROP +-A limit-191 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-191 -j RETURN +-A limit-191 -m limit --limit 1/second -j LOG +-A limit-191 -j DROP +-A limit-192 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-192 -j logaccept-1 +-A limit-192 -m limit --limit 1/second -j LOG +-A limit-192 -j DROP +-A limit-193 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-193 -j ACCEPT -A limit-193 -m limit --limit 1/second -j LOG --A limit-194 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-195 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-193 -j DROP +-A limit-194 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-194 -j ACCEPT +-A limit-194 -j DROP +-A limit-195 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-195 -j RETURN +-A limit-195 -j DROP +-A limit-196 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-196 -j logaccept-2 +-A limit-196 -j DROP +-A limit-197 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-197 -j ACCEPT +-A limit-197 -j DROP +-A limit-198 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-198 -j ACCEPT +-A limit-198 -j DROP +-A limit-199 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-199 -j RETURN +-A limit-199 -j DROP -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-20 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG -A limit-20 -j ACCEPT --A limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-202 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-203 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-204 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-205 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-200 -j logaccept-3 +-A limit-200 -j DROP +-A limit-201 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-201 -j ACCEPT +-A limit-201 -j DROP +-A limit-202 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-202 -j ACCEPT +-A limit-202 -m limit --limit 1/second -j LOG +-A limit-202 -j DROP +-A limit-203 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-203 -j RETURN +-A limit-203 -m limit --limit 1/second -j LOG +-A limit-203 -j DROP +-A limit-204 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-204 -j logaccept-4 +-A limit-204 -m limit --limit 1/second -j LOG +-A limit-204 -j DROP +-A limit-205 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-205 -j ACCEPT -A limit-205 -m limit --limit 1/second -j LOG --A limit-206 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-207 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-208 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j RETURN --A limit-208 -m limit --limit 1/second -j LOG +-A limit-205 -j DROP +-A limit-206 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-206 -j ACCEPT +-A limit-206 -j DROP +-A limit-207 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-207 -j RETURN +-A limit-207 -j DROP +-A limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j logaccept-5 -A limit-208 -j DROP --A limit-209 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j RETURN --A limit-209 -m limit --limit 1/second -j LOG +-A limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j ACCEPT -A limit-209 -j DROP -A limit-21 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22 -A limit-21 -m limit --limit 1/second -j LOG --A limit-210 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j RETURN --A limit-210 -m limit --limit 1/second -j LOG +-A limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j ACCEPT -A limit-210 -j DROP --A limit-211 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN --A limit-211 -m limit --limit 1/second -j LOG +-A limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN -A limit-211 -j DROP --A limit-212 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j RETURN --A limit-212 -m limit --limit 1/second -j LOG +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j logaccept-6 -A limit-212 -j DROP --A limit-213 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN --A limit-213 -m limit --limit 1/second -j LOG +-A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j ACCEPT -A limit-213 -j DROP --A limit-214 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j RETURN --A limit-214 -m limit --limit 1/second -j LOG --A limit-214 -j DROP --A limit-215 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j RETURN --A limit-215 -m limit --limit 1/second -j LOG --A limit-215 -j DROP --A limit-216 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j RETURN --A limit-216 -j DROP --A limit-217 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN --A limit-217 -j DROP --A limit-218 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j RETURN --A limit-218 -j DROP --A limit-219 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j RETURN --A limit-219 -j DROP +-A limit-214 -m recent --name limit-214 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-214 -m recent --name limit-214 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-215 -m recent --name limit-215 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-68 +-A limit-215 -m recent --name limit-215 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-216 -m recent --name limit-216 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-216 -m recent --name limit-216 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-217 -m recent --name limit-217 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-217 -m recent --name limit-217 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-218 -m recent --name limit-218 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-218 -m recent --name limit-218 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-219 -m recent --name limit-219 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-72 +-A limit-219 -m recent --name limit-219 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-22 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23 -A limit-22 -j ACCEPT --A limit-220 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j RETURN --A limit-220 -j DROP --A limit-221 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN --A limit-221 -j DROP --A limit-222 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j RETURN --A limit-222 -j DROP --A limit-223 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j RETURN --A limit-223 -j DROP --A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 --A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-220 -m recent --name limit-220 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 +-A limit-220 -m recent --name limit-220 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-221 -m recent --name limit-221 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-221 -m recent --name limit-221 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-222 -m recent --name limit-222 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 +-A limit-222 -m recent --name limit-222 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-223 -m recent --name limit-223 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 +-A limit-223 -m recent --name limit-223 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 +-A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 -A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 --A limit-226 -m limit --limit 1/second -j LOG --A limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 --A limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 --A limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 --A limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 --A limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 --A limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 --A limit-232 -m limit --limit 1/second -j LOG --A limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 --A limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 --A limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 --A limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-85 --A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-86 --A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-87 --A limit-238 -m limit --limit 1/second -j LOG --A limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-88 --A limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-226 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 +-A limit-226 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-227 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 +-A limit-227 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-228 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 +-A limit-228 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-229 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 +-A limit-229 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-230 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 +-A limit-230 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-231 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 +-A limit-231 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-232 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-85 +-A limit-233 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-86 +-A limit-234 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-87 +-A limit-235 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-88 +-A limit-235 -m limit --limit 1/second -j LOG +-A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-89 +-A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-90 +-A limit-238 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-91 +-A limit-238 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-239 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-92 +-A limit-239 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 -A limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-89 --A limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-90 --A limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-242 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-91 --A limit-242 -j ACCEPT --A limit-244 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-93 --A limit-244 -m limit --limit 1/second -j LOG --A limit-244 -j ACCEPT --A limit-245 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-94 --A limit-245 -m limit --limit 1/second -j LOG --A limit-246 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-95 --A limit-246 -j ACCEPT --A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-97 --A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-98 --A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-240 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-93 +-A limit-240 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-241 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-94 +-A limit-241 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-242 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-95 +-A limit-242 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-243 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-96 +-A limit-243 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-244 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-97 +-A limit-245 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-98 +-A limit-246 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-99 +-A limit-247 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-100 +-A limit-247 -m limit --limit 1/second -j LOG +-A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-101 +-A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-102 -A limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 -A limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-99 --A limit-250 -m limit --limit 1/second -j LOG --A limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-100 --A limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-101 --A limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-102 --A limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-254 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-103 --A limit-254 -j ACCEPT --A limit-256 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-105 --A limit-256 -m limit --limit 1/second -j LOG --A limit-256 -j ACCEPT --A limit-257 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-106 --A limit-257 -m limit --limit 1/second -j LOG --A limit-258 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-107 --A limit-258 -j ACCEPT +-A limit-250 -m recent --name limit-250 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-250 -m recent --name limit-250 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-251 -m recent --name limit-251 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-251 -m recent --name limit-251 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-252 -m recent --name limit-252 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-252 -m recent --name limit-252 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-253 -m recent --name limit-253 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-253 -m recent --name limit-253 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-254 -m recent --name limit-254 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-254 -m recent --name limit-254 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-255 -m recent --name limit-255 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-255 -m recent --name limit-255 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-256 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-256 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-257 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-257 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-258 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-258 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-259 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-259 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-26 -m limit --limit 1/second -j LOG -A limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-262 -m limit --limit 1/second -j LOG --A limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-268 -m limit --limit 1/second -j LOG --A limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-260 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-260 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-261 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-261 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-262 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-263 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-264 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m limit --limit 1/second -j LOG +-A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-269 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-269 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 -A limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-272 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-272 -j ACCEPT --A limit-274 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-274 -m limit --limit 1/second -j LOG --A limit-274 -j ACCEPT --A limit-275 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-275 -m limit --limit 1/second -j LOG --A limit-276 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-276 -j ACCEPT --A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-270 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-270 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-271 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-271 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-272 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-272 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-273 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-273 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-274 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-275 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-276 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-277 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-277 -m limit --limit 1/second -j LOG +-A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 -A limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-280 -m limit --limit 1/second -j LOG --A limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-284 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-284 -j ACCEPT --A limit-286 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-286 -m limit --limit 1/second -j LOG --A limit-286 -j ACCEPT --A limit-287 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-287 -m limit --limit 1/second -j LOG --A limit-288 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-288 -j ACCEPT +-A limit-280 -m recent --name limit-280 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-280 -m recent --name limit-280 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-281 -m recent --name limit-281 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-281 -m recent --name limit-281 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-282 -m recent --name limit-282 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-282 -m recent --name limit-282 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-283 -m recent --name limit-283 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-283 -m recent --name limit-283 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-284 -m recent --name limit-284 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-284 -m recent --name limit-284 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-285 -m recent --name limit-285 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-285 -m recent --name limit-285 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-286 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-286 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-287 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-287 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-288 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-288 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-289 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-289 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 -A limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-292 -m limit --limit 1/second -j LOG --A limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-298 -m limit --limit 1/second -j LOG --A limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-290 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-290 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-291 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-291 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-292 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-293 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-294 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m limit --limit 1/second -j LOG +-A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-299 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-299 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-30 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-31 -A limit-30 -j ACCEPT --A limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-302 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-302 -j ACCEPT --A limit-304 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-304 -m limit --limit 1/second -j LOG --A limit-304 -j ACCEPT --A limit-305 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-305 -m limit --limit 1/second -j LOG --A limit-306 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-306 -j ACCEPT --A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-310 -m limit --limit 1/second -j LOG --A limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-314 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-314 -j ACCEPT --A limit-316 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-316 -m limit --limit 1/second -j LOG --A limit-316 -j ACCEPT --A limit-317 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-317 -m limit --limit 1/second -j LOG --A limit-318 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-318 -j ACCEPT +-A limit-300 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-300 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-301 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-301 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-302 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-302 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-303 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-303 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-304 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-305 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-306 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-307 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-307 -m limit --limit 1/second -j LOG +-A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-310 -m recent --name limit-310 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-103 +-A limit-310 -m recent --name limit-310 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-311 -m recent --name limit-311 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-104 +-A limit-311 -m recent --name limit-311 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-312 -m recent --name limit-312 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-105 +-A limit-312 -m recent --name limit-312 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-313 -m recent --name limit-313 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-106 +-A limit-313 -m recent --name limit-313 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-314 -m recent --name limit-314 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-107 +-A limit-314 -m recent --name limit-314 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-315 -m recent --name limit-315 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-108 +-A limit-315 -m recent --name limit-315 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-316 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-109 +-A limit-316 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-317 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-110 +-A limit-317 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-318 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-111 +-A limit-318 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-319 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-112 +-A limit-319 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-32 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-33 -A limit-32 -m limit --limit 1/second -j LOG -A limit-32 -j ACCEPT --A limit-320 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-320 -j ACCEPT --A limit-320 -m limit --limit 1/second -j LOG --A limit-320 -j DROP --A limit-321 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-321 -j RETURN --A limit-321 -m limit --limit 1/second -j LOG --A limit-321 -j DROP --A limit-322 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-322 -j logaccept-4 --A limit-322 -m limit --limit 1/second -j LOG --A limit-322 -j DROP --A limit-323 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-323 -j ACCEPT --A limit-323 -m limit --limit 1/second -j LOG --A limit-323 -j DROP --A limit-324 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-324 -j ACCEPT --A limit-324 -m limit --limit 1/second -j LOG --A limit-324 -j DROP --A limit-325 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-325 -j RETURN +-A limit-320 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-113 +-A limit-320 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-321 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-114 +-A limit-321 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-322 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-115 +-A limit-323 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-116 +-A limit-324 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-117 +-A limit-325 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-118 -A limit-325 -m limit --limit 1/second -j LOG --A limit-325 -j DROP --A limit-326 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-326 -j logaccept-5 --A limit-326 -m limit --limit 1/second -j LOG --A limit-326 -j DROP --A limit-327 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-327 -j ACCEPT --A limit-327 -m limit --limit 1/second -j LOG --A limit-327 -j DROP --A limit-328 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-328 -j ACCEPT --A limit-328 -j DROP --A limit-329 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-329 -j RETURN --A limit-329 -j DROP +-A limit-326 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-119 +-A limit-327 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-120 +-A limit-328 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-121 +-A limit-328 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-329 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-122 +-A limit-329 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-33 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-34 -A limit-33 -m limit --limit 1/second -j LOG --A limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-330 -j logaccept-6 --A limit-330 -j DROP --A limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-331 -j ACCEPT --A limit-331 -j DROP --A limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-332 -j ACCEPT --A limit-332 -j DROP --A limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-333 -j RETURN --A limit-333 -j DROP --A limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-334 -j logaccept-7 --A limit-334 -j DROP --A limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-335 -j ACCEPT --A limit-335 -j DROP +-A limit-330 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-123 +-A limit-330 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-331 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-124 +-A limit-331 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-332 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-125 +-A limit-332 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-333 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-126 +-A limit-333 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-334 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-127 +-A limit-335 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-128 +-A limit-336 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-129 +-A limit-337 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-130 +-A limit-337 -m limit --limit 1/second -j LOG +-A limit-338 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-131 +-A limit-339 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-132 -A limit-34 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-35 -A limit-34 -j ACCEPT +-A limit-340 -m recent --name limit-340 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-340 -m recent --name limit-340 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-341 -m recent --name limit-341 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-341 -m recent --name limit-341 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-342 -m recent --name limit-342 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-342 -m recent --name limit-342 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-343 -m recent --name limit-343 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-343 -m recent --name limit-343 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-344 -m recent --name limit-344 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-344 -m recent --name limit-344 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-345 -m recent --name limit-345 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-345 -m recent --name limit-345 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-346 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-346 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-347 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-347 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-348 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-348 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-349 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-349 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-350 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-350 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-351 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-351 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-352 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-353 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-354 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-355 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-355 -m limit --limit 1/second -j LOG +-A limit-356 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-357 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-358 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-358 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-359 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-359 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-360 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-360 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-361 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-361 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-362 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-362 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-363 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-363 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-364 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-365 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-366 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-367 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-367 -m limit --limit 1/second -j LOG +-A limit-368 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-369 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP -A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-370 -m recent --name limit-370 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-370 -m recent --name limit-370 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-371 -m recent --name limit-371 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-371 -m recent --name limit-371 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-372 -m recent --name limit-372 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-372 -m recent --name limit-372 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-373 -m recent --name limit-373 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-373 -m recent --name limit-373 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-374 -m recent --name limit-374 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-374 -m recent --name limit-374 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-375 -m recent --name limit-375 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-375 -m recent --name limit-375 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-376 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-376 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-377 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-377 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-378 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-378 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-379 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-379 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG -A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-380 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-380 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-381 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-381 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-382 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-383 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-384 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-385 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-385 -m limit --limit 1/second -j LOG +-A limit-386 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-387 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-388 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-388 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-389 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-389 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-390 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-390 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-391 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-391 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-392 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-392 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-393 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-393 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-394 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-395 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-396 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-397 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-397 -m limit --limit 1/second -j LOG +-A limit-398 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-399 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-400 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-400 -j RETURN +-A limit-400 -m limit --limit 1/second -j LOG +-A limit-400 -j DROP +-A limit-401 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-401 -j RETURN +-A limit-401 -m limit --limit 1/second -j LOG +-A limit-401 -j DROP +-A limit-402 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-402 -j RETURN +-A limit-402 -m limit --limit 1/second -j LOG +-A limit-402 -j DROP +-A limit-403 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-403 -j RETURN +-A limit-403 -m limit --limit 1/second -j LOG +-A limit-403 -j DROP +-A limit-404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-404 -j RETURN +-A limit-404 -m limit --limit 1/second -j LOG +-A limit-404 -j DROP +-A limit-405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-405 -j RETURN +-A limit-405 -m limit --limit 1/second -j LOG +-A limit-405 -j DROP +-A limit-406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-406 -j RETURN +-A limit-406 -m limit --limit 1/second -j LOG +-A limit-406 -j DROP +-A limit-407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-407 -j RETURN +-A limit-407 -m limit --limit 1/second -j LOG +-A limit-407 -j DROP +-A limit-408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-408 -j RETURN +-A limit-408 -j DROP +-A limit-409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-409 -j RETURN +-A limit-409 -j DROP -A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-410 -j RETURN +-A limit-410 -j DROP +-A limit-411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-411 -j RETURN +-A limit-411 -j DROP +-A limit-412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-412 -j RETURN +-A limit-412 -j DROP +-A limit-413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-413 -j RETURN +-A limit-413 -j DROP +-A limit-414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-414 -j RETURN +-A limit-414 -j DROP +-A limit-415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-415 -j RETURN +-A limit-415 -j DROP +-A limit-416 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-416 -j RETURN +-A limit-416 -m limit --limit 1/second -j LOG +-A limit-416 -j DROP +-A limit-417 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-417 -j RETURN +-A limit-417 -m limit --limit 1/second -j LOG +-A limit-417 -j DROP +-A limit-418 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-418 -j RETURN +-A limit-418 -m limit --limit 1/second -j LOG +-A limit-418 -j DROP +-A limit-419 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-419 -j RETURN +-A limit-419 -m limit --limit 1/second -j LOG +-A limit-419 -j DROP -A limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-420 -j RETURN +-A limit-420 -j DROP +-A limit-421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-421 -j RETURN +-A limit-421 -j DROP +-A limit-422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-422 -j RETURN +-A limit-422 -j DROP +-A limit-423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-423 -j RETURN +-A limit-423 -j DROP +-A limit-424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-424 -j RETURN +-A limit-424 -j DROP +-A limit-425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-425 -j RETURN +-A limit-425 -j DROP +-A limit-426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-426 -j RETURN +-A limit-426 -j DROP +-A limit-427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-427 -j RETURN +-A limit-427 -j DROP +-A limit-428 -m recent --name limit-428 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-133 +-A limit-428 -m recent --name limit-428 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-429 -m recent --name limit-429 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-134 +-A limit-429 -m recent --name limit-429 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-430 -m recent --name limit-430 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-135 +-A limit-430 -m limit --limit 1/second -j LOG +-A limit-430 -m recent --name limit-430 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-431 -m recent --name limit-431 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-136 +-A limit-431 -m recent --name limit-431 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-432 -m recent --name limit-432 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-137 +-A limit-432 -m recent --name limit-432 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-433 -m recent --name limit-433 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-138 +-A limit-433 -m recent --name limit-433 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-434 -m recent --name limit-434 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-139 +-A limit-434 -m recent --name limit-434 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-435 -m recent --name limit-435 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-140 +-A limit-435 -m recent --name limit-435 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-436 -m recent --name limit-436 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-141 +-A limit-436 -m limit --limit 1/second -j LOG +-A limit-436 -m recent --name limit-436 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-437 -m recent --name limit-437 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-142 +-A limit-437 -m recent --name limit-437 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-438 -m recent --name limit-438 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-143 +-A limit-438 -m recent --name limit-438 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-439 -m recent --name limit-439 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-144 +-A limit-439 -m recent --name limit-439 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG -A limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-440 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-145 +-A limit-440 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-441 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-146 +-A limit-441 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-442 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-147 +-A limit-442 -m limit --limit 1/second -j LOG +-A limit-442 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-443 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-148 +-A limit-443 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-444 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-149 +-A limit-444 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-445 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-150 +-A limit-445 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-446 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-151 +-A limit-446 -j ACCEPT +-A limit-448 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-153 +-A limit-448 -m limit --limit 1/second -j LOG +-A limit-448 -j ACCEPT +-A limit-449 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-154 +-A limit-449 -m limit --limit 1/second -j LOG -A limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-450 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-155 +-A limit-450 -j ACCEPT +-A limit-452 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-157 +-A limit-452 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-453 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-158 +-A limit-453 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-454 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-159 +-A limit-454 -m limit --limit 1/second -j LOG +-A limit-454 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-455 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-160 +-A limit-455 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-456 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-161 +-A limit-456 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-457 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-162 +-A limit-457 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-458 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-163 +-A limit-458 -j ACCEPT -A limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-460 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-165 +-A limit-460 -m limit --limit 1/second -j LOG +-A limit-460 -j ACCEPT +-A limit-461 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-166 +-A limit-461 -m limit --limit 1/second -j LOG +-A limit-462 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-167 +-A limit-462 -j ACCEPT +-A limit-464 -m recent --name limit-464 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-464 -m recent --name limit-464 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-465 -m recent --name limit-465 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-465 -m recent --name limit-465 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-466 -m recent --name limit-466 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-466 -m limit --limit 1/second -j LOG +-A limit-466 -m recent --name limit-466 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-467 -m recent --name limit-467 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-467 -m recent --name limit-467 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-468 -m recent --name limit-468 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-468 -m recent --name limit-468 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-469 -m recent --name limit-469 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-469 -m recent --name limit-469 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-470 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-470 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-471 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-471 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-472 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-472 -m limit --limit 1/second -j LOG +-A limit-472 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-473 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-473 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-474 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-474 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-475 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-475 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-476 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-476 -j ACCEPT +-A limit-478 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-478 -m limit --limit 1/second -j LOG +-A limit-478 -j ACCEPT +-A limit-479 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-479 -m limit --limit 1/second -j LOG -A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-48 -j ACCEPT +-A limit-480 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-480 -j ACCEPT +-A limit-482 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-482 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-483 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-483 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-484 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-484 -m limit --limit 1/second -j LOG +-A limit-484 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-485 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-485 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-486 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-486 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-487 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-487 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-488 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-488 -j ACCEPT +-A limit-490 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-490 -m limit --limit 1/second -j LOG +-A limit-490 -j ACCEPT +-A limit-491 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-491 -m limit --limit 1/second -j LOG +-A limit-492 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-492 -j ACCEPT +-A limit-494 -m recent --name limit-494 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-494 -m recent --name limit-494 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-495 -m recent --name limit-495 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-495 -m recent --name limit-495 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-496 -m recent --name limit-496 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-496 -m limit --limit 1/second -j LOG +-A limit-496 -m recent --name limit-496 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-497 -m recent --name limit-497 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-497 -m recent --name limit-497 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-498 -m recent --name limit-498 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-498 -m recent --name limit-498 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-499 -m recent --name limit-499 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-499 -m recent --name limit-499 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-50 -m limit --limit 1/second -j LOG -A limit-50 -j ACCEPT +-A limit-500 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-500 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-501 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-501 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-502 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-502 -m limit --limit 1/second -j LOG +-A limit-502 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-503 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-503 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-504 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-504 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-505 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-505 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-506 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-506 -j ACCEPT +-A limit-508 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-508 -m limit --limit 1/second -j LOG +-A limit-508 -j ACCEPT +-A limit-509 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-509 -m limit --limit 1/second -j LOG -A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-51 -m limit --limit 1/second -j LOG +-A limit-510 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-510 -j ACCEPT +-A limit-512 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-512 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-513 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-513 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-514 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-514 -m limit --limit 1/second -j LOG +-A limit-514 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-515 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-515 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-516 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-516 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-517 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-517 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-518 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-518 -j ACCEPT -A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-52 -j ACCEPT +-A limit-520 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-520 -m limit --limit 1/second -j LOG +-A limit-520 -j ACCEPT +-A limit-521 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-521 -m limit --limit 1/second -j LOG +-A limit-522 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-522 -j ACCEPT +-A limit-524 -m recent --name limit-524 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-169 +-A limit-524 -m recent --name limit-524 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-525 -m recent --name limit-525 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-170 +-A limit-525 -m recent --name limit-525 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-171 +-A limit-526 -m limit --limit 1/second -j LOG +-A limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-172 +-A limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-173 +-A limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-174 +-A limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-530 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-175 +-A limit-530 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-531 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-176 +-A limit-531 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-532 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-177 +-A limit-532 -m limit --limit 1/second -j LOG +-A limit-532 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-533 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-178 +-A limit-533 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-534 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-179 +-A limit-534 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-535 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-180 +-A limit-535 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-536 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-181 +-A limit-536 -j ACCEPT +-A limit-538 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-183 +-A limit-538 -m limit --limit 1/second -j LOG +-A limit-538 -j ACCEPT +-A limit-539 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-184 +-A limit-539 -m limit --limit 1/second -j LOG -A limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-540 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-185 +-A limit-540 -j ACCEPT +-A limit-542 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-187 +-A limit-542 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-543 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-188 +-A limit-543 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-544 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-189 +-A limit-544 -m limit --limit 1/second -j LOG +-A limit-544 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-545 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-190 +-A limit-545 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-546 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-191 +-A limit-546 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-547 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-192 +-A limit-547 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-548 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-193 +-A limit-548 -j ACCEPT -A limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-550 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-195 +-A limit-550 -m limit --limit 1/second -j LOG +-A limit-550 -j ACCEPT +-A limit-551 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-196 +-A limit-551 -m limit --limit 1/second -j LOG +-A limit-552 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-197 +-A limit-552 -j ACCEPT +-A limit-554 -m recent --name limit-554 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-554 -m recent --name limit-554 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-555 -m recent --name limit-555 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-555 -m recent --name limit-555 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-556 -m recent --name limit-556 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-556 -m limit --limit 1/second -j LOG +-A limit-556 -m recent --name limit-556 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-557 -m recent --name limit-557 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-557 -m recent --name limit-557 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-558 -m recent --name limit-558 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-558 -m recent --name limit-558 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-559 -m recent --name limit-559 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-559 -m recent --name limit-559 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-56 -m limit --limit 1/second -j LOG -A limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-560 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-560 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-561 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-561 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-562 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-562 -m limit --limit 1/second -j LOG +-A limit-562 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-563 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-563 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-564 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-564 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-565 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-565 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-566 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-566 -j ACCEPT +-A limit-568 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-568 -m limit --limit 1/second -j LOG +-A limit-568 -j ACCEPT +-A limit-569 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-569 -m limit --limit 1/second -j LOG -A limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-570 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-570 -j ACCEPT +-A limit-572 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-572 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-573 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-573 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-574 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-574 -m limit --limit 1/second -j LOG +-A limit-574 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-575 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-575 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-576 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-576 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-577 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-577 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-578 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-578 -j ACCEPT -A limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-580 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-580 -m limit --limit 1/second -j LOG +-A limit-580 -j ACCEPT +-A limit-581 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-581 -m limit --limit 1/second -j LOG +-A limit-582 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-582 -j ACCEPT +-A limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-586 -m recent --name limit-586 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-586 -m limit --limit 1/second -j LOG +-A limit-586 -m recent --name limit-586 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-587 -m recent --name limit-587 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-587 -m recent --name limit-587 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-588 -m recent --name limit-588 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-588 -m recent --name limit-588 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-589 -m recent --name limit-589 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-589 -m recent --name limit-589 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-590 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-590 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-591 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-591 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-592 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-592 -m limit --limit 1/second -j LOG +-A limit-592 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-593 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-593 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-594 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-594 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-595 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-595 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-596 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-596 -j ACCEPT +-A limit-598 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-598 -m limit --limit 1/second -j LOG +-A limit-598 -j ACCEPT +-A limit-599 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-599 -m limit --limit 1/second -j LOG -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-60 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-60 -j ACCEPT +-A limit-600 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-600 -j ACCEPT +-A limit-602 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-602 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-603 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-603 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-604 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-604 -m limit --limit 1/second -j LOG +-A limit-604 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-605 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-605 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-606 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-606 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-607 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-607 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-608 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-608 -j ACCEPT +-A limit-610 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-610 -m limit --limit 1/second -j LOG +-A limit-610 -j ACCEPT +-A limit-611 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-611 -m limit --limit 1/second -j LOG +-A limit-612 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-612 -j ACCEPT +-A limit-614 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-614 -j ACCEPT +-A limit-614 -m limit --limit 1/second -j LOG +-A limit-614 -j DROP +-A limit-615 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-615 -j RETURN +-A limit-615 -m limit --limit 1/second -j LOG +-A limit-615 -j DROP +-A limit-616 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-616 -j logaccept-7 +-A limit-616 -m limit --limit 1/second -j LOG +-A limit-616 -j DROP +-A limit-617 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-617 -j ACCEPT +-A limit-617 -m limit --limit 1/second -j LOG +-A limit-617 -j DROP +-A limit-618 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-618 -j ACCEPT +-A limit-618 -m limit --limit 1/second -j LOG +-A limit-618 -j DROP +-A limit-619 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-619 -j RETURN +-A limit-619 -m limit --limit 1/second -j LOG +-A limit-619 -j DROP -A limit-62 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-62 -m limit --limit 1/second -j LOG -A limit-62 -j ACCEPT +-A limit-620 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-620 -j logaccept-8 +-A limit-620 -m limit --limit 1/second -j LOG +-A limit-620 -j DROP +-A limit-621 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-621 -j ACCEPT +-A limit-621 -m limit --limit 1/second -j LOG +-A limit-621 -j DROP +-A limit-622 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-622 -j ACCEPT +-A limit-622 -j DROP +-A limit-623 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-623 -j RETURN +-A limit-623 -j DROP +-A limit-624 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-624 -j logaccept-9 +-A limit-624 -j DROP +-A limit-625 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-625 -j ACCEPT +-A limit-625 -j DROP +-A limit-626 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-626 -j ACCEPT +-A limit-626 -j DROP +-A limit-627 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-627 -j RETURN +-A limit-627 -j DROP +-A limit-628 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-628 -j logaccept-10 +-A limit-628 -j DROP +-A limit-629 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-629 -j ACCEPT +-A limit-629 -j DROP -A limit-63 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-63 -m limit --limit 1/second -j LOG +-A limit-630 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-630 -j ACCEPT +-A limit-630 -m limit --limit 1/second -j LOG +-A limit-630 -j DROP +-A limit-631 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-631 -j RETURN +-A limit-631 -m limit --limit 1/second -j LOG +-A limit-631 -j DROP +-A limit-632 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-632 -j logaccept-11 +-A limit-632 -m limit --limit 1/second -j LOG +-A limit-632 -j DROP +-A limit-633 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-633 -j ACCEPT +-A limit-633 -m limit --limit 1/second -j LOG +-A limit-633 -j DROP +-A limit-634 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-634 -j ACCEPT +-A limit-634 -j DROP +-A limit-635 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-635 -j RETURN +-A limit-635 -j DROP +-A limit-636 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-636 -j logaccept-12 +-A limit-636 -j DROP +-A limit-637 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-637 -j ACCEPT +-A limit-637 -j DROP +-A limit-638 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-638 -j ACCEPT +-A limit-638 -j DROP +-A limit-639 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-639 -j RETURN +-A limit-639 -j DROP -A limit-64 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-64 -j ACCEPT +-A limit-640 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-640 -j logaccept-13 +-A limit-640 -j DROP +-A limit-641 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-641 -j ACCEPT +-A limit-641 -j DROP -A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP @@ -10444,22 +18861,29 @@ COMMIT -A limit-93 -m limit --limit 1/second -j LOG -A limit-94 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-94 -j ACCEPT --A limit-96 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-96 -j ACCEPT --A limit-96 -m limit --limit 1/second -j LOG --A limit-96 -j DROP --A limit-97 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-97 -j RETURN --A limit-97 -m limit --limit 1/second -j LOG --A limit-97 -j DROP --A limit-98 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-98 -j logaccept-0 +-A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-37 +-A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-38 +-A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-39 -A limit-98 -m limit --limit 1/second -j LOG --A limit-98 -j DROP --A limit-99 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-99 -j ACCEPT --A limit-99 -m limit --limit 1/second -j LOG --A limit-99 -j DROP +-A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-40 +-A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG -A logaccept-1 -j ACCEPT +-A logaccept-10 -m limit --limit 1/second -j LOG +-A logaccept-10 -j ACCEPT +-A logaccept-11 -m limit --limit 1/second -j LOG +-A logaccept-11 -j ACCEPT +-A logaccept-12 -m limit --limit 1/second -j LOG +-A logaccept-12 -j ACCEPT +-A logaccept-13 -m limit --limit 1/second -j LOG +-A logaccept-13 -j ACCEPT +-A logaccept-14 -m limit --limit 1/second -j LOG +-A logaccept-14 -j ACCEPT -A logaccept-2 -m limit --limit 1/second -j LOG -A logaccept-2 -j ACCEPT -A logaccept-3 -m limit --limit 1/second -j LOG @@ -10474,6 +18898,8 @@ COMMIT -A logaccept-7 -j ACCEPT -A logaccept-8 -m limit --limit 1/second -j LOG -A logaccept-8 -j ACCEPT +-A logaccept-9 -m limit --limit 1/second -j LOG +-A logaccept-9 -j ACCEPT -A logaccept-final-0 -m limit --limit 1/second -j LOG -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG @@ -10500,8 +18926,44 @@ COMMIT -A logaccept-final-19 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT +-A logaccept-final-20 -m limit --limit 1/second -j LOG +-A logaccept-final-20 -j ACCEPT +-A logaccept-final-21 -m limit --limit 1/second -j LOG +-A logaccept-final-21 -j ACCEPT +-A logaccept-final-22 -m limit --limit 1/second -j LOG +-A logaccept-final-22 -j ACCEPT +-A logaccept-final-23 -m limit --limit 1/second -j LOG +-A logaccept-final-23 -j ACCEPT +-A logaccept-final-24 -m limit --limit 1/second -j LOG +-A logaccept-final-24 -j ACCEPT +-A logaccept-final-25 -m limit --limit 1/second -j LOG +-A logaccept-final-25 -j ACCEPT +-A logaccept-final-26 -m limit --limit 1/second -j LOG +-A logaccept-final-26 -j ACCEPT +-A logaccept-final-27 -m limit --limit 1/second -j LOG +-A logaccept-final-27 -j ACCEPT +-A logaccept-final-28 -m limit --limit 1/second -j LOG +-A logaccept-final-28 -j ACCEPT +-A logaccept-final-29 -m limit --limit 1/second -j LOG +-A logaccept-final-29 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG -A logaccept-final-3 -j ACCEPT +-A logaccept-final-30 -m limit --limit 1/second -j LOG +-A logaccept-final-30 -j ACCEPT +-A logaccept-final-31 -m limit --limit 1/second -j LOG +-A logaccept-final-31 -j ACCEPT +-A logaccept-final-32 -m limit --limit 1/second -j LOG +-A logaccept-final-32 -j ACCEPT +-A logaccept-final-33 -m limit --limit 1/second -j LOG +-A logaccept-final-33 -j ACCEPT +-A logaccept-final-34 -m limit --limit 1/second -j LOG +-A logaccept-final-34 -j ACCEPT +-A logaccept-final-35 -m limit --limit 1/second -j LOG +-A logaccept-final-35 -j ACCEPT +-A logaccept-final-36 -m limit --limit 1/second -j LOG +-A logaccept-final-36 -j ACCEPT +-A logaccept-final-37 -m limit --limit 1/second -j LOG +-A logaccept-final-37 -j ACCEPT -A logaccept-final-4 -m limit --limit 1/second -j LOG -A logaccept-final-4 -j ACCEPT -A logaccept-final-5 -m limit --limit 1/second -j LOG @@ -10528,36 +18990,204 @@ COMMIT -A logdrop-102 -j DROP -A logdrop-103 -m limit --limit 1/second -j LOG -A logdrop-103 -j DROP +-A logdrop-104 -m limit --limit 1/second -j LOG +-A logdrop-104 -j DROP -A logdrop-105 -m limit --limit 1/second -j LOG -A logdrop-105 -j DROP -A logdrop-106 -m limit --limit 1/second -j LOG -A logdrop-106 -j DROP -A logdrop-107 -m limit --limit 1/second -j LOG -A logdrop-107 -j DROP +-A logdrop-108 -m limit --limit 1/second -j LOG +-A logdrop-108 -j DROP -A logdrop-109 -m limit --limit 1/second -j LOG -A logdrop-109 -j DROP -A logdrop-11 -m limit --limit 1/second -j LOG -A logdrop-11 -j DROP -A logdrop-110 -m limit --limit 1/second -j LOG -A logdrop-110 -j DROP +-A logdrop-111 -m limit --limit 1/second -j LOG +-A logdrop-111 -j DROP +-A logdrop-112 -m limit --limit 1/second -j LOG +-A logdrop-112 -j DROP +-A logdrop-113 -m limit --limit 1/second -j LOG +-A logdrop-113 -j DROP +-A logdrop-114 -m limit --limit 1/second -j LOG +-A logdrop-114 -j DROP +-A logdrop-115 -m limit --limit 1/second -j LOG +-A logdrop-115 -j DROP +-A logdrop-116 -m limit --limit 1/second -j LOG +-A logdrop-116 -j DROP +-A logdrop-117 -m limit --limit 1/second -j LOG +-A logdrop-117 -j DROP +-A logdrop-118 -m limit --limit 1/second -j LOG +-A logdrop-118 -j DROP +-A logdrop-119 -m limit --limit 1/second -j LOG +-A logdrop-119 -j DROP -A logdrop-12 -m limit --limit 1/second -j LOG -A logdrop-12 -j DROP +-A logdrop-120 -m limit --limit 1/second -j LOG +-A logdrop-120 -j DROP +-A logdrop-121 -m limit --limit 1/second -j LOG +-A logdrop-121 -j DROP +-A logdrop-122 -m limit --limit 1/second -j LOG +-A logdrop-122 -j DROP +-A logdrop-123 -m limit --limit 1/second -j LOG +-A logdrop-123 -j DROP +-A logdrop-124 -m limit --limit 1/second -j LOG +-A logdrop-124 -j DROP +-A logdrop-125 -m limit --limit 1/second -j LOG +-A logdrop-125 -j DROP +-A logdrop-126 -m limit --limit 1/second -j LOG +-A logdrop-126 -j DROP +-A logdrop-127 -m limit --limit 1/second -j LOG +-A logdrop-127 -j DROP +-A logdrop-128 -m limit --limit 1/second -j LOG +-A logdrop-128 -j DROP +-A logdrop-129 -m limit --limit 1/second -j LOG +-A logdrop-129 -j DROP -A logdrop-13 -m limit --limit 1/second -j LOG -A logdrop-13 -j DROP +-A logdrop-130 -m limit --limit 1/second -j LOG +-A logdrop-130 -j DROP +-A logdrop-131 -m limit --limit 1/second -j LOG +-A logdrop-131 -j DROP +-A logdrop-132 -m limit --limit 1/second -j LOG +-A logdrop-132 -j DROP +-A logdrop-133 -m limit --limit 1/second -j LOG +-A logdrop-133 -j DROP +-A logdrop-134 -m limit --limit 1/second -j LOG +-A logdrop-134 -j DROP +-A logdrop-135 -m limit --limit 1/second -j LOG +-A logdrop-135 -j DROP +-A logdrop-136 -m limit --limit 1/second -j LOG +-A logdrop-136 -j DROP +-A logdrop-137 -m limit --limit 1/second -j LOG +-A logdrop-137 -j DROP +-A logdrop-138 -m limit --limit 1/second -j LOG +-A logdrop-138 -j DROP +-A logdrop-139 -m limit --limit 1/second -j LOG +-A logdrop-139 -j DROP -A logdrop-14 -m limit --limit 1/second -j LOG -A logdrop-14 -j DROP +-A logdrop-140 -m limit --limit 1/second -j LOG +-A logdrop-140 -j DROP +-A logdrop-141 -m limit --limit 1/second -j LOG +-A logdrop-141 -j DROP +-A logdrop-142 -m limit --limit 1/second -j LOG +-A logdrop-142 -j DROP +-A logdrop-143 -m limit --limit 1/second -j LOG +-A logdrop-143 -j DROP +-A logdrop-144 -m limit --limit 1/second -j LOG +-A logdrop-144 -j DROP +-A logdrop-145 -m limit --limit 1/second -j LOG +-A logdrop-145 -j DROP +-A logdrop-146 -m limit --limit 1/second -j LOG +-A logdrop-146 -j DROP +-A logdrop-147 -m limit --limit 1/second -j LOG +-A logdrop-147 -j DROP +-A logdrop-148 -m limit --limit 1/second -j LOG +-A logdrop-148 -j DROP +-A logdrop-149 -m limit --limit 1/second -j LOG +-A logdrop-149 -j DROP -A logdrop-15 -m limit --limit 1/second -j LOG -A logdrop-15 -j DROP +-A logdrop-150 -m limit --limit 1/second -j LOG +-A logdrop-150 -j DROP +-A logdrop-151 -m limit --limit 1/second -j LOG +-A logdrop-151 -j DROP +-A logdrop-153 -m limit --limit 1/second -j LOG +-A logdrop-153 -j DROP +-A logdrop-154 -m limit --limit 1/second -j LOG +-A logdrop-154 -j DROP +-A logdrop-155 -m limit --limit 1/second -j LOG +-A logdrop-155 -j DROP +-A logdrop-157 -m limit --limit 1/second -j LOG +-A logdrop-157 -j DROP +-A logdrop-158 -m limit --limit 1/second -j LOG +-A logdrop-158 -j DROP +-A logdrop-159 -m limit --limit 1/second -j LOG +-A logdrop-159 -j DROP -A logdrop-16 -m limit --limit 1/second -j LOG -A logdrop-16 -j DROP +-A logdrop-160 -m limit --limit 1/second -j LOG +-A logdrop-160 -j DROP +-A logdrop-161 -m limit --limit 1/second -j LOG +-A logdrop-161 -j DROP +-A logdrop-162 -m limit --limit 1/second -j LOG +-A logdrop-162 -j DROP +-A logdrop-163 -m limit --limit 1/second -j LOG +-A logdrop-163 -j DROP +-A logdrop-165 -m limit --limit 1/second -j LOG +-A logdrop-165 -j DROP +-A logdrop-166 -m limit --limit 1/second -j LOG +-A logdrop-166 -j DROP +-A logdrop-167 -m limit --limit 1/second -j LOG +-A logdrop-167 -j DROP +-A logdrop-169 -m limit --limit 1/second -j LOG +-A logdrop-169 -j DROP -A logdrop-17 -m limit --limit 1/second -j LOG -A logdrop-17 -j DROP +-A logdrop-170 -m limit --limit 1/second -j LOG +-A logdrop-170 -j DROP +-A logdrop-171 -m limit --limit 1/second -j LOG +-A logdrop-171 -j DROP +-A logdrop-172 -m limit --limit 1/second -j LOG +-A logdrop-172 -j DROP +-A logdrop-173 -m limit --limit 1/second -j LOG +-A logdrop-173 -j DROP +-A logdrop-174 -m limit --limit 1/second -j LOG +-A logdrop-174 -j DROP +-A logdrop-175 -m limit --limit 1/second -j LOG +-A logdrop-175 -j DROP +-A logdrop-176 -m limit --limit 1/second -j LOG +-A logdrop-176 -j DROP +-A logdrop-177 -m limit --limit 1/second -j LOG +-A logdrop-177 -j DROP +-A logdrop-178 -m limit --limit 1/second -j LOG +-A logdrop-178 -j DROP +-A logdrop-179 -m limit --limit 1/second -j LOG +-A logdrop-179 -j DROP -A logdrop-18 -m limit --limit 1/second -j LOG -A logdrop-18 -j DROP +-A logdrop-180 -m limit --limit 1/second -j LOG +-A logdrop-180 -j DROP +-A logdrop-181 -m limit --limit 1/second -j LOG +-A logdrop-181 -j DROP +-A logdrop-183 -m limit --limit 1/second -j LOG +-A logdrop-183 -j DROP +-A logdrop-184 -m limit --limit 1/second -j LOG +-A logdrop-184 -j DROP +-A logdrop-185 -m limit --limit 1/second -j LOG +-A logdrop-185 -j DROP +-A logdrop-187 -m limit --limit 1/second -j LOG +-A logdrop-187 -j DROP +-A logdrop-188 -m limit --limit 1/second -j LOG +-A logdrop-188 -j DROP +-A logdrop-189 -m limit --limit 1/second -j LOG +-A logdrop-189 -j DROP -A logdrop-19 -m limit --limit 1/second -j LOG -A logdrop-19 -j DROP +-A logdrop-190 -m limit --limit 1/second -j LOG +-A logdrop-190 -j DROP +-A logdrop-191 -m limit --limit 1/second -j LOG +-A logdrop-191 -j DROP +-A logdrop-192 -m limit --limit 1/second -j LOG +-A logdrop-192 -j DROP +-A logdrop-193 -m limit --limit 1/second -j LOG +-A logdrop-193 -j DROP +-A logdrop-195 -m limit --limit 1/second -j LOG +-A logdrop-195 -j DROP +-A logdrop-196 -m limit --limit 1/second -j LOG +-A logdrop-196 -j DROP +-A logdrop-197 -m limit --limit 1/second -j LOG +-A logdrop-197 -j DROP +-A logdrop-199 -m limit --limit 1/second -j LOG +-A logdrop-199 -j DROP -A logdrop-2 -m limit --limit 1/second -j LOG -A logdrop-2 -j DROP +-A logdrop-200 -m limit --limit 1/second -j LOG +-A logdrop-200 -j DROP -A logdrop-21 -m limit --limit 1/second -j LOG -A logdrop-21 -j DROP -A logdrop-22 -m limit --limit 1/second -j LOG @@ -10616,16 +19246,12 @@ COMMIT -A logdrop-49 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG -A logdrop-5 -j DROP --A logdrop-50 -m limit --limit 1/second -j LOG --A logdrop-50 -j DROP -A logdrop-51 -m limit --limit 1/second -j LOG -A logdrop-51 -j DROP -A logdrop-52 -m limit --limit 1/second -j LOG -A logdrop-52 -j DROP -A logdrop-53 -m limit --limit 1/second -j LOG -A logdrop-53 -j DROP --A logdrop-54 -m limit --limit 1/second -j LOG --A logdrop-54 -j DROP -A logdrop-55 -m limit --limit 1/second -j LOG -A logdrop-55 -j DROP -A logdrop-56 -m limit --limit 1/second -j LOG @@ -10642,16 +19268,12 @@ COMMIT -A logdrop-60 -j DROP -A logdrop-61 -m limit --limit 1/second -j LOG -A logdrop-61 -j DROP --A logdrop-62 -m limit --limit 1/second -j LOG --A logdrop-62 -j DROP -A logdrop-63 -m limit --limit 1/second -j LOG -A logdrop-63 -j DROP -A logdrop-64 -m limit --limit 1/second -j LOG -A logdrop-64 -j DROP -A logdrop-65 -m limit --limit 1/second -j LOG -A logdrop-65 -j DROP --A logdrop-66 -m limit --limit 1/second -j LOG --A logdrop-66 -j DROP -A logdrop-67 -m limit --limit 1/second -j LOG -A logdrop-67 -j DROP -A logdrop-68 -m limit --limit 1/second -j LOG @@ -10708,12 +19330,16 @@ COMMIT -A logdrop-90 -j DROP -A logdrop-91 -m limit --limit 1/second -j LOG -A logdrop-91 -j DROP +-A logdrop-92 -m limit --limit 1/second -j LOG +-A logdrop-92 -j DROP -A logdrop-93 -m limit --limit 1/second -j LOG -A logdrop-93 -j DROP -A logdrop-94 -m limit --limit 1/second -j LOG -A logdrop-94 -j DROP -A logdrop-95 -m limit --limit 1/second -j LOG -A logdrop-95 -j DROP +-A logdrop-96 -m limit --limit 1/second -j LOG +-A logdrop-96 -j DROP -A logdrop-97 -m limit --limit 1/second -j LOG -A logdrop-97 -j DROP -A logdrop-98 -m limit --limit 1/second -j LOG @@ -10802,6 +19428,60 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -10919,6 +19599,108 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack diff --git a/test/output/rules-save b/test/output/rules-save index 8e18cf9..0e78348 100644 --- a/test/output/rules-save +++ b/test/output/rules-save @@ -16,12 +16,10 @@ :limit-106 - [0:0] :limit-107 - [0:0] :limit-108 - [0:0] -:limit-109 - [0:0] :limit-11 - [0:0] :limit-110 - [0:0] :limit-111 - [0:0] :limit-112 - [0:0] -:limit-113 - [0:0] :limit-114 - [0:0] :limit-115 - [0:0] :limit-116 - [0:0] @@ -30,11 +28,9 @@ :limit-119 - [0:0] :limit-12 - [0:0] :limit-120 - [0:0] -:limit-121 - [0:0] :limit-122 - [0:0] :limit-123 - [0:0] :limit-124 - [0:0] -:limit-125 - [0:0] :limit-126 - [0:0] :limit-127 - [0:0] :limit-128 - [0:0] @@ -49,12 +45,10 @@ :limit-136 - [0:0] :limit-137 - [0:0] :limit-138 - [0:0] -:limit-139 - [0:0] :limit-14 - [0:0] :limit-140 - [0:0] :limit-141 - [0:0] :limit-142 - [0:0] -:limit-143 - [0:0] :limit-144 - [0:0] :limit-145 - [0:0] :limit-146 - [0:0] @@ -63,11 +57,9 @@ :limit-149 - [0:0] :limit-15 - [0:0] :limit-150 - [0:0] -:limit-151 - [0:0] :limit-152 - [0:0] :limit-153 - [0:0] :limit-154 - [0:0] -:limit-155 - [0:0] :limit-156 - [0:0] :limit-157 - [0:0] :limit-158 - [0:0] @@ -82,12 +74,10 @@ :limit-166 - [0:0] :limit-167 - [0:0] :limit-168 - [0:0] -:limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] :limit-171 - [0:0] :limit-172 - [0:0] -:limit-173 - [0:0] :limit-174 - [0:0] :limit-175 - [0:0] :limit-176 - [0:0] @@ -96,11 +86,9 @@ :limit-179 - [0:0] :limit-18 - [0:0] :limit-180 - [0:0] -:limit-181 - [0:0] :limit-182 - [0:0] :limit-183 - [0:0] :limit-184 - [0:0] -:limit-185 - [0:0] :limit-186 - [0:0] :limit-187 - [0:0] :limit-188 - [0:0] @@ -163,9 +151,11 @@ :limit-240 - [0:0] :limit-241 - [0:0] :limit-242 - [0:0] +:limit-243 - [0:0] :limit-244 - [0:0] :limit-245 - [0:0] :limit-246 - [0:0] +:limit-247 - [0:0] :limit-248 - [0:0] :limit-249 - [0:0] :limit-25 - [0:0] @@ -174,9 +164,11 @@ :limit-252 - [0:0] :limit-253 - [0:0] :limit-254 - [0:0] +:limit-255 - [0:0] :limit-256 - [0:0] :limit-257 - [0:0] :limit-258 - [0:0] +:limit-259 - [0:0] :limit-26 - [0:0] :limit-260 - [0:0] :limit-261 - [0:0] @@ -192,9 +184,11 @@ :limit-270 - [0:0] :limit-271 - [0:0] :limit-272 - [0:0] +:limit-273 - [0:0] :limit-274 - [0:0] :limit-275 - [0:0] :limit-276 - [0:0] +:limit-277 - [0:0] :limit-278 - [0:0] :limit-279 - [0:0] :limit-28 - [0:0] @@ -203,9 +197,11 @@ :limit-282 - [0:0] :limit-283 - [0:0] :limit-284 - [0:0] +:limit-285 - [0:0] :limit-286 - [0:0] :limit-287 - [0:0] :limit-288 - [0:0] +:limit-289 - [0:0] :limit-29 - [0:0] :limit-290 - [0:0] :limit-291 - [0:0] @@ -222,9 +218,11 @@ :limit-300 - [0:0] :limit-301 - [0:0] :limit-302 - [0:0] +:limit-303 - [0:0] :limit-304 - [0:0] :limit-305 - [0:0] :limit-306 - [0:0] +:limit-307 - [0:0] :limit-308 - [0:0] :limit-309 - [0:0] :limit-310 - [0:0] @@ -232,9 +230,11 @@ :limit-312 - [0:0] :limit-313 - [0:0] :limit-314 - [0:0] +:limit-315 - [0:0] :limit-316 - [0:0] :limit-317 - [0:0] :limit-318 - [0:0] +:limit-319 - [0:0] :limit-32 - [0:0] :limit-320 - [0:0] :limit-321 - [0:0] @@ -253,36 +253,318 @@ :limit-333 - [0:0] :limit-334 - [0:0] :limit-335 - [0:0] +:limit-336 - [0:0] +:limit-337 - [0:0] +:limit-338 - [0:0] +:limit-339 - [0:0] :limit-34 - [0:0] +:limit-340 - [0:0] +:limit-341 - [0:0] +:limit-342 - [0:0] +:limit-343 - [0:0] +:limit-344 - [0:0] +:limit-345 - [0:0] +:limit-346 - [0:0] +:limit-347 - [0:0] +:limit-348 - [0:0] +:limit-349 - [0:0] +:limit-350 - [0:0] +:limit-351 - [0:0] +:limit-352 - [0:0] +:limit-353 - [0:0] +:limit-354 - [0:0] +:limit-355 - [0:0] +:limit-356 - [0:0] +:limit-357 - [0:0] +:limit-358 - [0:0] +:limit-359 - [0:0] :limit-36 - [0:0] +:limit-360 - [0:0] +:limit-361 - [0:0] +:limit-362 - [0:0] +:limit-363 - [0:0] +:limit-364 - [0:0] +:limit-365 - [0:0] +:limit-366 - [0:0] +:limit-367 - [0:0] +:limit-368 - [0:0] +:limit-369 - [0:0] :limit-37 - [0:0] +:limit-370 - [0:0] +:limit-371 - [0:0] +:limit-372 - [0:0] +:limit-373 - [0:0] +:limit-374 - [0:0] +:limit-375 - [0:0] +:limit-376 - [0:0] +:limit-377 - [0:0] +:limit-378 - [0:0] +:limit-379 - [0:0] :limit-38 - [0:0] +:limit-380 - [0:0] +:limit-381 - [0:0] +:limit-382 - [0:0] +:limit-383 - [0:0] +:limit-384 - [0:0] +:limit-385 - [0:0] +:limit-386 - [0:0] +:limit-387 - [0:0] +:limit-388 - [0:0] +:limit-389 - [0:0] :limit-39 - [0:0] +:limit-390 - [0:0] +:limit-391 - [0:0] +:limit-392 - [0:0] +:limit-393 - [0:0] +:limit-394 - [0:0] +:limit-395 - [0:0] +:limit-396 - [0:0] +:limit-397 - [0:0] +:limit-398 - [0:0] +:limit-399 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] +:limit-400 - [0:0] +:limit-401 - [0:0] +:limit-402 - [0:0] +:limit-403 - [0:0] +:limit-404 - [0:0] +:limit-405 - [0:0] +:limit-406 - [0:0] +:limit-407 - [0:0] +:limit-408 - [0:0] +:limit-409 - [0:0] :limit-41 - [0:0] +:limit-410 - [0:0] +:limit-411 - [0:0] +:limit-412 - [0:0] +:limit-413 - [0:0] +:limit-414 - [0:0] +:limit-415 - [0:0] +:limit-416 - [0:0] +:limit-417 - [0:0] +:limit-418 - [0:0] +:limit-419 - [0:0] :limit-42 - [0:0] +:limit-420 - [0:0] +:limit-421 - [0:0] +:limit-422 - [0:0] +:limit-423 - [0:0] +:limit-424 - [0:0] +:limit-425 - [0:0] +:limit-426 - [0:0] +:limit-427 - [0:0] +:limit-428 - [0:0] +:limit-429 - [0:0] :limit-43 - [0:0] +:limit-430 - [0:0] +:limit-431 - [0:0] +:limit-432 - [0:0] +:limit-433 - [0:0] +:limit-434 - [0:0] +:limit-435 - [0:0] +:limit-436 - [0:0] +:limit-437 - [0:0] +:limit-438 - [0:0] +:limit-439 - [0:0] :limit-44 - [0:0] +:limit-440 - [0:0] +:limit-441 - [0:0] +:limit-442 - [0:0] +:limit-443 - [0:0] +:limit-444 - [0:0] +:limit-445 - [0:0] +:limit-446 - [0:0] +:limit-448 - [0:0] +:limit-449 - [0:0] :limit-45 - [0:0] +:limit-450 - [0:0] +:limit-452 - [0:0] +:limit-453 - [0:0] +:limit-454 - [0:0] +:limit-455 - [0:0] +:limit-456 - [0:0] +:limit-457 - [0:0] +:limit-458 - [0:0] :limit-46 - [0:0] +:limit-460 - [0:0] +:limit-461 - [0:0] +:limit-462 - [0:0] +:limit-464 - [0:0] +:limit-465 - [0:0] +:limit-466 - [0:0] +:limit-467 - [0:0] +:limit-468 - [0:0] +:limit-469 - [0:0] :limit-47 - [0:0] +:limit-470 - [0:0] +:limit-471 - [0:0] +:limit-472 - [0:0] +:limit-473 - [0:0] +:limit-474 - [0:0] +:limit-475 - [0:0] +:limit-476 - [0:0] +:limit-478 - [0:0] +:limit-479 - [0:0] :limit-48 - [0:0] +:limit-480 - [0:0] +:limit-482 - [0:0] +:limit-483 - [0:0] +:limit-484 - [0:0] +:limit-485 - [0:0] +:limit-486 - [0:0] +:limit-487 - [0:0] +:limit-488 - [0:0] +:limit-490 - [0:0] +:limit-491 - [0:0] +:limit-492 - [0:0] +:limit-494 - [0:0] +:limit-495 - [0:0] +:limit-496 - [0:0] +:limit-497 - [0:0] +:limit-498 - [0:0] +:limit-499 - [0:0] :limit-5 - [0:0] :limit-50 - [0:0] +:limit-500 - [0:0] +:limit-501 - [0:0] +:limit-502 - [0:0] +:limit-503 - [0:0] +:limit-504 - [0:0] +:limit-505 - [0:0] +:limit-506 - [0:0] +:limit-508 - [0:0] +:limit-509 - [0:0] :limit-51 - [0:0] +:limit-510 - [0:0] +:limit-512 - [0:0] +:limit-513 - [0:0] +:limit-514 - [0:0] +:limit-515 - [0:0] +:limit-516 - [0:0] +:limit-517 - [0:0] +:limit-518 - [0:0] :limit-52 - [0:0] +:limit-520 - [0:0] +:limit-521 - [0:0] +:limit-522 - [0:0] +:limit-524 - [0:0] +:limit-525 - [0:0] +:limit-526 - [0:0] +:limit-527 - [0:0] +:limit-528 - [0:0] +:limit-529 - [0:0] +:limit-530 - [0:0] +:limit-531 - [0:0] +:limit-532 - [0:0] +:limit-533 - [0:0] +:limit-534 - [0:0] +:limit-535 - [0:0] +:limit-536 - [0:0] +:limit-538 - [0:0] +:limit-539 - [0:0] :limit-54 - [0:0] +:limit-540 - [0:0] +:limit-542 - [0:0] +:limit-543 - [0:0] +:limit-544 - [0:0] +:limit-545 - [0:0] +:limit-546 - [0:0] +:limit-547 - [0:0] +:limit-548 - [0:0] :limit-55 - [0:0] +:limit-550 - [0:0] +:limit-551 - [0:0] +:limit-552 - [0:0] +:limit-554 - [0:0] +:limit-555 - [0:0] +:limit-556 - [0:0] +:limit-557 - [0:0] +:limit-558 - [0:0] +:limit-559 - [0:0] :limit-56 - [0:0] +:limit-560 - [0:0] +:limit-561 - [0:0] +:limit-562 - [0:0] +:limit-563 - [0:0] +:limit-564 - [0:0] +:limit-565 - [0:0] +:limit-566 - [0:0] +:limit-568 - [0:0] +:limit-569 - [0:0] :limit-57 - [0:0] +:limit-570 - [0:0] +:limit-572 - [0:0] +:limit-573 - [0:0] +:limit-574 - [0:0] +:limit-575 - [0:0] +:limit-576 - [0:0] +:limit-577 - [0:0] +:limit-578 - [0:0] :limit-58 - [0:0] +:limit-580 - [0:0] +:limit-581 - [0:0] +:limit-582 - [0:0] +:limit-584 - [0:0] +:limit-585 - [0:0] +:limit-586 - [0:0] +:limit-587 - [0:0] +:limit-588 - [0:0] +:limit-589 - [0:0] :limit-59 - [0:0] +:limit-590 - [0:0] +:limit-591 - [0:0] +:limit-592 - [0:0] +:limit-593 - [0:0] +:limit-594 - [0:0] +:limit-595 - [0:0] +:limit-596 - [0:0] +:limit-598 - [0:0] +:limit-599 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] +:limit-600 - [0:0] +:limit-602 - [0:0] +:limit-603 - [0:0] +:limit-604 - [0:0] +:limit-605 - [0:0] +:limit-606 - [0:0] +:limit-607 - [0:0] +:limit-608 - [0:0] +:limit-610 - [0:0] +:limit-611 - [0:0] +:limit-612 - [0:0] +:limit-614 - [0:0] +:limit-615 - [0:0] +:limit-616 - [0:0] +:limit-617 - [0:0] +:limit-618 - [0:0] +:limit-619 - [0:0] :limit-62 - [0:0] +:limit-620 - [0:0] +:limit-621 - [0:0] +:limit-622 - [0:0] +:limit-623 - [0:0] +:limit-624 - [0:0] +:limit-625 - [0:0] +:limit-626 - [0:0] +:limit-627 - [0:0] +:limit-628 - [0:0] +:limit-629 - [0:0] :limit-63 - [0:0] +:limit-630 - [0:0] +:limit-631 - [0:0] +:limit-632 - [0:0] +:limit-633 - [0:0] +:limit-634 - [0:0] +:limit-635 - [0:0] +:limit-636 - [0:0] +:limit-637 - [0:0] +:limit-638 - [0:0] +:limit-639 - [0:0] :limit-64 - [0:0] +:limit-640 - [0:0] +:limit-641 - [0:0] :limit-66 - [0:0] :limit-67 - [0:0] :limit-68 - [0:0] @@ -318,6 +600,11 @@ :limit-99 - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] +:logaccept-10 - [0:0] +:logaccept-11 - [0:0] +:logaccept-12 - [0:0] +:logaccept-13 - [0:0] +:logaccept-14 - [0:0] :logaccept-2 - [0:0] :logaccept-3 - [0:0] :logaccept-4 - [0:0] @@ -325,6 +612,7 @@ :logaccept-6 - [0:0] :logaccept-7 - [0:0] :logaccept-8 - [0:0] +:logaccept-9 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-10 - [0:0] @@ -338,7 +626,25 @@ :logaccept-final-18 - [0:0] :logaccept-final-19 - [0:0] :logaccept-final-2 - [0:0] +:logaccept-final-20 - [0:0] +:logaccept-final-21 - [0:0] +:logaccept-final-22 - [0:0] +:logaccept-final-23 - [0:0] +:logaccept-final-24 - [0:0] +:logaccept-final-25 - [0:0] +:logaccept-final-26 - [0:0] +:logaccept-final-27 - [0:0] +:logaccept-final-28 - [0:0] +:logaccept-final-29 - [0:0] :logaccept-final-3 - [0:0] +:logaccept-final-30 - [0:0] +:logaccept-final-31 - [0:0] +:logaccept-final-32 - [0:0] +:logaccept-final-33 - [0:0] +:logaccept-final-34 - [0:0] +:logaccept-final-35 - [0:0] +:logaccept-final-36 - [0:0] +:logaccept-final-37 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] :logaccept-final-6 - [0:0] @@ -352,21 +658,105 @@ :logdrop-101 - [0:0] :logdrop-102 - [0:0] :logdrop-103 - [0:0] +:logdrop-104 - [0:0] :logdrop-105 - [0:0] :logdrop-106 - [0:0] :logdrop-107 - [0:0] +:logdrop-108 - [0:0] :logdrop-109 - [0:0] :logdrop-11 - [0:0] :logdrop-110 - [0:0] +:logdrop-111 - [0:0] +:logdrop-112 - [0:0] +:logdrop-113 - [0:0] +:logdrop-114 - [0:0] +:logdrop-115 - [0:0] +:logdrop-116 - [0:0] +:logdrop-117 - [0:0] +:logdrop-118 - [0:0] +:logdrop-119 - [0:0] :logdrop-12 - [0:0] +:logdrop-120 - [0:0] +:logdrop-121 - [0:0] +:logdrop-122 - [0:0] +:logdrop-123 - [0:0] +:logdrop-124 - [0:0] +:logdrop-125 - [0:0] +:logdrop-126 - [0:0] +:logdrop-127 - [0:0] +:logdrop-128 - [0:0] +:logdrop-129 - [0:0] :logdrop-13 - [0:0] +:logdrop-130 - [0:0] +:logdrop-131 - [0:0] +:logdrop-132 - [0:0] +:logdrop-133 - [0:0] +:logdrop-134 - [0:0] +:logdrop-135 - [0:0] +:logdrop-136 - [0:0] +:logdrop-137 - [0:0] +:logdrop-138 - [0:0] +:logdrop-139 - [0:0] :logdrop-14 - [0:0] +:logdrop-140 - [0:0] +:logdrop-141 - [0:0] +:logdrop-142 - [0:0] +:logdrop-143 - [0:0] +:logdrop-144 - [0:0] +:logdrop-145 - [0:0] +:logdrop-146 - [0:0] +:logdrop-147 - [0:0] +:logdrop-148 - [0:0] +:logdrop-149 - [0:0] :logdrop-15 - [0:0] +:logdrop-150 - [0:0] +:logdrop-151 - [0:0] +:logdrop-153 - [0:0] +:logdrop-154 - [0:0] +:logdrop-155 - [0:0] +:logdrop-157 - [0:0] +:logdrop-158 - [0:0] +:logdrop-159 - [0:0] :logdrop-16 - [0:0] +:logdrop-160 - [0:0] +:logdrop-161 - [0:0] +:logdrop-162 - [0:0] +:logdrop-163 - [0:0] +:logdrop-165 - [0:0] +:logdrop-166 - [0:0] +:logdrop-167 - [0:0] +:logdrop-169 - [0:0] :logdrop-17 - [0:0] +:logdrop-170 - [0:0] +:logdrop-171 - [0:0] +:logdrop-172 - [0:0] +:logdrop-173 - [0:0] +:logdrop-174 - [0:0] +:logdrop-175 - [0:0] +:logdrop-176 - [0:0] +:logdrop-177 - [0:0] +:logdrop-178 - [0:0] +:logdrop-179 - [0:0] :logdrop-18 - [0:0] +:logdrop-180 - [0:0] +:logdrop-181 - [0:0] +:logdrop-183 - [0:0] +:logdrop-184 - [0:0] +:logdrop-185 - [0:0] +:logdrop-187 - [0:0] +:logdrop-188 - [0:0] +:logdrop-189 - [0:0] :logdrop-19 - [0:0] +:logdrop-190 - [0:0] +:logdrop-191 - [0:0] +:logdrop-192 - [0:0] +:logdrop-193 - [0:0] +:logdrop-195 - [0:0] +:logdrop-196 - [0:0] +:logdrop-197 - [0:0] +:logdrop-199 - [0:0] :logdrop-2 - [0:0] +:logdrop-200 - [0:0] :logdrop-21 - [0:0] :logdrop-22 - [0:0] :logdrop-23 - [0:0] @@ -396,11 +786,9 @@ :logdrop-48 - [0:0] :logdrop-49 - [0:0] :logdrop-5 - [0:0] -:logdrop-50 - [0:0] :logdrop-51 - [0:0] :logdrop-52 - [0:0] :logdrop-53 - [0:0] -:logdrop-54 - [0:0] :logdrop-55 - [0:0] :logdrop-56 - [0:0] :logdrop-57 - [0:0] @@ -409,11 +797,9 @@ :logdrop-6 - [0:0] :logdrop-60 - [0:0] :logdrop-61 - [0:0] -:logdrop-62 - [0:0] :logdrop-63 - [0:0] :logdrop-64 - [0:0] :logdrop-65 - [0:0] -:logdrop-66 - [0:0] :logdrop-67 - [0:0] :logdrop-68 - [0:0] :logdrop-69 - [0:0] @@ -442,9 +828,11 @@ :logdrop-9 - [0:0] :logdrop-90 - [0:0] :logdrop-91 - [0:0] +:logdrop-92 - [0:0] :logdrop-93 - [0:0] :logdrop-94 - [0:0] :logdrop-95 - [0:0] +:logdrop-96 - [0:0] :logdrop-97 - [0:0] :logdrop-98 - [0:0] :logdrop-99 - [0:0] @@ -454,6 +842,210 @@ :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-427 +-A FORWARD -j limit-426 +-A FORWARD -j limit-425 +-A FORWARD -j limit-424 +-A FORWARD -j limit-423 +-A FORWARD -j limit-422 +-A FORWARD -j limit-421 +-A FORWARD -j limit-420 +-A FORWARD -j limit-419 +-A FORWARD -j limit-418 +-A FORWARD -j limit-417 +-A FORWARD -j limit-416 +-A FORWARD -j limit-415 +-A FORWARD -j limit-414 +-A FORWARD -j limit-413 +-A FORWARD -j limit-412 +-A FORWARD -j limit-411 +-A FORWARD -j limit-410 +-A FORWARD -j limit-409 +-A FORWARD -j limit-408 +-A FORWARD -j limit-407 +-A FORWARD -j limit-406 +-A FORWARD -j limit-405 +-A FORWARD -j limit-404 +-A FORWARD -j limit-403 +-A FORWARD -j limit-402 +-A FORWARD -j limit-401 +-A FORWARD -j limit-400 +-A FORWARD -j limit-399 +-A FORWARD -j limit-398 +-A FORWARD -j limit-397 +-A FORWARD -j limit-396 +-A FORWARD -j limit-395 +-A FORWARD -j limit-394 +-A FORWARD -j limit-393 +-A FORWARD -j limit-392 +-A FORWARD -j limit-391 +-A FORWARD -j limit-390 +-A FORWARD -j limit-389 +-A FORWARD -j limit-388 +-A FORWARD -j limit-387 +-A FORWARD -j limit-386 +-A FORWARD -j limit-385 +-A FORWARD -j limit-384 +-A FORWARD -j limit-383 +-A FORWARD -j limit-382 +-A FORWARD -j limit-381 +-A FORWARD -j limit-380 +-A FORWARD -j limit-379 +-A FORWARD -j limit-378 +-A FORWARD -j limit-377 +-A FORWARD -j limit-376 +-A FORWARD -j limit-375 +-A FORWARD -j limit-374 +-A FORWARD -j limit-373 +-A FORWARD -j limit-372 +-A FORWARD -j limit-371 +-A FORWARD -j limit-370 +-A FORWARD -j limit-369 +-A FORWARD -j limit-368 +-A FORWARD -j limit-367 +-A FORWARD -j limit-366 +-A FORWARD -j limit-365 +-A FORWARD -j limit-364 +-A FORWARD -j limit-363 +-A FORWARD -j limit-362 +-A FORWARD -j limit-361 +-A FORWARD -j limit-360 +-A FORWARD -j limit-359 +-A FORWARD -j limit-358 +-A FORWARD -j limit-357 +-A FORWARD -j limit-356 +-A FORWARD -j limit-355 +-A FORWARD -j limit-354 +-A FORWARD -j limit-353 +-A FORWARD -j limit-352 +-A FORWARD -j limit-351 +-A FORWARD -j limit-350 +-A FORWARD -j limit-349 +-A FORWARD -j limit-348 +-A FORWARD -j limit-347 +-A FORWARD -j limit-346 +-A FORWARD -j limit-345 +-A FORWARD -j limit-344 +-A FORWARD -j limit-343 +-A FORWARD -j limit-342 +-A FORWARD -j limit-341 +-A FORWARD -j limit-340 +-A FORWARD -j limit-339 +-A FORWARD -j limit-338 +-A FORWARD -j limit-337 +-A FORWARD -j limit-336 +-A FORWARD -j limit-335 +-A FORWARD -j limit-334 +-A FORWARD -j limit-333 +-A FORWARD -j limit-332 +-A FORWARD -j limit-331 +-A FORWARD -j limit-330 +-A FORWARD -j limit-329 +-A FORWARD -j limit-328 +-A FORWARD -j limit-327 +-A FORWARD -j limit-326 +-A FORWARD -j limit-325 +-A FORWARD -j limit-324 +-A FORWARD -j limit-323 +-A FORWARD -j limit-322 +-A FORWARD -j limit-321 +-A FORWARD -j limit-320 +-A FORWARD -j limit-319 +-A FORWARD -j limit-318 +-A FORWARD -j limit-317 +-A FORWARD -j limit-316 +-A FORWARD -j limit-315 +-A FORWARD -j limit-314 +-A FORWARD -j limit-313 +-A FORWARD -j limit-312 +-A FORWARD -j limit-311 +-A FORWARD -j limit-310 +-A FORWARD -j limit-309 +-A FORWARD -j limit-308 +-A FORWARD -j limit-307 +-A FORWARD -j limit-306 +-A FORWARD -j limit-305 +-A FORWARD -j limit-304 +-A FORWARD -j limit-303 +-A FORWARD -j limit-302 +-A FORWARD -j limit-301 +-A FORWARD -j limit-300 +-A FORWARD -j limit-299 +-A FORWARD -j limit-298 +-A FORWARD -j limit-297 +-A FORWARD -j limit-296 +-A FORWARD -j limit-295 +-A FORWARD -j limit-294 +-A FORWARD -j limit-293 +-A FORWARD -j limit-292 +-A FORWARD -j limit-291 +-A FORWARD -j limit-290 +-A FORWARD -j limit-289 +-A FORWARD -j limit-288 +-A FORWARD -j limit-287 +-A FORWARD -j limit-286 +-A FORWARD -j limit-285 +-A FORWARD -j limit-284 +-A FORWARD -j limit-283 +-A FORWARD -j limit-282 +-A FORWARD -j limit-281 +-A FORWARD -j limit-280 +-A FORWARD -j limit-279 +-A FORWARD -j limit-278 +-A FORWARD -j limit-277 +-A FORWARD -j limit-276 +-A FORWARD -j limit-275 +-A FORWARD -j limit-274 +-A FORWARD -j limit-273 +-A FORWARD -j limit-272 +-A FORWARD -j limit-271 +-A FORWARD -j limit-270 +-A FORWARD -j limit-269 +-A FORWARD -j limit-268 +-A FORWARD -j limit-267 +-A FORWARD -j limit-266 +-A FORWARD -j limit-265 +-A FORWARD -j limit-264 +-A FORWARD -j limit-263 +-A FORWARD -j limit-262 +-A FORWARD -j limit-261 +-A FORWARD -j limit-260 +-A FORWARD -j limit-259 +-A FORWARD -j limit-258 +-A FORWARD -j limit-257 +-A FORWARD -j limit-256 +-A FORWARD -j limit-255 +-A FORWARD -j limit-254 +-A FORWARD -j limit-253 +-A FORWARD -j limit-252 +-A FORWARD -j limit-251 +-A FORWARD -j limit-250 +-A FORWARD -j limit-249 +-A FORWARD -j limit-248 +-A FORWARD -j limit-247 +-A FORWARD -j limit-246 +-A FORWARD -j limit-245 +-A FORWARD -j limit-244 +-A FORWARD -j limit-243 +-A FORWARD -j limit-242 +-A FORWARD -j limit-241 +-A FORWARD -j limit-240 +-A FORWARD -j limit-239 +-A FORWARD -j limit-238 +-A FORWARD -j limit-237 +-A FORWARD -j limit-236 +-A FORWARD -j limit-235 +-A FORWARD -j limit-234 +-A FORWARD -j limit-233 +-A FORWARD -j limit-232 +-A FORWARD -j limit-231 +-A FORWARD -j limit-230 +-A FORWARD -j limit-229 +-A FORWARD -j limit-228 +-A FORWARD -j limit-227 +-A FORWARD -j limit-226 +-A FORWARD -j limit-225 +-A FORWARD -j limit-224 -A FORWARD -j limit-223 -A FORWARD -j limit-222 -A FORWARD -j limit-221 @@ -464,108 +1056,6 @@ -A FORWARD -j limit-216 -A FORWARD -j limit-215 -A FORWARD -j limit-214 --A FORWARD -j limit-213 --A FORWARD -j limit-212 --A FORWARD -j limit-211 --A FORWARD -j limit-210 --A FORWARD -j limit-209 --A FORWARD -j limit-208 --A FORWARD -j limit-207 --A FORWARD -j limit-206 --A FORWARD -j limit-205 --A FORWARD -j limit-204 --A FORWARD -j limit-203 --A FORWARD -j limit-202 --A FORWARD -j limit-201 --A FORWARD -j limit-200 --A FORWARD -j limit-199 --A FORWARD -j limit-198 --A FORWARD -j limit-197 --A FORWARD -j limit-196 --A FORWARD -j limit-195 --A FORWARD -j limit-194 --A FORWARD -j limit-193 --A FORWARD -j limit-192 --A FORWARD -j limit-191 --A FORWARD -j limit-190 --A FORWARD -j limit-189 --A FORWARD -j limit-188 --A FORWARD -j limit-187 --A FORWARD -j limit-186 --A FORWARD -j limit-185 --A FORWARD -j limit-184 --A FORWARD -j limit-183 --A FORWARD -j limit-182 --A FORWARD -j limit-181 --A FORWARD -j limit-180 --A FORWARD -j limit-179 --A FORWARD -j limit-178 --A FORWARD -j limit-177 --A FORWARD -j limit-176 --A FORWARD -j limit-175 --A FORWARD -j limit-174 --A FORWARD -j limit-173 --A FORWARD -j limit-172 --A FORWARD -j limit-171 --A FORWARD -j limit-170 --A FORWARD -j limit-169 --A FORWARD -j limit-168 --A FORWARD -j limit-167 --A FORWARD -j limit-166 --A FORWARD -j limit-165 --A FORWARD -j limit-164 --A FORWARD -j limit-163 --A FORWARD -j limit-162 --A FORWARD -j limit-161 --A FORWARD -j limit-160 --A FORWARD -j limit-159 --A FORWARD -j limit-158 --A FORWARD -j limit-157 --A FORWARD -j limit-156 --A FORWARD -j limit-155 --A FORWARD -j limit-154 --A FORWARD -j limit-153 --A FORWARD -j limit-152 --A FORWARD -j limit-151 --A FORWARD -j limit-150 --A FORWARD -j limit-149 --A FORWARD -j limit-148 --A FORWARD -j limit-147 --A FORWARD -j limit-146 --A FORWARD -j limit-145 --A FORWARD -j limit-144 --A FORWARD -j limit-143 --A FORWARD -j limit-142 --A FORWARD -j limit-141 --A FORWARD -j limit-140 --A FORWARD -j limit-139 --A FORWARD -j limit-138 --A FORWARD -j limit-137 --A FORWARD -j limit-136 --A FORWARD -j limit-135 --A FORWARD -j limit-134 --A FORWARD -j limit-133 --A FORWARD -j limit-132 --A FORWARD -j limit-131 --A FORWARD -j limit-130 --A FORWARD -j limit-129 --A FORWARD -j limit-128 --A FORWARD -j limit-127 --A FORWARD -j limit-126 --A FORWARD -j limit-125 --A FORWARD -j limit-124 --A FORWARD -j limit-123 --A FORWARD -j limit-122 --A FORWARD -j limit-121 --A FORWARD -j limit-120 --A FORWARD -j limit-119 --A FORWARD -j limit-118 --A FORWARD -j limit-117 --A FORWARD -j limit-116 --A FORWARD -j limit-115 --A FORWARD -j limit-114 --A FORWARD -j limit-113 --A FORWARD -j limit-112 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -682,9 +1172,111 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-106 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-107 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-108 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-109 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-110 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-111 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-112 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-54 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-114 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-115 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-116 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-117 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-118 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-119 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-120 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-62 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-122 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-123 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-124 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-66 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-126 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-127 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-128 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-129 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-130 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-131 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-132 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-133 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-134 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-135 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-136 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-137 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-138 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-140 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-141 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-142 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-144 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-145 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-146 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-147 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-148 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-149 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-150 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-152 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-153 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-154 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-156 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-157 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-158 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-159 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-160 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-161 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-162 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-163 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-164 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-165 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-166 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-167 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-168 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-170 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-171 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-172 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-174 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-175 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-176 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-177 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-178 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-179 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-180 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-182 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-183 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-184 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-186 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-187 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-188 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-189 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-190 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-191 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-192 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-193 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-194 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-195 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-196 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-197 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-198 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-199 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-200 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-201 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-202 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-203 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-204 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-205 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-206 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-207 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-208 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-209 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-210 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-211 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-212 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-213 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -745,17 +1337,71 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-19 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-20 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-21 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-22 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-23 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-24 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-25 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-26 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-27 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-28 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-29 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-30 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-31 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-32 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-33 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-34 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-35 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-36 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-37 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-109 +-A FORWARD -j logdrop-199 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD --A FORWARD -j logaccept-8 --A FORWARD -j logdrop-110 +-A FORWARD -j logaccept-14 +-A FORWARD -j logdrop-200 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -818,6 +1464,210 @@ -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-427 +-A INPUT -j limit-426 +-A INPUT -j limit-425 +-A INPUT -j limit-424 +-A INPUT -j limit-423 +-A INPUT -j limit-422 +-A INPUT -j limit-421 +-A INPUT -j limit-420 +-A INPUT -j limit-419 +-A INPUT -j limit-418 +-A INPUT -j limit-417 +-A INPUT -j limit-416 +-A INPUT -j limit-415 +-A INPUT -j limit-414 +-A INPUT -j limit-413 +-A INPUT -j limit-412 +-A INPUT -j limit-411 +-A INPUT -j limit-410 +-A INPUT -j limit-409 +-A INPUT -j limit-408 +-A INPUT -j limit-407 +-A INPUT -j limit-406 +-A INPUT -j limit-405 +-A INPUT -j limit-404 +-A INPUT -j limit-403 +-A INPUT -j limit-402 +-A INPUT -j limit-401 +-A INPUT -j limit-400 +-A INPUT -j limit-399 +-A INPUT -j limit-398 +-A INPUT -j limit-397 +-A INPUT -j limit-396 +-A INPUT -j limit-395 +-A INPUT -j limit-394 +-A INPUT -j limit-393 +-A INPUT -j limit-392 +-A INPUT -j limit-391 +-A INPUT -j limit-390 +-A INPUT -j limit-389 +-A INPUT -j limit-388 +-A INPUT -j limit-387 +-A INPUT -j limit-386 +-A INPUT -j limit-385 +-A INPUT -j limit-384 +-A INPUT -j limit-383 +-A INPUT -j limit-382 +-A INPUT -j limit-381 +-A INPUT -j limit-380 +-A INPUT -j limit-379 +-A INPUT -j limit-378 +-A INPUT -j limit-377 +-A INPUT -j limit-376 +-A INPUT -j limit-375 +-A INPUT -j limit-374 +-A INPUT -j limit-373 +-A INPUT -j limit-372 +-A INPUT -j limit-371 +-A INPUT -j limit-370 +-A INPUT -j limit-369 +-A INPUT -j limit-368 +-A INPUT -j limit-367 +-A INPUT -j limit-366 +-A INPUT -j limit-365 +-A INPUT -j limit-364 +-A INPUT -j limit-363 +-A INPUT -j limit-362 +-A INPUT -j limit-361 +-A INPUT -j limit-360 +-A INPUT -j limit-359 +-A INPUT -j limit-358 +-A INPUT -j limit-357 +-A INPUT -j limit-356 +-A INPUT -j limit-355 +-A INPUT -j limit-354 +-A INPUT -j limit-353 +-A INPUT -j limit-352 +-A INPUT -j limit-351 +-A INPUT -j limit-350 +-A INPUT -j limit-349 +-A INPUT -j limit-348 +-A INPUT -j limit-347 +-A INPUT -j limit-346 +-A INPUT -j limit-345 +-A INPUT -j limit-344 +-A INPUT -j limit-343 +-A INPUT -j limit-342 +-A INPUT -j limit-341 +-A INPUT -j limit-340 +-A INPUT -j limit-339 +-A INPUT -j limit-338 +-A INPUT -j limit-337 +-A INPUT -j limit-336 +-A INPUT -j limit-335 +-A INPUT -j limit-334 +-A INPUT -j limit-333 +-A INPUT -j limit-332 +-A INPUT -j limit-331 +-A INPUT -j limit-330 +-A INPUT -j limit-329 +-A INPUT -j limit-328 +-A INPUT -j limit-327 +-A INPUT -j limit-326 +-A INPUT -j limit-325 +-A INPUT -j limit-324 +-A INPUT -j limit-323 +-A INPUT -j limit-322 +-A INPUT -j limit-321 +-A INPUT -j limit-320 +-A INPUT -j limit-319 +-A INPUT -j limit-318 +-A INPUT -j limit-317 +-A INPUT -j limit-316 +-A INPUT -j limit-315 +-A INPUT -j limit-314 +-A INPUT -j limit-313 +-A INPUT -j limit-312 +-A INPUT -j limit-311 +-A INPUT -j limit-310 +-A INPUT -j limit-309 +-A INPUT -j limit-308 +-A INPUT -j limit-307 +-A INPUT -j limit-306 +-A INPUT -j limit-305 +-A INPUT -j limit-304 +-A INPUT -j limit-303 +-A INPUT -j limit-302 +-A INPUT -j limit-301 +-A INPUT -j limit-300 +-A INPUT -j limit-299 +-A INPUT -j limit-298 +-A INPUT -j limit-297 +-A INPUT -j limit-296 +-A INPUT -j limit-295 +-A INPUT -j limit-294 +-A INPUT -j limit-293 +-A INPUT -j limit-292 +-A INPUT -j limit-291 +-A INPUT -j limit-290 +-A INPUT -j limit-289 +-A INPUT -j limit-288 +-A INPUT -j limit-287 +-A INPUT -j limit-286 +-A INPUT -j limit-285 +-A INPUT -j limit-284 +-A INPUT -j limit-283 +-A INPUT -j limit-282 +-A INPUT -j limit-281 +-A INPUT -j limit-280 +-A INPUT -j limit-279 +-A INPUT -j limit-278 +-A INPUT -j limit-277 +-A INPUT -j limit-276 +-A INPUT -j limit-275 +-A INPUT -j limit-274 +-A INPUT -j limit-273 +-A INPUT -j limit-272 +-A INPUT -j limit-271 +-A INPUT -j limit-270 +-A INPUT -j limit-269 +-A INPUT -j limit-268 +-A INPUT -j limit-267 +-A INPUT -j limit-266 +-A INPUT -j limit-265 +-A INPUT -j limit-264 +-A INPUT -j limit-263 +-A INPUT -j limit-262 +-A INPUT -j limit-261 +-A INPUT -j limit-260 +-A INPUT -j limit-259 +-A INPUT -j limit-258 +-A INPUT -j limit-257 +-A INPUT -j limit-256 +-A INPUT -j limit-255 +-A INPUT -j limit-254 +-A INPUT -j limit-253 +-A INPUT -j limit-252 +-A INPUT -j limit-251 +-A INPUT -j limit-250 +-A INPUT -j limit-249 +-A INPUT -j limit-248 +-A INPUT -j limit-247 +-A INPUT -j limit-246 +-A INPUT -j limit-245 +-A INPUT -j limit-244 +-A INPUT -j limit-243 +-A INPUT -j limit-242 +-A INPUT -j limit-241 +-A INPUT -j limit-240 +-A INPUT -j limit-239 +-A INPUT -j limit-238 +-A INPUT -j limit-237 +-A INPUT -j limit-236 +-A INPUT -j limit-235 +-A INPUT -j limit-234 +-A INPUT -j limit-233 +-A INPUT -j limit-232 +-A INPUT -j limit-231 +-A INPUT -j limit-230 +-A INPUT -j limit-229 +-A INPUT -j limit-228 +-A INPUT -j limit-227 +-A INPUT -j limit-226 +-A INPUT -j limit-225 +-A INPUT -j limit-224 -A INPUT -j limit-223 -A INPUT -j limit-222 -A INPUT -j limit-221 @@ -828,108 +1678,6 @@ -A INPUT -j limit-216 -A INPUT -j limit-215 -A INPUT -j limit-214 --A INPUT -j limit-213 --A INPUT -j limit-212 --A INPUT -j limit-211 --A INPUT -j limit-210 --A INPUT -j limit-209 --A INPUT -j limit-208 --A INPUT -j limit-207 --A INPUT -j limit-206 --A INPUT -j limit-205 --A INPUT -j limit-204 --A INPUT -j limit-203 --A INPUT -j limit-202 --A INPUT -j limit-201 --A INPUT -j limit-200 --A INPUT -j limit-199 --A INPUT -j limit-198 --A INPUT -j limit-197 --A INPUT -j limit-196 --A INPUT -j limit-195 --A INPUT -j limit-194 --A INPUT -j limit-193 --A INPUT -j limit-192 --A INPUT -j limit-191 --A INPUT -j limit-190 --A INPUT -j limit-189 --A INPUT -j limit-188 --A INPUT -j limit-187 --A INPUT -j limit-186 --A INPUT -j limit-185 --A INPUT -j limit-184 --A INPUT -j limit-183 --A INPUT -j limit-182 --A INPUT -j limit-181 --A INPUT -j limit-180 --A INPUT -j limit-179 --A INPUT -j limit-178 --A INPUT -j limit-177 --A INPUT -j limit-176 --A INPUT -j limit-175 --A INPUT -j limit-174 --A INPUT -j limit-173 --A INPUT -j limit-172 --A INPUT -j limit-171 --A INPUT -j limit-170 --A INPUT -j limit-169 --A INPUT -j limit-168 --A INPUT -j limit-167 --A INPUT -j limit-166 --A INPUT -j limit-165 --A INPUT -j limit-164 --A INPUT -j limit-163 --A INPUT -j limit-162 --A INPUT -j limit-161 --A INPUT -j limit-160 --A INPUT -j limit-159 --A INPUT -j limit-158 --A INPUT -j limit-157 --A INPUT -j limit-156 --A INPUT -j limit-155 --A INPUT -j limit-154 --A INPUT -j limit-153 --A INPUT -j limit-152 --A INPUT -j limit-151 --A INPUT -j limit-150 --A INPUT -j limit-149 --A INPUT -j limit-148 --A INPUT -j limit-147 --A INPUT -j limit-146 --A INPUT -j limit-145 --A INPUT -j limit-144 --A INPUT -j limit-143 --A INPUT -j limit-142 --A INPUT -j limit-141 --A INPUT -j limit-140 --A INPUT -j limit-139 --A INPUT -j limit-138 --A INPUT -j limit-137 --A INPUT -j limit-136 --A INPUT -j limit-135 --A INPUT -j limit-134 --A INPUT -j limit-133 --A INPUT -j limit-132 --A INPUT -j limit-131 --A INPUT -j limit-130 --A INPUT -j limit-129 --A INPUT -j limit-128 --A INPUT -j limit-127 --A INPUT -j limit-126 --A INPUT -j limit-125 --A INPUT -j limit-124 --A INPUT -j limit-123 --A INPUT -j limit-122 --A INPUT -j limit-121 --A INPUT -j limit-120 --A INPUT -j limit-119 --A INPUT -j limit-118 --A INPUT -j limit-117 --A INPUT -j limit-116 --A INPUT -j limit-115 --A INPUT -j limit-114 --A INPUT -j limit-113 --A INPUT -j limit-112 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -998,129 +1746,285 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-19 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-224 --A INPUT -i eth0 -j limit-225 --A INPUT -i eth0 -j limit-226 --A INPUT -i eth0 -j limit-227 --A INPUT -i eth0 -j limit-228 --A INPUT -i eth0 -j limit-229 --A INPUT -i eth0 -j limit-230 --A INPUT -i eth0 -j limit-231 --A INPUT -i eth0 -j limit-232 --A INPUT -i eth0 -j limit-233 --A INPUT -i eth0 -j limit-234 --A INPUT -i eth0 -j limit-235 --A INPUT -i eth0 -j limit-236 --A INPUT -i eth0 -j limit-237 --A INPUT -i eth0 -j limit-238 --A INPUT -i eth0 -j limit-239 --A INPUT -i eth0 -j limit-240 --A INPUT -i eth0 -j limit-241 --A INPUT -i eth0 -j limit-242 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-92 --A INPUT -i eth0 -j limit-244 --A INPUT -i eth0 -j limit-245 --A INPUT -i eth0 -j limit-246 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-96 --A INPUT -i eth0 -j limit-248 --A INPUT -i eth0 -j limit-249 --A INPUT -i eth0 -j limit-250 --A INPUT -i eth0 -j limit-251 --A INPUT -i eth0 -j limit-252 --A INPUT -i eth0 -j limit-253 --A INPUT -i eth0 -j limit-254 --A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-104 --A INPUT -i eth0 -j limit-256 --A INPUT -i eth0 -j limit-257 --A INPUT -i eth0 -j limit-258 --A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-108 --A INPUT -i eth0 -j limit-260 --A INPUT -i eth0 -j limit-261 --A INPUT -i eth0 -j limit-262 --A INPUT -i eth0 -j limit-263 --A INPUT -i eth0 -j limit-264 --A INPUT -i eth0 -j limit-265 --A INPUT -i eth0 -j limit-266 --A INPUT -i eth0 -j limit-267 --A INPUT -i eth0 -j limit-268 --A INPUT -i eth0 -j limit-269 --A INPUT -i eth0 -j limit-270 --A INPUT -i eth0 -j limit-271 --A INPUT -i eth0 -j limit-272 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-20 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-21 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-22 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-23 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-24 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-25 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-26 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-27 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-28 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-29 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-30 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-31 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-32 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-33 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-34 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-35 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-36 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-37 +-A INPUT -j ACCEPT +-A INPUT -i eth0 -j limit-428 +-A INPUT -i eth0 -j limit-429 +-A INPUT -i eth0 -j limit-430 +-A INPUT -i eth0 -j limit-431 +-A INPUT -i eth0 -j limit-432 +-A INPUT -i eth0 -j limit-433 +-A INPUT -i eth0 -j limit-434 +-A INPUT -i eth0 -j limit-435 +-A INPUT -i eth0 -j limit-436 +-A INPUT -i eth0 -j limit-437 +-A INPUT -i eth0 -j limit-438 +-A INPUT -i eth0 -j limit-439 +-A INPUT -i eth0 -j limit-440 +-A INPUT -i eth0 -j limit-441 +-A INPUT -i eth0 -j limit-442 +-A INPUT -i eth0 -j limit-443 +-A INPUT -i eth0 -j limit-444 +-A INPUT -i eth0 -j limit-445 +-A INPUT -i eth0 -j limit-446 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-152 +-A INPUT -i eth0 -j limit-448 +-A INPUT -i eth0 -j limit-449 +-A INPUT -i eth0 -j limit-450 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-156 +-A INPUT -i eth0 -j limit-452 +-A INPUT -i eth0 -j limit-453 +-A INPUT -i eth0 -j limit-454 +-A INPUT -i eth0 -j limit-455 +-A INPUT -i eth0 -j limit-456 +-A INPUT -i eth0 -j limit-457 +-A INPUT -i eth0 -j limit-458 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-164 +-A INPUT -i eth0 -j limit-460 +-A INPUT -i eth0 -j limit-461 +-A INPUT -i eth0 -j limit-462 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-168 +-A INPUT -i eth0 -j limit-464 +-A INPUT -i eth0 -j limit-465 +-A INPUT -i eth0 -j limit-466 +-A INPUT -i eth0 -j limit-467 +-A INPUT -i eth0 -j limit-468 +-A INPUT -i eth0 -j limit-469 +-A INPUT -i eth0 -j limit-470 +-A INPUT -i eth0 -j limit-471 +-A INPUT -i eth0 -j limit-472 +-A INPUT -i eth0 -j limit-473 +-A INPUT -i eth0 -j limit-474 +-A INPUT -i eth0 -j limit-475 +-A INPUT -i eth0 -j limit-476 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-274 --A INPUT -i eth0 -j limit-275 --A INPUT -i eth0 -j limit-276 +-A INPUT -i eth0 -j limit-478 +-A INPUT -i eth0 -j limit-479 +-A INPUT -i eth0 -j limit-480 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-278 --A INPUT -i eth0 -j limit-279 --A INPUT -i eth0 -j limit-280 --A INPUT -i eth0 -j limit-281 --A INPUT -i eth0 -j limit-282 --A INPUT -i eth0 -j limit-283 --A INPUT -i eth0 -j limit-284 +-A INPUT -i eth0 -j limit-482 +-A INPUT -i eth0 -j limit-483 +-A INPUT -i eth0 -j limit-484 +-A INPUT -i eth0 -j limit-485 +-A INPUT -i eth0 -j limit-486 +-A INPUT -i eth0 -j limit-487 +-A INPUT -i eth0 -j limit-488 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-286 --A INPUT -i eth0 -j limit-287 --A INPUT -i eth0 -j limit-288 +-A INPUT -i eth0 -j limit-490 +-A INPUT -i eth0 -j limit-491 +-A INPUT -i eth0 -j limit-492 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-290 --A INPUT -i eth0 -j limit-291 --A INPUT -i eth0 -j limit-292 --A INPUT -i eth0 -j limit-293 --A INPUT -i eth0 -j limit-294 --A INPUT -i eth0 -j limit-295 --A INPUT -i eth0 -j limit-296 --A INPUT -i eth0 -j limit-297 --A INPUT -i eth0 -j limit-298 --A INPUT -i eth0 -j limit-299 --A INPUT -i eth0 -j limit-300 --A INPUT -i eth0 -j limit-301 --A INPUT -i eth0 -j limit-302 +-A INPUT -i eth0 -j limit-494 +-A INPUT -i eth0 -j limit-495 +-A INPUT -i eth0 -j limit-496 +-A INPUT -i eth0 -j limit-497 +-A INPUT -i eth0 -j limit-498 +-A INPUT -i eth0 -j limit-499 +-A INPUT -i eth0 -j limit-500 +-A INPUT -i eth0 -j limit-501 +-A INPUT -i eth0 -j limit-502 +-A INPUT -i eth0 -j limit-503 +-A INPUT -i eth0 -j limit-504 +-A INPUT -i eth0 -j limit-505 +-A INPUT -i eth0 -j limit-506 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-304 --A INPUT -i eth0 -j limit-305 --A INPUT -i eth0 -j limit-306 +-A INPUT -i eth0 -j limit-508 +-A INPUT -i eth0 -j limit-509 +-A INPUT -i eth0 -j limit-510 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-308 --A INPUT -i eth0 -j limit-309 --A INPUT -i eth0 -j limit-310 --A INPUT -i eth0 -j limit-311 --A INPUT -i eth0 -j limit-312 --A INPUT -i eth0 -j limit-313 --A INPUT -i eth0 -j limit-314 +-A INPUT -i eth0 -j limit-512 +-A INPUT -i eth0 -j limit-513 +-A INPUT -i eth0 -j limit-514 +-A INPUT -i eth0 -j limit-515 +-A INPUT -i eth0 -j limit-516 +-A INPUT -i eth0 -j limit-517 +-A INPUT -i eth0 -j limit-518 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-316 --A INPUT -i eth0 -j limit-317 --A INPUT -i eth0 -j limit-318 +-A INPUT -i eth0 -j limit-520 +-A INPUT -i eth0 -j limit-521 +-A INPUT -i eth0 -j limit-522 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-320 --A INPUT -i eth0 -j limit-321 --A INPUT -i eth0 -j limit-322 --A INPUT -i eth0 -j limit-323 --A INPUT -i eth0 -j limit-324 --A INPUT -i eth0 -j limit-325 --A INPUT -i eth0 -j limit-326 --A INPUT -i eth0 -j limit-327 --A INPUT -i eth0 -j limit-328 --A INPUT -i eth0 -j limit-329 --A INPUT -i eth0 -j limit-330 --A INPUT -i eth0 -j limit-331 --A INPUT -i eth0 -j limit-332 --A INPUT -i eth0 -j limit-333 --A INPUT -i eth0 -j limit-334 --A INPUT -i eth0 -j limit-335 +-A INPUT -i eth0 -j limit-524 +-A INPUT -i eth0 -j limit-525 +-A INPUT -i eth0 -j limit-526 +-A INPUT -i eth0 -j limit-527 +-A INPUT -i eth0 -j limit-528 +-A INPUT -i eth0 -j limit-529 +-A INPUT -i eth0 -j limit-530 +-A INPUT -i eth0 -j limit-531 +-A INPUT -i eth0 -j limit-532 +-A INPUT -i eth0 -j limit-533 +-A INPUT -i eth0 -j limit-534 +-A INPUT -i eth0 -j limit-535 +-A INPUT -i eth0 -j limit-536 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-182 +-A INPUT -i eth0 -j limit-538 +-A INPUT -i eth0 -j limit-539 +-A INPUT -i eth0 -j limit-540 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-186 +-A INPUT -i eth0 -j limit-542 +-A INPUT -i eth0 -j limit-543 +-A INPUT -i eth0 -j limit-544 +-A INPUT -i eth0 -j limit-545 +-A INPUT -i eth0 -j limit-546 +-A INPUT -i eth0 -j limit-547 +-A INPUT -i eth0 -j limit-548 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-194 +-A INPUT -i eth0 -j limit-550 +-A INPUT -i eth0 -j limit-551 +-A INPUT -i eth0 -j limit-552 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-198 +-A INPUT -i eth0 -j limit-554 +-A INPUT -i eth0 -j limit-555 +-A INPUT -i eth0 -j limit-556 +-A INPUT -i eth0 -j limit-557 +-A INPUT -i eth0 -j limit-558 +-A INPUT -i eth0 -j limit-559 +-A INPUT -i eth0 -j limit-560 +-A INPUT -i eth0 -j limit-561 +-A INPUT -i eth0 -j limit-562 +-A INPUT -i eth0 -j limit-563 +-A INPUT -i eth0 -j limit-564 +-A INPUT -i eth0 -j limit-565 +-A INPUT -i eth0 -j limit-566 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-568 +-A INPUT -i eth0 -j limit-569 +-A INPUT -i eth0 -j limit-570 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-572 +-A INPUT -i eth0 -j limit-573 +-A INPUT -i eth0 -j limit-574 +-A INPUT -i eth0 -j limit-575 +-A INPUT -i eth0 -j limit-576 +-A INPUT -i eth0 -j limit-577 +-A INPUT -i eth0 -j limit-578 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-580 +-A INPUT -i eth0 -j limit-581 +-A INPUT -i eth0 -j limit-582 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-584 +-A INPUT -i eth0 -j limit-585 +-A INPUT -i eth0 -j limit-586 +-A INPUT -i eth0 -j limit-587 +-A INPUT -i eth0 -j limit-588 +-A INPUT -i eth0 -j limit-589 +-A INPUT -i eth0 -j limit-590 +-A INPUT -i eth0 -j limit-591 +-A INPUT -i eth0 -j limit-592 +-A INPUT -i eth0 -j limit-593 +-A INPUT -i eth0 -j limit-594 +-A INPUT -i eth0 -j limit-595 +-A INPUT -i eth0 -j limit-596 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-598 +-A INPUT -i eth0 -j limit-599 +-A INPUT -i eth0 -j limit-600 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-602 +-A INPUT -i eth0 -j limit-603 +-A INPUT -i eth0 -j limit-604 +-A INPUT -i eth0 -j limit-605 +-A INPUT -i eth0 -j limit-606 +-A INPUT -i eth0 -j limit-607 +-A INPUT -i eth0 -j limit-608 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-610 +-A INPUT -i eth0 -j limit-611 +-A INPUT -i eth0 -j limit-612 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-614 +-A INPUT -i eth0 -j limit-615 +-A INPUT -i eth0 -j limit-616 +-A INPUT -i eth0 -j limit-617 +-A INPUT -i eth0 -j limit-618 +-A INPUT -i eth0 -j limit-619 +-A INPUT -i eth0 -j limit-620 +-A INPUT -i eth0 -j limit-621 +-A INPUT -i eth0 -j limit-622 +-A INPUT -i eth0 -j limit-623 +-A INPUT -i eth0 -j limit-624 +-A INPUT -i eth0 -j limit-625 +-A INPUT -i eth0 -j limit-626 +-A INPUT -i eth0 -j limit-627 +-A INPUT -i eth0 -j limit-628 +-A INPUT -i eth0 -j limit-629 +-A INPUT -i eth0 -j limit-630 +-A INPUT -i eth0 -j limit-631 +-A INPUT -i eth0 -j limit-632 +-A INPUT -i eth0 -j limit-633 +-A INPUT -i eth0 -j limit-634 +-A INPUT -i eth0 -j limit-635 +-A INPUT -i eth0 -j limit-636 +-A INPUT -i eth0 -j limit-637 +-A INPUT -i eth0 -j limit-638 +-A INPUT -i eth0 -j limit-639 +-A INPUT -i eth0 -j limit-640 +-A INPUT -i eth0 -j limit-641 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-109 +-A INPUT -j logdrop-199 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT --A INPUT -j logaccept-8 --A INPUT -j logdrop-110 +-A INPUT -j logaccept-14 +-A INPUT -j logdrop-200 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -1139,6 +2043,210 @@ -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-427 +-A OUTPUT -j limit-426 +-A OUTPUT -j limit-425 +-A OUTPUT -j limit-424 +-A OUTPUT -j limit-423 +-A OUTPUT -j limit-422 +-A OUTPUT -j limit-421 +-A OUTPUT -j limit-420 +-A OUTPUT -j limit-419 +-A OUTPUT -j limit-418 +-A OUTPUT -j limit-417 +-A OUTPUT -j limit-416 +-A OUTPUT -j limit-415 +-A OUTPUT -j limit-414 +-A OUTPUT -j limit-413 +-A OUTPUT -j limit-412 +-A OUTPUT -j limit-411 +-A OUTPUT -j limit-410 +-A OUTPUT -j limit-409 +-A OUTPUT -j limit-408 +-A OUTPUT -j limit-407 +-A OUTPUT -j limit-406 +-A OUTPUT -j limit-405 +-A OUTPUT -j limit-404 +-A OUTPUT -j limit-403 +-A OUTPUT -j limit-402 +-A OUTPUT -j limit-401 +-A OUTPUT -j limit-400 +-A OUTPUT -j limit-399 +-A OUTPUT -j limit-398 +-A OUTPUT -j limit-397 +-A OUTPUT -j limit-396 +-A OUTPUT -j limit-395 +-A OUTPUT -j limit-394 +-A OUTPUT -j limit-393 +-A OUTPUT -j limit-392 +-A OUTPUT -j limit-391 +-A OUTPUT -j limit-390 +-A OUTPUT -j limit-389 +-A OUTPUT -j limit-388 +-A OUTPUT -j limit-387 +-A OUTPUT -j limit-386 +-A OUTPUT -j limit-385 +-A OUTPUT -j limit-384 +-A OUTPUT -j limit-383 +-A OUTPUT -j limit-382 +-A OUTPUT -j limit-381 +-A OUTPUT -j limit-380 +-A OUTPUT -j limit-379 +-A OUTPUT -j limit-378 +-A OUTPUT -j limit-377 +-A OUTPUT -j limit-376 +-A OUTPUT -j limit-375 +-A OUTPUT -j limit-374 +-A OUTPUT -j limit-373 +-A OUTPUT -j limit-372 +-A OUTPUT -j limit-371 +-A OUTPUT -j limit-370 +-A OUTPUT -j limit-369 +-A OUTPUT -j limit-368 +-A OUTPUT -j limit-367 +-A OUTPUT -j limit-366 +-A OUTPUT -j limit-365 +-A OUTPUT -j limit-364 +-A OUTPUT -j limit-363 +-A OUTPUT -j limit-362 +-A OUTPUT -j limit-361 +-A OUTPUT -j limit-360 +-A OUTPUT -j limit-359 +-A OUTPUT -j limit-358 +-A OUTPUT -j limit-357 +-A OUTPUT -j limit-356 +-A OUTPUT -j limit-355 +-A OUTPUT -j limit-354 +-A OUTPUT -j limit-353 +-A OUTPUT -j limit-352 +-A OUTPUT -j limit-351 +-A OUTPUT -j limit-350 +-A OUTPUT -j limit-349 +-A OUTPUT -j limit-348 +-A OUTPUT -j limit-347 +-A OUTPUT -j limit-346 +-A OUTPUT -j limit-345 +-A OUTPUT -j limit-344 +-A OUTPUT -j limit-343 +-A OUTPUT -j limit-342 +-A OUTPUT -j limit-341 +-A OUTPUT -j limit-340 +-A OUTPUT -j limit-339 +-A OUTPUT -j limit-338 +-A OUTPUT -j limit-337 +-A OUTPUT -j limit-336 +-A OUTPUT -j limit-335 +-A OUTPUT -j limit-334 +-A OUTPUT -j limit-333 +-A OUTPUT -j limit-332 +-A OUTPUT -j limit-331 +-A OUTPUT -j limit-330 +-A OUTPUT -j limit-329 +-A OUTPUT -j limit-328 +-A OUTPUT -j limit-327 +-A OUTPUT -j limit-326 +-A OUTPUT -j limit-325 +-A OUTPUT -j limit-324 +-A OUTPUT -j limit-323 +-A OUTPUT -j limit-322 +-A OUTPUT -j limit-321 +-A OUTPUT -j limit-320 +-A OUTPUT -j limit-319 +-A OUTPUT -j limit-318 +-A OUTPUT -j limit-317 +-A OUTPUT -j limit-316 +-A OUTPUT -j limit-315 +-A OUTPUT -j limit-314 +-A OUTPUT -j limit-313 +-A OUTPUT -j limit-312 +-A OUTPUT -j limit-311 +-A OUTPUT -j limit-310 +-A OUTPUT -j limit-309 +-A OUTPUT -j limit-308 +-A OUTPUT -j limit-307 +-A OUTPUT -j limit-306 +-A OUTPUT -j limit-305 +-A OUTPUT -j limit-304 +-A OUTPUT -j limit-303 +-A OUTPUT -j limit-302 +-A OUTPUT -j limit-301 +-A OUTPUT -j limit-300 +-A OUTPUT -j limit-299 +-A OUTPUT -j limit-298 +-A OUTPUT -j limit-297 +-A OUTPUT -j limit-296 +-A OUTPUT -j limit-295 +-A OUTPUT -j limit-294 +-A OUTPUT -j limit-293 +-A OUTPUT -j limit-292 +-A OUTPUT -j limit-291 +-A OUTPUT -j limit-290 +-A OUTPUT -j limit-289 +-A OUTPUT -j limit-288 +-A OUTPUT -j limit-287 +-A OUTPUT -j limit-286 +-A OUTPUT -j limit-285 +-A OUTPUT -j limit-284 +-A OUTPUT -j limit-283 +-A OUTPUT -j limit-282 +-A OUTPUT -j limit-281 +-A OUTPUT -j limit-280 +-A OUTPUT -j limit-279 +-A OUTPUT -j limit-278 +-A OUTPUT -j limit-277 +-A OUTPUT -j limit-276 +-A OUTPUT -j limit-275 +-A OUTPUT -j limit-274 +-A OUTPUT -j limit-273 +-A OUTPUT -j limit-272 +-A OUTPUT -j limit-271 +-A OUTPUT -j limit-270 +-A OUTPUT -j limit-269 +-A OUTPUT -j limit-268 +-A OUTPUT -j limit-267 +-A OUTPUT -j limit-266 +-A OUTPUT -j limit-265 +-A OUTPUT -j limit-264 +-A OUTPUT -j limit-263 +-A OUTPUT -j limit-262 +-A OUTPUT -j limit-261 +-A OUTPUT -j limit-260 +-A OUTPUT -j limit-259 +-A OUTPUT -j limit-258 +-A OUTPUT -j limit-257 +-A OUTPUT -j limit-256 +-A OUTPUT -j limit-255 +-A OUTPUT -j limit-254 +-A OUTPUT -j limit-253 +-A OUTPUT -j limit-252 +-A OUTPUT -j limit-251 +-A OUTPUT -j limit-250 +-A OUTPUT -j limit-249 +-A OUTPUT -j limit-248 +-A OUTPUT -j limit-247 +-A OUTPUT -j limit-246 +-A OUTPUT -j limit-245 +-A OUTPUT -j limit-244 +-A OUTPUT -j limit-243 +-A OUTPUT -j limit-242 +-A OUTPUT -j limit-241 +-A OUTPUT -j limit-240 +-A OUTPUT -j limit-239 +-A OUTPUT -j limit-238 +-A OUTPUT -j limit-237 +-A OUTPUT -j limit-236 +-A OUTPUT -j limit-235 +-A OUTPUT -j limit-234 +-A OUTPUT -j limit-233 +-A OUTPUT -j limit-232 +-A OUTPUT -j limit-231 +-A OUTPUT -j limit-230 +-A OUTPUT -j limit-229 +-A OUTPUT -j limit-228 +-A OUTPUT -j limit-227 +-A OUTPUT -j limit-226 +-A OUTPUT -j limit-225 +-A OUTPUT -j limit-224 -A OUTPUT -j limit-223 -A OUTPUT -j limit-222 -A OUTPUT -j limit-221 @@ -1149,108 +2257,6 @@ -A OUTPUT -j limit-216 -A OUTPUT -j limit-215 -A OUTPUT -j limit-214 --A OUTPUT -j limit-213 --A OUTPUT -j limit-212 --A OUTPUT -j limit-211 --A OUTPUT -j limit-210 --A OUTPUT -j limit-209 --A OUTPUT -j limit-208 --A OUTPUT -j limit-207 --A OUTPUT -j limit-206 --A OUTPUT -j limit-205 --A OUTPUT -j limit-204 --A OUTPUT -j limit-203 --A OUTPUT -j limit-202 --A OUTPUT -j limit-201 --A OUTPUT -j limit-200 --A OUTPUT -j limit-199 --A OUTPUT -j limit-198 --A OUTPUT -j limit-197 --A OUTPUT -j limit-196 --A OUTPUT -j limit-195 --A OUTPUT -j limit-194 --A OUTPUT -j limit-193 --A OUTPUT -j limit-192 --A OUTPUT -j limit-191 --A OUTPUT -j limit-190 --A OUTPUT -j limit-189 --A OUTPUT -j limit-188 --A OUTPUT -j limit-187 --A OUTPUT -j limit-186 --A OUTPUT -j limit-185 --A OUTPUT -j limit-184 --A OUTPUT -j limit-183 --A OUTPUT -j limit-182 --A OUTPUT -j limit-181 --A OUTPUT -j limit-180 --A OUTPUT -j limit-179 --A OUTPUT -j limit-178 --A OUTPUT -j limit-177 --A OUTPUT -j limit-176 --A OUTPUT -j limit-175 --A OUTPUT -j limit-174 --A OUTPUT -j limit-173 --A OUTPUT -j limit-172 --A OUTPUT -j limit-171 --A OUTPUT -j limit-170 --A OUTPUT -j limit-169 --A OUTPUT -j limit-168 --A OUTPUT -j limit-167 --A OUTPUT -j limit-166 --A OUTPUT -j limit-165 --A OUTPUT -j limit-164 --A OUTPUT -j limit-163 --A OUTPUT -j limit-162 --A OUTPUT -j limit-161 --A OUTPUT -j limit-160 --A OUTPUT -j limit-159 --A OUTPUT -j limit-158 --A OUTPUT -j limit-157 --A OUTPUT -j limit-156 --A OUTPUT -j limit-155 --A OUTPUT -j limit-154 --A OUTPUT -j limit-153 --A OUTPUT -j limit-152 --A OUTPUT -j limit-151 --A OUTPUT -j limit-150 --A OUTPUT -j limit-149 --A OUTPUT -j limit-148 --A OUTPUT -j limit-147 --A OUTPUT -j limit-146 --A OUTPUT -j limit-145 --A OUTPUT -j limit-144 --A OUTPUT -j limit-143 --A OUTPUT -j limit-142 --A OUTPUT -j limit-141 --A OUTPUT -j limit-140 --A OUTPUT -j limit-139 --A OUTPUT -j limit-138 --A OUTPUT -j limit-137 --A OUTPUT -j limit-136 --A OUTPUT -j limit-135 --A OUTPUT -j limit-134 --A OUTPUT -j limit-133 --A OUTPUT -j limit-132 --A OUTPUT -j limit-131 --A OUTPUT -j limit-130 --A OUTPUT -j limit-129 --A OUTPUT -j limit-128 --A OUTPUT -j limit-127 --A OUTPUT -j limit-126 --A OUTPUT -j limit-125 --A OUTPUT -j limit-124 --A OUTPUT -j limit-123 --A OUTPUT -j limit-122 --A OUTPUT -j limit-121 --A OUTPUT -j limit-120 --A OUTPUT -j limit-119 --A OUTPUT -j limit-118 --A OUTPUT -j limit-117 --A OUTPUT -j limit-116 --A OUTPUT -j limit-115 --A OUTPUT -j limit-114 --A OUTPUT -j limit-113 --A OUTPUT -j limit-112 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -1368,9 +2374,111 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-106 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-107 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-108 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-109 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-110 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-111 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-112 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-54 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-114 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-115 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-116 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-117 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-118 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-119 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-120 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-62 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-122 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-123 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-124 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-66 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-126 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-127 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-128 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-129 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-130 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-131 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-132 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-133 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-134 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-135 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-136 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-137 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-138 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-140 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-141 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-142 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-144 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-145 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-146 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-147 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-148 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-149 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-150 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-152 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-153 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-154 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-156 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-157 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-158 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-159 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-160 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-161 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-162 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-163 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-164 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-165 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-166 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-167 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-168 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-170 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-171 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-172 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-174 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-175 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-176 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-177 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-178 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-179 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-180 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-182 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-183 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-184 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-186 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-187 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-188 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-189 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-190 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-191 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-192 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-193 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-194 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-195 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-196 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-197 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-198 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-199 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-200 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-201 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-202 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-203 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-204 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-205 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-206 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-207 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-208 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-209 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-210 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-211 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-212 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-213 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -1431,6 +2539,114 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-19 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-20 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-21 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-22 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-23 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-24 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-25 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-26 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-27 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-28 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-29 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-30 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-31 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-32 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-33 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-34 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-35 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-36 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-37 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -1495,13 +2711,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-109 +-A OUTPUT -j logdrop-199 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT --A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-110 +-A OUTPUT -j logaccept-14 +-A OUTPUT -j logdrop-200 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -1527,574 +2743,1153 @@ -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-100 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j ACCEPT --A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -j DROP --A limit-101 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN --A limit-101 -m limit --limit 1/second -j LOG --A limit-101 -j DROP --A limit-102 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j logaccept-1 --A limit-102 -m limit --limit 1/second -j LOG --A limit-102 -j DROP --A limit-103 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j ACCEPT --A limit-103 -m limit --limit 1/second -j LOG --A limit-103 -j DROP --A limit-104 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT --A limit-104 -j DROP --A limit-105 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN --A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-2 --A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT --A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT --A limit-108 -j DROP --A limit-109 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN --A limit-109 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-41 +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-42 +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set +-A limit-102 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-43 +-A limit-102 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-103 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-44 +-A limit-103 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-104 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-45 +-A limit-104 -m limit --limit 1/second -j LOG +-A limit-104 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-105 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-46 +-A limit-105 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-47 +-A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-48 +-A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-49 +-A limit-108 -j ACCEPT -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set --A limit-110 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-3 --A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT --A limit-111 -j DROP --A limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --set --A limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --set --A limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --set --A limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set --A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set +-A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-51 +-A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -j ACCEPT +-A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-52 +-A limit-111 -m limit --limit 1/second -j LOG +-A limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-53 +-A limit-112 -j ACCEPT +-A limit-114 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-55 +-A limit-114 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-115 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-56 +-A limit-115 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-116 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-57 +-A limit-116 -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-117 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-58 +-A limit-117 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-118 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-59 +-A limit-118 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-119 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-60 +-A limit-119 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set --A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 --A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set --A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 --A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-120 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-61 +-A limit-120 -j ACCEPT +-A limit-122 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-63 +-A limit-122 -m limit --limit 1/second -j LOG +-A limit-122 -j ACCEPT +-A limit-123 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-64 +-A limit-123 -m limit --limit 1/second -j LOG +-A limit-124 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-65 +-A limit-124 -j ACCEPT +-A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set +-A limit-128 -m recent --name limit-128 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-128 -m limit --limit 1/second -j LOG +-A limit-128 -m recent --name limit-128 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-129 -m recent --name limit-129 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-129 -m recent --name limit-129 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-55 --A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-56 --A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-57 --A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-58 --A limit-133 -m limit --limit 1/second -j LOG --A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-59 --A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-60 --A limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 --A limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 --A limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 --A limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 --A limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-130 -m recent --name limit-130 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-130 -m recent --name limit-130 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-131 -m recent --name limit-131 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-131 -m recent --name limit-131 --rsource --mask 255.255.255.255 --set +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-134 -m limit --limit 1/second -j LOG +-A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-136 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-136 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-137 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-137 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-138 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-138 -j ACCEPT -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 --A limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 --A limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-142 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 --A limit-143 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 --A limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 --A limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 --A limit-145 -m limit --limit 1/second -j LOG --A limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 --A limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 --A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set --A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set +-A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-140 -m limit --limit 1/second -j LOG +-A limit-140 -j ACCEPT +-A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-141 -m limit --limit 1/second -j LOG +-A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-142 -j ACCEPT +-A limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-146 -m limit --limit 1/second -j LOG +-A limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-148 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-148 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-149 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-149 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set --A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set --A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set --A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-150 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-150 -j ACCEPT +-A limit-152 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-152 -m limit --limit 1/second -j LOG +-A limit-152 -j ACCEPT +-A limit-153 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-153 -m limit --limit 1/second -j LOG +-A limit-154 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-154 -j ACCEPT +-A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set +-A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-158 -m limit --limit 1/second -j LOG +-A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-160 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-161 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-163 -m limit --limit 1/second -j LOG --A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set +-A limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-164 -m limit --limit 1/second -j LOG +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-168 -j ACCEPT -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-172 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-173 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-175 -m limit --limit 1/second -j LOG --A limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set --A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set +-A limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-170 -m limit --limit 1/second -j LOG +-A limit-170 -j ACCEPT +-A limit-171 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-171 -m limit --limit 1/second -j LOG +-A limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-172 -j ACCEPT +-A limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-176 -m limit --limit 1/second -j LOG +-A limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-178 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-178 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-179 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-179 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-18 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19 -A limit-18 -j ACCEPT --A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set --A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --set --A limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --set --A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-193 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-180 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-180 -j ACCEPT +-A limit-182 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-182 -m limit --limit 1/second -j LOG +-A limit-182 -j ACCEPT +-A limit-183 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-183 -m limit --limit 1/second -j LOG +-A limit-184 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-184 -j ACCEPT +-A limit-186 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-186 -j ACCEPT +-A limit-186 -m limit --limit 1/second -j LOG +-A limit-186 -j DROP +-A limit-187 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-187 -j RETURN +-A limit-187 -m limit --limit 1/second -j LOG +-A limit-187 -j DROP +-A limit-188 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-188 -j logaccept-0 +-A limit-188 -m limit --limit 1/second -j LOG +-A limit-188 -j DROP +-A limit-189 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-189 -j ACCEPT +-A limit-189 -m limit --limit 1/second -j LOG +-A limit-189 -j DROP +-A limit-190 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-190 -j ACCEPT +-A limit-190 -m limit --limit 1/second -j LOG +-A limit-190 -j DROP +-A limit-191 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-191 -j RETURN +-A limit-191 -m limit --limit 1/second -j LOG +-A limit-191 -j DROP +-A limit-192 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-192 -j logaccept-1 +-A limit-192 -m limit --limit 1/second -j LOG +-A limit-192 -j DROP +-A limit-193 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-193 -j ACCEPT -A limit-193 -m limit --limit 1/second -j LOG --A limit-194 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-195 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-193 -j DROP +-A limit-194 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-194 -j ACCEPT +-A limit-194 -j DROP +-A limit-195 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-195 -j RETURN +-A limit-195 -j DROP +-A limit-196 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-196 -j logaccept-2 +-A limit-196 -j DROP +-A limit-197 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-197 -j ACCEPT +-A limit-197 -j DROP +-A limit-198 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-198 -j ACCEPT +-A limit-198 -j DROP +-A limit-199 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-199 -j RETURN +-A limit-199 -j DROP -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-20 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG -A limit-20 -j ACCEPT --A limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-202 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-203 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-204 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-205 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-200 -j logaccept-3 +-A limit-200 -j DROP +-A limit-201 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-201 -j ACCEPT +-A limit-201 -j DROP +-A limit-202 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-202 -j ACCEPT +-A limit-202 -m limit --limit 1/second -j LOG +-A limit-202 -j DROP +-A limit-203 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-203 -j RETURN +-A limit-203 -m limit --limit 1/second -j LOG +-A limit-203 -j DROP +-A limit-204 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-204 -j logaccept-4 +-A limit-204 -m limit --limit 1/second -j LOG +-A limit-204 -j DROP +-A limit-205 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-205 -j ACCEPT -A limit-205 -m limit --limit 1/second -j LOG --A limit-206 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-207 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-208 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j RETURN --A limit-208 -m limit --limit 1/second -j LOG +-A limit-205 -j DROP +-A limit-206 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-206 -j ACCEPT +-A limit-206 -j DROP +-A limit-207 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-207 -j RETURN +-A limit-207 -j DROP +-A limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j logaccept-5 -A limit-208 -j DROP --A limit-209 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j RETURN --A limit-209 -m limit --limit 1/second -j LOG +-A limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j ACCEPT -A limit-209 -j DROP -A limit-21 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22 -A limit-21 -m limit --limit 1/second -j LOG --A limit-210 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j RETURN --A limit-210 -m limit --limit 1/second -j LOG +-A limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j ACCEPT -A limit-210 -j DROP --A limit-211 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN --A limit-211 -m limit --limit 1/second -j LOG +-A limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN -A limit-211 -j DROP --A limit-212 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j RETURN --A limit-212 -m limit --limit 1/second -j LOG +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j logaccept-6 -A limit-212 -j DROP --A limit-213 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN --A limit-213 -m limit --limit 1/second -j LOG +-A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j ACCEPT -A limit-213 -j DROP --A limit-214 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j RETURN --A limit-214 -m limit --limit 1/second -j LOG --A limit-214 -j DROP --A limit-215 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j RETURN --A limit-215 -m limit --limit 1/second -j LOG --A limit-215 -j DROP --A limit-216 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j RETURN --A limit-216 -j DROP --A limit-217 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN --A limit-217 -j DROP --A limit-218 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j RETURN --A limit-218 -j DROP --A limit-219 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j RETURN --A limit-219 -j DROP +-A limit-214 -m recent --name limit-214 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-214 -m recent --name limit-214 --rsource --mask 255.255.255.255 --set +-A limit-215 -m recent --name limit-215 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-68 +-A limit-215 -m recent --name limit-215 --rsource --mask 255.255.255.255 --set +-A limit-216 -m recent --name limit-216 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-216 -m recent --name limit-216 --rsource --mask 255.255.255.255 --set +-A limit-217 -m recent --name limit-217 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-217 -m recent --name limit-217 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-218 -m recent --name limit-218 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-218 -m recent --name limit-218 --rsource --mask 255.255.255.255 --set +-A limit-219 -m recent --name limit-219 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-72 +-A limit-219 -m recent --name limit-219 --rsource --mask 255.255.255.255 --set -A limit-22 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23 -A limit-22 -j ACCEPT --A limit-220 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j RETURN --A limit-220 -j DROP --A limit-221 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN --A limit-221 -j DROP --A limit-222 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j RETURN --A limit-222 -j DROP --A limit-223 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j RETURN --A limit-223 -j DROP --A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 --A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-220 -m recent --name limit-220 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 +-A limit-220 -m recent --name limit-220 --rsource --mask 255.255.255.255 --set +-A limit-221 -m recent --name limit-221 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-221 -m recent --name limit-221 --rsource --mask 255.255.255.255 --set +-A limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 +-A limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --set +-A limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 +-A limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 +-A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set +-A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 -A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set --A limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 --A limit-226 -m limit --limit 1/second -j LOG --A limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 --A limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 --A limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 --A limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --set --A limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 --A limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 --A limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --set --A limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 --A limit-232 -m limit --limit 1/second -j LOG --A limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 --A limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 --A limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 --A limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --set --A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-85 --A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-86 --A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-87 --A limit-238 -m limit --limit 1/second -j LOG --A limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-88 --A limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-226 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 +-A limit-226 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-227 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 +-A limit-227 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-228 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 +-A limit-228 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-229 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 +-A limit-229 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-230 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 +-A limit-230 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-231 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 +-A limit-231 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-232 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-85 +-A limit-233 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-86 +-A limit-234 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-87 +-A limit-235 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-88 +-A limit-235 -m limit --limit 1/second -j LOG +-A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-89 +-A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-90 +-A limit-238 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-91 +-A limit-238 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-239 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-92 +-A limit-239 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 -A limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-89 --A limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-90 --A limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-242 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-91 --A limit-242 -j ACCEPT --A limit-244 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-93 --A limit-244 -m limit --limit 1/second -j LOG --A limit-244 -j ACCEPT --A limit-245 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-94 --A limit-245 -m limit --limit 1/second -j LOG --A limit-246 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-95 --A limit-246 -j ACCEPT --A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-97 --A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-98 --A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-240 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-93 +-A limit-240 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-241 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-94 +-A limit-241 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-242 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-95 +-A limit-242 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-243 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-96 +-A limit-243 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-244 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-97 +-A limit-245 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-98 +-A limit-246 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-99 +-A limit-247 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-100 +-A limit-247 -m limit --limit 1/second -j LOG +-A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-101 +-A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-102 -A limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 -A limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-99 --A limit-250 -m limit --limit 1/second -j LOG --A limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-100 --A limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-101 --A limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-102 --A limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-254 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-103 --A limit-254 -j ACCEPT --A limit-256 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-105 --A limit-256 -m limit --limit 1/second -j LOG --A limit-256 -j ACCEPT --A limit-257 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-106 --A limit-257 -m limit --limit 1/second -j LOG --A limit-258 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-107 --A limit-258 -j ACCEPT +-A limit-250 -m recent --name limit-250 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-250 -m recent --name limit-250 --rsource --mask 255.255.255.255 --set +-A limit-251 -m recent --name limit-251 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-251 -m recent --name limit-251 --rsource --mask 255.255.255.255 --set +-A limit-252 -m recent --name limit-252 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-252 -m recent --name limit-252 --rsource --mask 255.255.255.255 --set +-A limit-253 -m recent --name limit-253 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-253 -m recent --name limit-253 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-254 -m recent --name limit-254 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-254 -m recent --name limit-254 --rsource --mask 255.255.255.255 --set +-A limit-255 -m recent --name limit-255 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-255 -m recent --name limit-255 --rsource --mask 255.255.255.255 --set +-A limit-256 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-256 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-257 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-257 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-258 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-258 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-259 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-259 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-26 -m limit --limit 1/second -j LOG -A limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --set --A limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-262 -m limit --limit 1/second -j LOG --A limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --set --A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-268 -m limit --limit 1/second -j LOG --A limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-260 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-260 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-261 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-261 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-262 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-263 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-264 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m limit --limit 1/second -j LOG +-A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-269 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-269 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 -A limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-272 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-272 -j ACCEPT --A limit-274 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-274 -m limit --limit 1/second -j LOG --A limit-274 -j ACCEPT --A limit-275 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-275 -m limit --limit 1/second -j LOG --A limit-276 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-276 -j ACCEPT --A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-270 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-270 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-271 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-271 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-272 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-272 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-273 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-273 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-274 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-275 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-276 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-277 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-277 -m limit --limit 1/second -j LOG +-A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 -A limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-280 -m limit --limit 1/second -j LOG --A limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-284 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-284 -j ACCEPT --A limit-286 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-286 -m limit --limit 1/second -j LOG --A limit-286 -j ACCEPT --A limit-287 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-287 -m limit --limit 1/second -j LOG --A limit-288 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-288 -j ACCEPT +-A limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --set +-A limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --set +-A limit-282 -m recent --name limit-282 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-282 -m recent --name limit-282 --rsource --mask 255.255.255.255 --set +-A limit-283 -m recent --name limit-283 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-283 -m recent --name limit-283 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-284 -m recent --name limit-284 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-284 -m recent --name limit-284 --rsource --mask 255.255.255.255 --set +-A limit-285 -m recent --name limit-285 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-285 -m recent --name limit-285 --rsource --mask 255.255.255.255 --set +-A limit-286 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-286 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-287 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-287 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-288 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-288 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-289 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-289 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 -A limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --set --A limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-292 -m limit --limit 1/second -j LOG --A limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --set --A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-298 -m limit --limit 1/second -j LOG --A limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-290 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-290 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-291 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-291 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-292 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-293 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-294 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m limit --limit 1/second -j LOG +-A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-299 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-299 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-30 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-31 -A limit-30 -j ACCEPT --A limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-302 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-302 -j ACCEPT --A limit-304 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-304 -m limit --limit 1/second -j LOG --A limit-304 -j ACCEPT --A limit-305 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-305 -m limit --limit 1/second -j LOG --A limit-306 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-306 -j ACCEPT --A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-310 -m limit --limit 1/second -j LOG --A limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT --A limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --set --A limit-314 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-314 -j ACCEPT --A limit-316 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-316 -m limit --limit 1/second -j LOG --A limit-316 -j ACCEPT --A limit-317 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-317 -m limit --limit 1/second -j LOG --A limit-318 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-318 -j ACCEPT +-A limit-300 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-300 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-301 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-301 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-302 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-302 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-303 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-303 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-304 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-305 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-306 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-307 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-307 -m limit --limit 1/second -j LOG +-A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-310 -m recent --name limit-310 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-103 +-A limit-310 -m recent --name limit-310 --rsource --mask 255.255.255.255 --set +-A limit-311 -m recent --name limit-311 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-104 +-A limit-311 -m recent --name limit-311 --rsource --mask 255.255.255.255 --set +-A limit-312 -m recent --name limit-312 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-105 +-A limit-312 -m recent --name limit-312 --rsource --mask 255.255.255.255 --set +-A limit-313 -m recent --name limit-313 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-106 +-A limit-313 -m recent --name limit-313 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-314 -m recent --name limit-314 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-107 +-A limit-314 -m recent --name limit-314 --rsource --mask 255.255.255.255 --set +-A limit-315 -m recent --name limit-315 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-108 +-A limit-315 -m recent --name limit-315 --rsource --mask 255.255.255.255 --set +-A limit-316 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-109 +-A limit-316 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-317 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-110 +-A limit-317 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-318 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-111 +-A limit-318 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-319 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-112 +-A limit-319 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-32 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-33 -A limit-32 -m limit --limit 1/second -j LOG -A limit-32 -j ACCEPT --A limit-320 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-320 -j ACCEPT --A limit-320 -m limit --limit 1/second -j LOG --A limit-320 -j DROP --A limit-321 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-321 -j RETURN --A limit-321 -m limit --limit 1/second -j LOG --A limit-321 -j DROP --A limit-322 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-322 -j logaccept-4 --A limit-322 -m limit --limit 1/second -j LOG --A limit-322 -j DROP --A limit-323 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-323 -j ACCEPT --A limit-323 -m limit --limit 1/second -j LOG --A limit-323 -j DROP --A limit-324 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-324 -j ACCEPT --A limit-324 -m limit --limit 1/second -j LOG --A limit-324 -j DROP --A limit-325 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-325 -j RETURN +-A limit-320 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-113 +-A limit-320 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-321 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-114 +-A limit-321 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-322 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-115 +-A limit-323 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-116 +-A limit-324 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-117 +-A limit-325 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-118 -A limit-325 -m limit --limit 1/second -j LOG --A limit-325 -j DROP --A limit-326 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-326 -j logaccept-5 --A limit-326 -m limit --limit 1/second -j LOG --A limit-326 -j DROP --A limit-327 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-327 -j ACCEPT --A limit-327 -m limit --limit 1/second -j LOG --A limit-327 -j DROP --A limit-328 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-328 -j ACCEPT --A limit-328 -j DROP --A limit-329 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-329 -j RETURN --A limit-329 -j DROP +-A limit-326 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-119 +-A limit-327 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-120 +-A limit-328 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-121 +-A limit-328 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-329 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-122 +-A limit-329 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-33 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-34 -A limit-33 -m limit --limit 1/second -j LOG --A limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-330 -j logaccept-6 --A limit-330 -j DROP --A limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-331 -j ACCEPT --A limit-331 -j DROP --A limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-332 -j ACCEPT --A limit-332 -j DROP --A limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-333 -j RETURN --A limit-333 -j DROP --A limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-334 -j logaccept-7 --A limit-334 -j DROP --A limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-335 -j ACCEPT --A limit-335 -j DROP +-A limit-330 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-123 +-A limit-330 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-331 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-124 +-A limit-331 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-332 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-125 +-A limit-332 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-333 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-126 +-A limit-333 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-334 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-127 +-A limit-335 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-128 +-A limit-336 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-129 +-A limit-337 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-130 +-A limit-337 -m limit --limit 1/second -j LOG +-A limit-338 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-131 +-A limit-339 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-132 -A limit-34 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-35 -A limit-34 -j ACCEPT +-A limit-340 -m recent --name limit-340 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-340 -m recent --name limit-340 --rsource --mask 255.255.255.255 --set +-A limit-341 -m recent --name limit-341 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-341 -m recent --name limit-341 --rsource --mask 255.255.255.255 --set +-A limit-342 -m recent --name limit-342 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-342 -m recent --name limit-342 --rsource --mask 255.255.255.255 --set +-A limit-343 -m recent --name limit-343 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-343 -m recent --name limit-343 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-344 -m recent --name limit-344 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-344 -m recent --name limit-344 --rsource --mask 255.255.255.255 --set +-A limit-345 -m recent --name limit-345 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-345 -m recent --name limit-345 --rsource --mask 255.255.255.255 --set +-A limit-346 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-346 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-347 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-347 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-348 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-348 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-349 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-349 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-350 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-350 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-351 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-351 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-352 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-353 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-354 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-355 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-355 -m limit --limit 1/second -j LOG +-A limit-356 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-357 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-358 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-358 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-359 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-359 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-360 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-360 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-361 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-361 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-362 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-362 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-363 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-363 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-364 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-365 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-366 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-367 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-367 -m limit --limit 1/second -j LOG +-A limit-368 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-369 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP -A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --set +-A limit-370 -m recent --name limit-370 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-370 -m recent --name limit-370 --rsource --mask 255.255.255.255 --set +-A limit-371 -m recent --name limit-371 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-371 -m recent --name limit-371 --rsource --mask 255.255.255.255 --set +-A limit-372 -m recent --name limit-372 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-372 -m recent --name limit-372 --rsource --mask 255.255.255.255 --set +-A limit-373 -m recent --name limit-373 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-373 -m recent --name limit-373 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-374 -m recent --name limit-374 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-374 -m recent --name limit-374 --rsource --mask 255.255.255.255 --set +-A limit-375 -m recent --name limit-375 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-375 -m recent --name limit-375 --rsource --mask 255.255.255.255 --set +-A limit-376 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-376 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-377 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-377 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-378 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-378 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-379 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-379 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG -A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-380 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-380 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-381 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-381 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-382 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-383 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-384 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-385 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-385 -m limit --limit 1/second -j LOG +-A limit-386 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-387 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-388 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-388 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-389 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-389 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-390 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-390 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-391 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-391 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-392 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-392 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-393 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-393 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-394 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-395 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-396 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-397 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-397 -m limit --limit 1/second -j LOG +-A limit-398 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-399 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-400 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-400 -j RETURN +-A limit-400 -m limit --limit 1/second -j LOG +-A limit-400 -j DROP +-A limit-401 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-401 -j RETURN +-A limit-401 -m limit --limit 1/second -j LOG +-A limit-401 -j DROP +-A limit-402 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-402 -j RETURN +-A limit-402 -m limit --limit 1/second -j LOG +-A limit-402 -j DROP +-A limit-403 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-403 -j RETURN +-A limit-403 -m limit --limit 1/second -j LOG +-A limit-403 -j DROP +-A limit-404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-404 -j RETURN +-A limit-404 -m limit --limit 1/second -j LOG +-A limit-404 -j DROP +-A limit-405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-405 -j RETURN +-A limit-405 -m limit --limit 1/second -j LOG +-A limit-405 -j DROP +-A limit-406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-406 -j RETURN +-A limit-406 -m limit --limit 1/second -j LOG +-A limit-406 -j DROP +-A limit-407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-407 -j RETURN +-A limit-407 -m limit --limit 1/second -j LOG +-A limit-407 -j DROP +-A limit-408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-408 -j RETURN +-A limit-408 -j DROP +-A limit-409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-409 -j RETURN +-A limit-409 -j DROP -A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set +-A limit-410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-410 -j RETURN +-A limit-410 -j DROP +-A limit-411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-411 -j RETURN +-A limit-411 -j DROP +-A limit-412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-412 -j RETURN +-A limit-412 -j DROP +-A limit-413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-413 -j RETURN +-A limit-413 -j DROP +-A limit-414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-414 -j RETURN +-A limit-414 -j DROP +-A limit-415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-415 -j RETURN +-A limit-415 -j DROP +-A limit-416 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-416 -j RETURN +-A limit-416 -m limit --limit 1/second -j LOG +-A limit-416 -j DROP +-A limit-417 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-417 -j RETURN +-A limit-417 -m limit --limit 1/second -j LOG +-A limit-417 -j DROP +-A limit-418 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-418 -j RETURN +-A limit-418 -m limit --limit 1/second -j LOG +-A limit-418 -j DROP +-A limit-419 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-419 -j RETURN +-A limit-419 -m limit --limit 1/second -j LOG +-A limit-419 -j DROP -A limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-420 -j RETURN +-A limit-420 -j DROP +-A limit-421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-421 -j RETURN +-A limit-421 -j DROP +-A limit-422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-422 -j RETURN +-A limit-422 -j DROP +-A limit-423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-423 -j RETURN +-A limit-423 -j DROP +-A limit-424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-424 -j RETURN +-A limit-424 -j DROP +-A limit-425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-425 -j RETURN +-A limit-425 -j DROP +-A limit-426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-426 -j RETURN +-A limit-426 -j DROP +-A limit-427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-427 -j RETURN +-A limit-427 -j DROP +-A limit-428 -m recent --name limit-428 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-133 +-A limit-428 -m recent --name limit-428 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-429 -m recent --name limit-429 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-134 +-A limit-429 -m recent --name limit-429 --rsource --mask 255.255.255.255 --set -A limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-430 -m recent --name limit-430 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-135 +-A limit-430 -m limit --limit 1/second -j LOG +-A limit-430 -m recent --name limit-430 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-431 -m recent --name limit-431 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-136 +-A limit-431 -m recent --name limit-431 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-432 -m recent --name limit-432 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-137 +-A limit-432 -m recent --name limit-432 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-433 -m recent --name limit-433 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-138 +-A limit-433 -m recent --name limit-433 --rsource --mask 255.255.255.255 --set +-A limit-434 -m recent --name limit-434 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-139 +-A limit-434 -m recent --name limit-434 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-435 -m recent --name limit-435 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-140 +-A limit-435 -m recent --name limit-435 --rsource --mask 255.255.255.255 --set +-A limit-436 -m recent --name limit-436 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-141 +-A limit-436 -m limit --limit 1/second -j LOG +-A limit-436 -m recent --name limit-436 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-437 -m recent --name limit-437 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-142 +-A limit-437 -m recent --name limit-437 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-438 -m recent --name limit-438 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-143 +-A limit-438 -m recent --name limit-438 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-439 -m recent --name limit-439 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-144 +-A limit-439 -m recent --name limit-439 --rsource --mask 255.255.255.255 --set -A limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG -A limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-440 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-145 +-A limit-440 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-441 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-146 +-A limit-441 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-442 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-147 +-A limit-442 -m limit --limit 1/second -j LOG +-A limit-442 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-443 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-148 +-A limit-443 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-444 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-149 +-A limit-444 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-445 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-150 +-A limit-445 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-446 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-151 +-A limit-446 -j ACCEPT +-A limit-448 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-153 +-A limit-448 -m limit --limit 1/second -j LOG +-A limit-448 -j ACCEPT +-A limit-449 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-154 +-A limit-449 -m limit --limit 1/second -j LOG -A limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-450 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-155 +-A limit-450 -j ACCEPT +-A limit-452 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-157 +-A limit-452 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-453 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-158 +-A limit-453 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-454 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-159 +-A limit-454 -m limit --limit 1/second -j LOG +-A limit-454 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-455 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-160 +-A limit-455 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-456 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-161 +-A limit-456 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-457 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-162 +-A limit-457 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-458 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-163 +-A limit-458 -j ACCEPT -A limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-460 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-165 +-A limit-460 -m limit --limit 1/second -j LOG +-A limit-460 -j ACCEPT +-A limit-461 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-166 +-A limit-461 -m limit --limit 1/second -j LOG +-A limit-462 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-167 +-A limit-462 -j ACCEPT +-A limit-464 -m recent --name limit-464 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-464 -m recent --name limit-464 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-465 -m recent --name limit-465 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-465 -m recent --name limit-465 --rsource --mask 255.255.255.255 --set +-A limit-466 -m recent --name limit-466 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-466 -m limit --limit 1/second -j LOG +-A limit-466 -m recent --name limit-466 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-467 -m recent --name limit-467 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-467 -m recent --name limit-467 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-468 -m recent --name limit-468 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-468 -m recent --name limit-468 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-469 -m recent --name limit-469 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-469 -m recent --name limit-469 --rsource --mask 255.255.255.255 --set -A limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-470 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-470 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-471 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-471 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-472 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-472 -m limit --limit 1/second -j LOG +-A limit-472 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-473 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-473 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-474 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-474 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-475 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-475 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-476 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-476 -j ACCEPT +-A limit-478 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-478 -m limit --limit 1/second -j LOG +-A limit-478 -j ACCEPT +-A limit-479 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-479 -m limit --limit 1/second -j LOG -A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-48 -j ACCEPT +-A limit-480 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-480 -j ACCEPT +-A limit-482 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-482 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-483 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-483 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-484 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-484 -m limit --limit 1/second -j LOG +-A limit-484 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-485 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-485 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-486 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-486 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-487 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-487 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-488 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-488 -j ACCEPT +-A limit-490 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-490 -m limit --limit 1/second -j LOG +-A limit-490 -j ACCEPT +-A limit-491 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-491 -m limit --limit 1/second -j LOG +-A limit-492 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-492 -j ACCEPT +-A limit-494 -m recent --name limit-494 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-494 -m recent --name limit-494 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-495 -m recent --name limit-495 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-495 -m recent --name limit-495 --rsource --mask 255.255.255.255 --set +-A limit-496 -m recent --name limit-496 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-496 -m limit --limit 1/second -j LOG +-A limit-496 -m recent --name limit-496 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-497 -m recent --name limit-497 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-497 -m recent --name limit-497 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-498 -m recent --name limit-498 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-498 -m recent --name limit-498 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-499 -m recent --name limit-499 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-499 -m recent --name limit-499 --rsource --mask 255.255.255.255 --set -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set -A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-50 -m limit --limit 1/second -j LOG -A limit-50 -j ACCEPT +-A limit-500 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-500 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-501 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-501 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-502 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-502 -m limit --limit 1/second -j LOG +-A limit-502 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-503 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-503 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-504 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-504 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-505 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-505 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-506 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-506 -j ACCEPT +-A limit-508 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-508 -m limit --limit 1/second -j LOG +-A limit-508 -j ACCEPT +-A limit-509 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-509 -m limit --limit 1/second -j LOG -A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-51 -m limit --limit 1/second -j LOG +-A limit-510 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-510 -j ACCEPT +-A limit-512 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-512 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-513 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-513 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-514 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-514 -m limit --limit 1/second -j LOG +-A limit-514 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-515 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-515 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-516 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-516 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-517 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-517 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-518 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-518 -j ACCEPT -A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-52 -j ACCEPT +-A limit-520 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-520 -m limit --limit 1/second -j LOG +-A limit-520 -j ACCEPT +-A limit-521 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-521 -m limit --limit 1/second -j LOG +-A limit-522 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-522 -j ACCEPT +-A limit-524 -m recent --name limit-524 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-169 +-A limit-524 -m recent --name limit-524 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-525 -m recent --name limit-525 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-170 +-A limit-525 -m recent --name limit-525 --rsource --mask 255.255.255.255 --set +-A limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-171 +-A limit-526 -m limit --limit 1/second -j LOG +-A limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-172 +-A limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-173 +-A limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-174 +-A limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --set +-A limit-530 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-175 +-A limit-530 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-531 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-176 +-A limit-531 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-532 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-177 +-A limit-532 -m limit --limit 1/second -j LOG +-A limit-532 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-533 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-178 +-A limit-533 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-534 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-179 +-A limit-534 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-535 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-180 +-A limit-535 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-536 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-181 +-A limit-536 -j ACCEPT +-A limit-538 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-183 +-A limit-538 -m limit --limit 1/second -j LOG +-A limit-538 -j ACCEPT +-A limit-539 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-184 +-A limit-539 -m limit --limit 1/second -j LOG -A limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-540 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-185 +-A limit-540 -j ACCEPT +-A limit-542 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-187 +-A limit-542 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-543 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-188 +-A limit-543 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-544 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-189 +-A limit-544 -m limit --limit 1/second -j LOG +-A limit-544 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-545 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-190 +-A limit-545 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-546 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-191 +-A limit-546 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-547 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-192 +-A limit-547 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-548 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-193 +-A limit-548 -j ACCEPT -A limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-550 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-195 +-A limit-550 -m limit --limit 1/second -j LOG +-A limit-550 -j ACCEPT +-A limit-551 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-196 +-A limit-551 -m limit --limit 1/second -j LOG +-A limit-552 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-197 +-A limit-552 -j ACCEPT +-A limit-554 -m recent --name limit-554 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-554 -m recent --name limit-554 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-555 -m recent --name limit-555 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-555 -m recent --name limit-555 --rsource --mask 255.255.255.255 --set +-A limit-556 -m recent --name limit-556 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-556 -m limit --limit 1/second -j LOG +-A limit-556 -m recent --name limit-556 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-557 -m recent --name limit-557 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-557 -m recent --name limit-557 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-558 -m recent --name limit-558 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-558 -m recent --name limit-558 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-559 -m recent --name limit-559 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-559 -m recent --name limit-559 --rsource --mask 255.255.255.255 --set -A limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-56 -m limit --limit 1/second -j LOG -A limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-560 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-560 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-561 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-561 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-562 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-562 -m limit --limit 1/second -j LOG +-A limit-562 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-563 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-563 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-564 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-564 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-565 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-565 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-566 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-566 -j ACCEPT +-A limit-568 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-568 -m limit --limit 1/second -j LOG +-A limit-568 -j ACCEPT +-A limit-569 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-569 -m limit --limit 1/second -j LOG -A limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-570 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-570 -j ACCEPT +-A limit-572 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-572 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-573 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-573 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-574 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-574 -m limit --limit 1/second -j LOG +-A limit-574 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-575 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-575 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-576 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-576 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-577 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-577 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-578 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-578 -j ACCEPT -A limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-580 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-580 -m limit --limit 1/second -j LOG +-A limit-580 -j ACCEPT +-A limit-581 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-581 -m limit --limit 1/second -j LOG +-A limit-582 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-582 -j ACCEPT +-A limit-584 -m recent --name limit-584 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-584 -m recent --name limit-584 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-585 -m recent --name limit-585 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-585 -m recent --name limit-585 --rsource --mask 255.255.255.255 --set +-A limit-586 -m recent --name limit-586 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-586 -m limit --limit 1/second -j LOG +-A limit-586 -m recent --name limit-586 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-587 -m recent --name limit-587 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-587 -m recent --name limit-587 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-588 -m recent --name limit-588 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-588 -m recent --name limit-588 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-589 -m recent --name limit-589 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-589 -m recent --name limit-589 --rsource --mask 255.255.255.255 --set -A limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-590 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-590 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-591 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-591 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-592 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-592 -m limit --limit 1/second -j LOG +-A limit-592 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-593 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-593 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-594 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-594 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-595 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-595 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-596 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-596 -j ACCEPT +-A limit-598 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-598 -m limit --limit 1/second -j LOG +-A limit-598 -j ACCEPT +-A limit-599 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-599 -m limit --limit 1/second -j LOG -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-60 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-60 -j ACCEPT +-A limit-600 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-600 -j ACCEPT +-A limit-602 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-602 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-603 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-603 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-604 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-604 -m limit --limit 1/second -j LOG +-A limit-604 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-605 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-605 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-606 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-606 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-607 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP +-A limit-607 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-608 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-608 -j ACCEPT +-A limit-610 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-610 -m limit --limit 1/second -j LOG +-A limit-610 -j ACCEPT +-A limit-611 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-611 -m limit --limit 1/second -j LOG +-A limit-612 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-612 -j ACCEPT +-A limit-614 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-614 -j ACCEPT +-A limit-614 -m limit --limit 1/second -j LOG +-A limit-614 -j DROP +-A limit-615 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-615 -j RETURN +-A limit-615 -m limit --limit 1/second -j LOG +-A limit-615 -j DROP +-A limit-616 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-616 -j logaccept-7 +-A limit-616 -m limit --limit 1/second -j LOG +-A limit-616 -j DROP +-A limit-617 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-617 -j ACCEPT +-A limit-617 -m limit --limit 1/second -j LOG +-A limit-617 -j DROP +-A limit-618 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-618 -j ACCEPT +-A limit-618 -m limit --limit 1/second -j LOG +-A limit-618 -j DROP +-A limit-619 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-619 -j RETURN +-A limit-619 -m limit --limit 1/second -j LOG +-A limit-619 -j DROP -A limit-62 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-62 -m limit --limit 1/second -j LOG -A limit-62 -j ACCEPT +-A limit-620 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-620 -j logaccept-8 +-A limit-620 -m limit --limit 1/second -j LOG +-A limit-620 -j DROP +-A limit-621 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-621 -j ACCEPT +-A limit-621 -m limit --limit 1/second -j LOG +-A limit-621 -j DROP +-A limit-622 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-622 -j ACCEPT +-A limit-622 -j DROP +-A limit-623 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-623 -j RETURN +-A limit-623 -j DROP +-A limit-624 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-624 -j logaccept-9 +-A limit-624 -j DROP +-A limit-625 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-625 -j ACCEPT +-A limit-625 -j DROP +-A limit-626 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-626 -j ACCEPT +-A limit-626 -j DROP +-A limit-627 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-627 -j RETURN +-A limit-627 -j DROP +-A limit-628 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-628 -j logaccept-10 +-A limit-628 -j DROP +-A limit-629 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-629 -j ACCEPT +-A limit-629 -j DROP -A limit-63 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-63 -m limit --limit 1/second -j LOG +-A limit-630 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-630 -j ACCEPT +-A limit-630 -m limit --limit 1/second -j LOG +-A limit-630 -j DROP +-A limit-631 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-631 -j RETURN +-A limit-631 -m limit --limit 1/second -j LOG +-A limit-631 -j DROP +-A limit-632 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-632 -j logaccept-11 +-A limit-632 -m limit --limit 1/second -j LOG +-A limit-632 -j DROP +-A limit-633 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-633 -j ACCEPT +-A limit-633 -m limit --limit 1/second -j LOG +-A limit-633 -j DROP +-A limit-634 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-634 -j ACCEPT +-A limit-634 -j DROP +-A limit-635 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-635 -j RETURN +-A limit-635 -j DROP +-A limit-636 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-636 -j logaccept-12 +-A limit-636 -j DROP +-A limit-637 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-637 -j ACCEPT +-A limit-637 -j DROP +-A limit-638 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-638 -j ACCEPT +-A limit-638 -j DROP +-A limit-639 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-639 -j RETURN +-A limit-639 -j DROP -A limit-64 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-64 -j ACCEPT +-A limit-640 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-640 -j logaccept-13 +-A limit-640 -j DROP +-A limit-641 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-641 -j ACCEPT +-A limit-641 -j DROP -A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP @@ -2159,22 +3954,29 @@ -A limit-93 -m limit --limit 1/second -j LOG -A limit-94 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-94 -j ACCEPT --A limit-96 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-96 -j ACCEPT --A limit-96 -m limit --limit 1/second -j LOG --A limit-96 -j DROP --A limit-97 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-97 -j RETURN --A limit-97 -m limit --limit 1/second -j LOG --A limit-97 -j DROP --A limit-98 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-98 -j logaccept-0 +-A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-37 +-A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-38 +-A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set +-A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-39 -A limit-98 -m limit --limit 1/second -j LOG --A limit-98 -j DROP --A limit-99 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-99 -j ACCEPT --A limit-99 -m limit --limit 1/second -j LOG --A limit-99 -j DROP +-A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-40 +-A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG -A logaccept-1 -j ACCEPT +-A logaccept-10 -m limit --limit 1/second -j LOG +-A logaccept-10 -j ACCEPT +-A logaccept-11 -m limit --limit 1/second -j LOG +-A logaccept-11 -j ACCEPT +-A logaccept-12 -m limit --limit 1/second -j LOG +-A logaccept-12 -j ACCEPT +-A logaccept-13 -m limit --limit 1/second -j LOG +-A logaccept-13 -j ACCEPT +-A logaccept-14 -m limit --limit 1/second -j LOG +-A logaccept-14 -j ACCEPT -A logaccept-2 -m limit --limit 1/second -j LOG -A logaccept-2 -j ACCEPT -A logaccept-3 -m limit --limit 1/second -j LOG @@ -2189,6 +3991,8 @@ -A logaccept-7 -j ACCEPT -A logaccept-8 -m limit --limit 1/second -j LOG -A logaccept-8 -j ACCEPT +-A logaccept-9 -m limit --limit 1/second -j LOG +-A logaccept-9 -j ACCEPT -A logaccept-final-0 -m limit --limit 1/second -j LOG -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG @@ -2215,8 +4019,44 @@ -A logaccept-final-19 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT +-A logaccept-final-20 -m limit --limit 1/second -j LOG +-A logaccept-final-20 -j ACCEPT +-A logaccept-final-21 -m limit --limit 1/second -j LOG +-A logaccept-final-21 -j ACCEPT +-A logaccept-final-22 -m limit --limit 1/second -j LOG +-A logaccept-final-22 -j ACCEPT +-A logaccept-final-23 -m limit --limit 1/second -j LOG +-A logaccept-final-23 -j ACCEPT +-A logaccept-final-24 -m limit --limit 1/second -j LOG +-A logaccept-final-24 -j ACCEPT +-A logaccept-final-25 -m limit --limit 1/second -j LOG +-A logaccept-final-25 -j ACCEPT +-A logaccept-final-26 -m limit --limit 1/second -j LOG +-A logaccept-final-26 -j ACCEPT +-A logaccept-final-27 -m limit --limit 1/second -j LOG +-A logaccept-final-27 -j ACCEPT +-A logaccept-final-28 -m limit --limit 1/second -j LOG +-A logaccept-final-28 -j ACCEPT +-A logaccept-final-29 -m limit --limit 1/second -j LOG +-A logaccept-final-29 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG -A logaccept-final-3 -j ACCEPT +-A logaccept-final-30 -m limit --limit 1/second -j LOG +-A logaccept-final-30 -j ACCEPT +-A logaccept-final-31 -m limit --limit 1/second -j LOG +-A logaccept-final-31 -j ACCEPT +-A logaccept-final-32 -m limit --limit 1/second -j LOG +-A logaccept-final-32 -j ACCEPT +-A logaccept-final-33 -m limit --limit 1/second -j LOG +-A logaccept-final-33 -j ACCEPT +-A logaccept-final-34 -m limit --limit 1/second -j LOG +-A logaccept-final-34 -j ACCEPT +-A logaccept-final-35 -m limit --limit 1/second -j LOG +-A logaccept-final-35 -j ACCEPT +-A logaccept-final-36 -m limit --limit 1/second -j LOG +-A logaccept-final-36 -j ACCEPT +-A logaccept-final-37 -m limit --limit 1/second -j LOG +-A logaccept-final-37 -j ACCEPT -A logaccept-final-4 -m limit --limit 1/second -j LOG -A logaccept-final-4 -j ACCEPT -A logaccept-final-5 -m limit --limit 1/second -j LOG @@ -2243,36 +4083,204 @@ -A logdrop-102 -j DROP -A logdrop-103 -m limit --limit 1/second -j LOG -A logdrop-103 -j DROP +-A logdrop-104 -m limit --limit 1/second -j LOG +-A logdrop-104 -j DROP -A logdrop-105 -m limit --limit 1/second -j LOG -A logdrop-105 -j DROP -A logdrop-106 -m limit --limit 1/second -j LOG -A logdrop-106 -j DROP -A logdrop-107 -m limit --limit 1/second -j LOG -A logdrop-107 -j DROP +-A logdrop-108 -m limit --limit 1/second -j LOG +-A logdrop-108 -j DROP -A logdrop-109 -m limit --limit 1/second -j LOG -A logdrop-109 -j DROP -A logdrop-11 -m limit --limit 1/second -j LOG -A logdrop-11 -j DROP -A logdrop-110 -m limit --limit 1/second -j LOG -A logdrop-110 -j DROP +-A logdrop-111 -m limit --limit 1/second -j LOG +-A logdrop-111 -j DROP +-A logdrop-112 -m limit --limit 1/second -j LOG +-A logdrop-112 -j DROP +-A logdrop-113 -m limit --limit 1/second -j LOG +-A logdrop-113 -j DROP +-A logdrop-114 -m limit --limit 1/second -j LOG +-A logdrop-114 -j DROP +-A logdrop-115 -m limit --limit 1/second -j LOG +-A logdrop-115 -j DROP +-A logdrop-116 -m limit --limit 1/second -j LOG +-A logdrop-116 -j DROP +-A logdrop-117 -m limit --limit 1/second -j LOG +-A logdrop-117 -j DROP +-A logdrop-118 -m limit --limit 1/second -j LOG +-A logdrop-118 -j DROP +-A logdrop-119 -m limit --limit 1/second -j LOG +-A logdrop-119 -j DROP -A logdrop-12 -m limit --limit 1/second -j LOG -A logdrop-12 -j DROP +-A logdrop-120 -m limit --limit 1/second -j LOG +-A logdrop-120 -j DROP +-A logdrop-121 -m limit --limit 1/second -j LOG +-A logdrop-121 -j DROP +-A logdrop-122 -m limit --limit 1/second -j LOG +-A logdrop-122 -j DROP +-A logdrop-123 -m limit --limit 1/second -j LOG +-A logdrop-123 -j DROP +-A logdrop-124 -m limit --limit 1/second -j LOG +-A logdrop-124 -j DROP +-A logdrop-125 -m limit --limit 1/second -j LOG +-A logdrop-125 -j DROP +-A logdrop-126 -m limit --limit 1/second -j LOG +-A logdrop-126 -j DROP +-A logdrop-127 -m limit --limit 1/second -j LOG +-A logdrop-127 -j DROP +-A logdrop-128 -m limit --limit 1/second -j LOG +-A logdrop-128 -j DROP +-A logdrop-129 -m limit --limit 1/second -j LOG +-A logdrop-129 -j DROP -A logdrop-13 -m limit --limit 1/second -j LOG -A logdrop-13 -j DROP +-A logdrop-130 -m limit --limit 1/second -j LOG +-A logdrop-130 -j DROP +-A logdrop-131 -m limit --limit 1/second -j LOG +-A logdrop-131 -j DROP +-A logdrop-132 -m limit --limit 1/second -j LOG +-A logdrop-132 -j DROP +-A logdrop-133 -m limit --limit 1/second -j LOG +-A logdrop-133 -j DROP +-A logdrop-134 -m limit --limit 1/second -j LOG +-A logdrop-134 -j DROP +-A logdrop-135 -m limit --limit 1/second -j LOG +-A logdrop-135 -j DROP +-A logdrop-136 -m limit --limit 1/second -j LOG +-A logdrop-136 -j DROP +-A logdrop-137 -m limit --limit 1/second -j LOG +-A logdrop-137 -j DROP +-A logdrop-138 -m limit --limit 1/second -j LOG +-A logdrop-138 -j DROP +-A logdrop-139 -m limit --limit 1/second -j LOG +-A logdrop-139 -j DROP -A logdrop-14 -m limit --limit 1/second -j LOG -A logdrop-14 -j DROP +-A logdrop-140 -m limit --limit 1/second -j LOG +-A logdrop-140 -j DROP +-A logdrop-141 -m limit --limit 1/second -j LOG +-A logdrop-141 -j DROP +-A logdrop-142 -m limit --limit 1/second -j LOG +-A logdrop-142 -j DROP +-A logdrop-143 -m limit --limit 1/second -j LOG +-A logdrop-143 -j DROP +-A logdrop-144 -m limit --limit 1/second -j LOG +-A logdrop-144 -j DROP +-A logdrop-145 -m limit --limit 1/second -j LOG +-A logdrop-145 -j DROP +-A logdrop-146 -m limit --limit 1/second -j LOG +-A logdrop-146 -j DROP +-A logdrop-147 -m limit --limit 1/second -j LOG +-A logdrop-147 -j DROP +-A logdrop-148 -m limit --limit 1/second -j LOG +-A logdrop-148 -j DROP +-A logdrop-149 -m limit --limit 1/second -j LOG +-A logdrop-149 -j DROP -A logdrop-15 -m limit --limit 1/second -j LOG -A logdrop-15 -j DROP +-A logdrop-150 -m limit --limit 1/second -j LOG +-A logdrop-150 -j DROP +-A logdrop-151 -m limit --limit 1/second -j LOG +-A logdrop-151 -j DROP +-A logdrop-153 -m limit --limit 1/second -j LOG +-A logdrop-153 -j DROP +-A logdrop-154 -m limit --limit 1/second -j LOG +-A logdrop-154 -j DROP +-A logdrop-155 -m limit --limit 1/second -j LOG +-A logdrop-155 -j DROP +-A logdrop-157 -m limit --limit 1/second -j LOG +-A logdrop-157 -j DROP +-A logdrop-158 -m limit --limit 1/second -j LOG +-A logdrop-158 -j DROP +-A logdrop-159 -m limit --limit 1/second -j LOG +-A logdrop-159 -j DROP -A logdrop-16 -m limit --limit 1/second -j LOG -A logdrop-16 -j DROP +-A logdrop-160 -m limit --limit 1/second -j LOG +-A logdrop-160 -j DROP +-A logdrop-161 -m limit --limit 1/second -j LOG +-A logdrop-161 -j DROP +-A logdrop-162 -m limit --limit 1/second -j LOG +-A logdrop-162 -j DROP +-A logdrop-163 -m limit --limit 1/second -j LOG +-A logdrop-163 -j DROP +-A logdrop-165 -m limit --limit 1/second -j LOG +-A logdrop-165 -j DROP +-A logdrop-166 -m limit --limit 1/second -j LOG +-A logdrop-166 -j DROP +-A logdrop-167 -m limit --limit 1/second -j LOG +-A logdrop-167 -j DROP +-A logdrop-169 -m limit --limit 1/second -j LOG +-A logdrop-169 -j DROP -A logdrop-17 -m limit --limit 1/second -j LOG -A logdrop-17 -j DROP +-A logdrop-170 -m limit --limit 1/second -j LOG +-A logdrop-170 -j DROP +-A logdrop-171 -m limit --limit 1/second -j LOG +-A logdrop-171 -j DROP +-A logdrop-172 -m limit --limit 1/second -j LOG +-A logdrop-172 -j DROP +-A logdrop-173 -m limit --limit 1/second -j LOG +-A logdrop-173 -j DROP +-A logdrop-174 -m limit --limit 1/second -j LOG +-A logdrop-174 -j DROP +-A logdrop-175 -m limit --limit 1/second -j LOG +-A logdrop-175 -j DROP +-A logdrop-176 -m limit --limit 1/second -j LOG +-A logdrop-176 -j DROP +-A logdrop-177 -m limit --limit 1/second -j LOG +-A logdrop-177 -j DROP +-A logdrop-178 -m limit --limit 1/second -j LOG +-A logdrop-178 -j DROP +-A logdrop-179 -m limit --limit 1/second -j LOG +-A logdrop-179 -j DROP -A logdrop-18 -m limit --limit 1/second -j LOG -A logdrop-18 -j DROP +-A logdrop-180 -m limit --limit 1/second -j LOG +-A logdrop-180 -j DROP +-A logdrop-181 -m limit --limit 1/second -j LOG +-A logdrop-181 -j DROP +-A logdrop-183 -m limit --limit 1/second -j LOG +-A logdrop-183 -j DROP +-A logdrop-184 -m limit --limit 1/second -j LOG +-A logdrop-184 -j DROP +-A logdrop-185 -m limit --limit 1/second -j LOG +-A logdrop-185 -j DROP +-A logdrop-187 -m limit --limit 1/second -j LOG +-A logdrop-187 -j DROP +-A logdrop-188 -m limit --limit 1/second -j LOG +-A logdrop-188 -j DROP +-A logdrop-189 -m limit --limit 1/second -j LOG +-A logdrop-189 -j DROP -A logdrop-19 -m limit --limit 1/second -j LOG -A logdrop-19 -j DROP +-A logdrop-190 -m limit --limit 1/second -j LOG +-A logdrop-190 -j DROP +-A logdrop-191 -m limit --limit 1/second -j LOG +-A logdrop-191 -j DROP +-A logdrop-192 -m limit --limit 1/second -j LOG +-A logdrop-192 -j DROP +-A logdrop-193 -m limit --limit 1/second -j LOG +-A logdrop-193 -j DROP +-A logdrop-195 -m limit --limit 1/second -j LOG +-A logdrop-195 -j DROP +-A logdrop-196 -m limit --limit 1/second -j LOG +-A logdrop-196 -j DROP +-A logdrop-197 -m limit --limit 1/second -j LOG +-A logdrop-197 -j DROP +-A logdrop-199 -m limit --limit 1/second -j LOG +-A logdrop-199 -j DROP -A logdrop-2 -m limit --limit 1/second -j LOG -A logdrop-2 -j DROP +-A logdrop-200 -m limit --limit 1/second -j LOG +-A logdrop-200 -j DROP -A logdrop-21 -m limit --limit 1/second -j LOG -A logdrop-21 -j DROP -A logdrop-22 -m limit --limit 1/second -j LOG @@ -2331,16 +4339,12 @@ -A logdrop-49 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG -A logdrop-5 -j DROP --A logdrop-50 -m limit --limit 1/second -j LOG --A logdrop-50 -j DROP -A logdrop-51 -m limit --limit 1/second -j LOG -A logdrop-51 -j DROP -A logdrop-52 -m limit --limit 1/second -j LOG -A logdrop-52 -j DROP -A logdrop-53 -m limit --limit 1/second -j LOG -A logdrop-53 -j DROP --A logdrop-54 -m limit --limit 1/second -j LOG --A logdrop-54 -j DROP -A logdrop-55 -m limit --limit 1/second -j LOG -A logdrop-55 -j DROP -A logdrop-56 -m limit --limit 1/second -j LOG @@ -2357,16 +4361,12 @@ -A logdrop-60 -j DROP -A logdrop-61 -m limit --limit 1/second -j LOG -A logdrop-61 -j DROP --A logdrop-62 -m limit --limit 1/second -j LOG --A logdrop-62 -j DROP -A logdrop-63 -m limit --limit 1/second -j LOG -A logdrop-63 -j DROP -A logdrop-64 -m limit --limit 1/second -j LOG -A logdrop-64 -j DROP -A logdrop-65 -m limit --limit 1/second -j LOG -A logdrop-65 -j DROP --A logdrop-66 -m limit --limit 1/second -j LOG --A logdrop-66 -j DROP -A logdrop-67 -m limit --limit 1/second -j LOG -A logdrop-67 -j DROP -A logdrop-68 -m limit --limit 1/second -j LOG @@ -2423,12 +4423,16 @@ -A logdrop-90 -j DROP -A logdrop-91 -m limit --limit 1/second -j LOG -A logdrop-91 -j DROP +-A logdrop-92 -m limit --limit 1/second -j LOG +-A logdrop-92 -j DROP -A logdrop-93 -m limit --limit 1/second -j LOG -A logdrop-93 -j DROP -A logdrop-94 -m limit --limit 1/second -j LOG -A logdrop-94 -j DROP -A logdrop-95 -m limit --limit 1/second -j LOG -A logdrop-95 -j DROP +-A logdrop-96 -m limit --limit 1/second -j LOG +-A logdrop-96 -j DROP -A logdrop-97 -m limit --limit 1/second -j LOG -A logdrop-97 -j DROP -A logdrop-98 -m limit --limit 1/second -j LOG @@ -2534,6 +4538,60 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -2657,6 +4715,108 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack diff --git a/test/output/rules6-save b/test/output/rules6-save index 5469446..c36fd21 100644 --- a/test/output/rules6-save +++ b/test/output/rules6-save @@ -16,12 +16,10 @@ :limit-106 - [0:0] :limit-107 - [0:0] :limit-108 - [0:0] -:limit-109 - [0:0] :limit-11 - [0:0] :limit-110 - [0:0] :limit-111 - [0:0] :limit-112 - [0:0] -:limit-113 - [0:0] :limit-114 - [0:0] :limit-115 - [0:0] :limit-116 - [0:0] @@ -30,11 +28,9 @@ :limit-119 - [0:0] :limit-12 - [0:0] :limit-120 - [0:0] -:limit-121 - [0:0] :limit-122 - [0:0] :limit-123 - [0:0] :limit-124 - [0:0] -:limit-125 - [0:0] :limit-126 - [0:0] :limit-127 - [0:0] :limit-128 - [0:0] @@ -49,12 +45,10 @@ :limit-136 - [0:0] :limit-137 - [0:0] :limit-138 - [0:0] -:limit-139 - [0:0] :limit-14 - [0:0] :limit-140 - [0:0] :limit-141 - [0:0] :limit-142 - [0:0] -:limit-143 - [0:0] :limit-144 - [0:0] :limit-145 - [0:0] :limit-146 - [0:0] @@ -63,11 +57,9 @@ :limit-149 - [0:0] :limit-15 - [0:0] :limit-150 - [0:0] -:limit-151 - [0:0] :limit-152 - [0:0] :limit-153 - [0:0] :limit-154 - [0:0] -:limit-155 - [0:0] :limit-156 - [0:0] :limit-157 - [0:0] :limit-158 - [0:0] @@ -82,12 +74,10 @@ :limit-166 - [0:0] :limit-167 - [0:0] :limit-168 - [0:0] -:limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] :limit-171 - [0:0] :limit-172 - [0:0] -:limit-173 - [0:0] :limit-174 - [0:0] :limit-175 - [0:0] :limit-176 - [0:0] @@ -96,11 +86,9 @@ :limit-179 - [0:0] :limit-18 - [0:0] :limit-180 - [0:0] -:limit-181 - [0:0] :limit-182 - [0:0] :limit-183 - [0:0] :limit-184 - [0:0] -:limit-185 - [0:0] :limit-186 - [0:0] :limit-187 - [0:0] :limit-188 - [0:0] @@ -163,9 +151,11 @@ :limit-240 - [0:0] :limit-241 - [0:0] :limit-242 - [0:0] +:limit-243 - [0:0] :limit-244 - [0:0] :limit-245 - [0:0] :limit-246 - [0:0] +:limit-247 - [0:0] :limit-248 - [0:0] :limit-249 - [0:0] :limit-25 - [0:0] @@ -174,9 +164,11 @@ :limit-252 - [0:0] :limit-253 - [0:0] :limit-254 - [0:0] +:limit-255 - [0:0] :limit-256 - [0:0] :limit-257 - [0:0] :limit-258 - [0:0] +:limit-259 - [0:0] :limit-26 - [0:0] :limit-260 - [0:0] :limit-261 - [0:0] @@ -192,9 +184,11 @@ :limit-270 - [0:0] :limit-271 - [0:0] :limit-272 - [0:0] +:limit-273 - [0:0] :limit-274 - [0:0] :limit-275 - [0:0] :limit-276 - [0:0] +:limit-277 - [0:0] :limit-278 - [0:0] :limit-279 - [0:0] :limit-28 - [0:0] @@ -203,9 +197,11 @@ :limit-282 - [0:0] :limit-283 - [0:0] :limit-284 - [0:0] +:limit-285 - [0:0] :limit-286 - [0:0] :limit-287 - [0:0] :limit-288 - [0:0] +:limit-289 - [0:0] :limit-29 - [0:0] :limit-290 - [0:0] :limit-291 - [0:0] @@ -222,9 +218,11 @@ :limit-300 - [0:0] :limit-301 - [0:0] :limit-302 - [0:0] +:limit-303 - [0:0] :limit-304 - [0:0] :limit-305 - [0:0] :limit-306 - [0:0] +:limit-307 - [0:0] :limit-308 - [0:0] :limit-309 - [0:0] :limit-310 - [0:0] @@ -232,9 +230,11 @@ :limit-312 - [0:0] :limit-313 - [0:0] :limit-314 - [0:0] +:limit-315 - [0:0] :limit-316 - [0:0] :limit-317 - [0:0] :limit-318 - [0:0] +:limit-319 - [0:0] :limit-32 - [0:0] :limit-320 - [0:0] :limit-321 - [0:0] @@ -253,36 +253,318 @@ :limit-333 - [0:0] :limit-334 - [0:0] :limit-335 - [0:0] +:limit-336 - [0:0] +:limit-337 - [0:0] +:limit-338 - [0:0] +:limit-339 - [0:0] :limit-34 - [0:0] +:limit-340 - [0:0] +:limit-341 - [0:0] +:limit-342 - [0:0] +:limit-343 - [0:0] +:limit-344 - [0:0] +:limit-345 - [0:0] +:limit-346 - [0:0] +:limit-347 - [0:0] +:limit-348 - [0:0] +:limit-349 - [0:0] +:limit-350 - [0:0] +:limit-351 - [0:0] +:limit-352 - [0:0] +:limit-353 - [0:0] +:limit-354 - [0:0] +:limit-355 - [0:0] +:limit-356 - [0:0] +:limit-357 - [0:0] +:limit-358 - [0:0] +:limit-359 - [0:0] :limit-36 - [0:0] +:limit-360 - [0:0] +:limit-361 - [0:0] +:limit-362 - [0:0] +:limit-363 - [0:0] +:limit-364 - [0:0] +:limit-365 - [0:0] +:limit-366 - [0:0] +:limit-367 - [0:0] +:limit-368 - [0:0] +:limit-369 - [0:0] :limit-37 - [0:0] +:limit-370 - [0:0] +:limit-371 - [0:0] +:limit-372 - [0:0] +:limit-373 - [0:0] +:limit-374 - [0:0] +:limit-375 - [0:0] +:limit-376 - [0:0] +:limit-377 - [0:0] +:limit-378 - [0:0] +:limit-379 - [0:0] :limit-38 - [0:0] +:limit-380 - [0:0] +:limit-381 - [0:0] +:limit-382 - [0:0] +:limit-383 - [0:0] +:limit-384 - [0:0] +:limit-385 - [0:0] +:limit-386 - [0:0] +:limit-387 - [0:0] +:limit-388 - [0:0] +:limit-389 - [0:0] :limit-39 - [0:0] +:limit-390 - [0:0] +:limit-391 - [0:0] +:limit-392 - [0:0] +:limit-393 - [0:0] +:limit-394 - [0:0] +:limit-395 - [0:0] +:limit-396 - [0:0] +:limit-397 - [0:0] +:limit-398 - [0:0] +:limit-399 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] +:limit-400 - [0:0] +:limit-401 - [0:0] +:limit-402 - [0:0] +:limit-403 - [0:0] +:limit-404 - [0:0] +:limit-405 - [0:0] +:limit-406 - [0:0] +:limit-407 - [0:0] +:limit-408 - [0:0] +:limit-409 - [0:0] :limit-41 - [0:0] +:limit-410 - [0:0] +:limit-411 - [0:0] +:limit-412 - [0:0] +:limit-413 - [0:0] +:limit-414 - [0:0] +:limit-415 - [0:0] +:limit-416 - [0:0] +:limit-417 - [0:0] +:limit-418 - [0:0] +:limit-419 - [0:0] :limit-42 - [0:0] +:limit-420 - [0:0] +:limit-421 - [0:0] +:limit-422 - [0:0] +:limit-423 - [0:0] +:limit-424 - [0:0] +:limit-425 - [0:0] +:limit-426 - [0:0] +:limit-427 - [0:0] +:limit-428 - [0:0] +:limit-429 - [0:0] :limit-43 - [0:0] +:limit-430 - [0:0] +:limit-431 - [0:0] +:limit-432 - [0:0] +:limit-433 - [0:0] +:limit-434 - [0:0] +:limit-435 - [0:0] +:limit-436 - [0:0] +:limit-437 - [0:0] +:limit-438 - [0:0] +:limit-439 - [0:0] :limit-44 - [0:0] +:limit-440 - [0:0] +:limit-441 - [0:0] +:limit-442 - [0:0] +:limit-443 - [0:0] +:limit-444 - [0:0] +:limit-445 - [0:0] +:limit-446 - [0:0] +:limit-448 - [0:0] +:limit-449 - [0:0] :limit-45 - [0:0] +:limit-450 - [0:0] +:limit-452 - [0:0] +:limit-453 - [0:0] +:limit-454 - [0:0] +:limit-455 - [0:0] +:limit-456 - [0:0] +:limit-457 - [0:0] +:limit-458 - [0:0] :limit-46 - [0:0] +:limit-460 - [0:0] +:limit-461 - [0:0] +:limit-462 - [0:0] +:limit-464 - [0:0] +:limit-465 - [0:0] +:limit-466 - [0:0] +:limit-467 - [0:0] +:limit-468 - [0:0] +:limit-469 - [0:0] :limit-47 - [0:0] +:limit-470 - [0:0] +:limit-471 - [0:0] +:limit-472 - [0:0] +:limit-473 - [0:0] +:limit-474 - [0:0] +:limit-475 - [0:0] +:limit-476 - [0:0] +:limit-478 - [0:0] +:limit-479 - [0:0] :limit-48 - [0:0] +:limit-480 - [0:0] +:limit-482 - [0:0] +:limit-483 - [0:0] +:limit-484 - [0:0] +:limit-485 - [0:0] +:limit-486 - [0:0] +:limit-487 - [0:0] +:limit-488 - [0:0] +:limit-490 - [0:0] +:limit-491 - [0:0] +:limit-492 - [0:0] +:limit-494 - [0:0] +:limit-495 - [0:0] +:limit-496 - [0:0] +:limit-497 - [0:0] +:limit-498 - [0:0] +:limit-499 - [0:0] :limit-5 - [0:0] :limit-50 - [0:0] +:limit-500 - [0:0] +:limit-501 - [0:0] +:limit-502 - [0:0] +:limit-503 - [0:0] +:limit-504 - [0:0] +:limit-505 - [0:0] +:limit-506 - [0:0] +:limit-508 - [0:0] +:limit-509 - [0:0] :limit-51 - [0:0] +:limit-510 - [0:0] +:limit-512 - [0:0] +:limit-513 - [0:0] +:limit-514 - [0:0] +:limit-515 - [0:0] +:limit-516 - [0:0] +:limit-517 - [0:0] +:limit-518 - [0:0] :limit-52 - [0:0] +:limit-520 - [0:0] +:limit-521 - [0:0] +:limit-522 - [0:0] +:limit-524 - [0:0] +:limit-525 - [0:0] +:limit-526 - [0:0] +:limit-527 - [0:0] +:limit-528 - [0:0] +:limit-529 - [0:0] +:limit-530 - [0:0] +:limit-531 - [0:0] +:limit-532 - [0:0] +:limit-533 - [0:0] +:limit-534 - [0:0] +:limit-535 - [0:0] +:limit-536 - [0:0] +:limit-538 - [0:0] +:limit-539 - [0:0] :limit-54 - [0:0] +:limit-540 - [0:0] +:limit-542 - [0:0] +:limit-543 - [0:0] +:limit-544 - [0:0] +:limit-545 - [0:0] +:limit-546 - [0:0] +:limit-547 - [0:0] +:limit-548 - [0:0] :limit-55 - [0:0] +:limit-550 - [0:0] +:limit-551 - [0:0] +:limit-552 - [0:0] +:limit-554 - [0:0] +:limit-555 - [0:0] +:limit-556 - [0:0] +:limit-557 - [0:0] +:limit-558 - [0:0] +:limit-559 - [0:0] :limit-56 - [0:0] +:limit-560 - [0:0] +:limit-561 - [0:0] +:limit-562 - [0:0] +:limit-563 - [0:0] +:limit-564 - [0:0] +:limit-565 - [0:0] +:limit-566 - [0:0] +:limit-568 - [0:0] +:limit-569 - [0:0] :limit-57 - [0:0] +:limit-570 - [0:0] +:limit-572 - [0:0] +:limit-573 - [0:0] +:limit-574 - [0:0] +:limit-575 - [0:0] +:limit-576 - [0:0] +:limit-577 - [0:0] +:limit-578 - [0:0] :limit-58 - [0:0] +:limit-580 - [0:0] +:limit-581 - [0:0] +:limit-582 - [0:0] +:limit-584 - [0:0] +:limit-585 - [0:0] +:limit-586 - [0:0] +:limit-587 - [0:0] +:limit-588 - [0:0] +:limit-589 - [0:0] :limit-59 - [0:0] +:limit-590 - [0:0] +:limit-591 - [0:0] +:limit-592 - [0:0] +:limit-593 - [0:0] +:limit-594 - [0:0] +:limit-595 - [0:0] +:limit-596 - [0:0] +:limit-598 - [0:0] +:limit-599 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] +:limit-600 - [0:0] +:limit-602 - [0:0] +:limit-603 - [0:0] +:limit-604 - [0:0] +:limit-605 - [0:0] +:limit-606 - [0:0] +:limit-607 - [0:0] +:limit-608 - [0:0] +:limit-610 - [0:0] +:limit-611 - [0:0] +:limit-612 - [0:0] +:limit-614 - [0:0] +:limit-615 - [0:0] +:limit-616 - [0:0] +:limit-617 - [0:0] +:limit-618 - [0:0] +:limit-619 - [0:0] :limit-62 - [0:0] +:limit-620 - [0:0] +:limit-621 - [0:0] +:limit-622 - [0:0] +:limit-623 - [0:0] +:limit-624 - [0:0] +:limit-625 - [0:0] +:limit-626 - [0:0] +:limit-627 - [0:0] +:limit-628 - [0:0] +:limit-629 - [0:0] :limit-63 - [0:0] +:limit-630 - [0:0] +:limit-631 - [0:0] +:limit-632 - [0:0] +:limit-633 - [0:0] +:limit-634 - [0:0] +:limit-635 - [0:0] +:limit-636 - [0:0] +:limit-637 - [0:0] +:limit-638 - [0:0] +:limit-639 - [0:0] :limit-64 - [0:0] +:limit-640 - [0:0] +:limit-641 - [0:0] :limit-66 - [0:0] :limit-67 - [0:0] :limit-68 - [0:0] @@ -318,6 +600,11 @@ :limit-99 - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] +:logaccept-10 - [0:0] +:logaccept-11 - [0:0] +:logaccept-12 - [0:0] +:logaccept-13 - [0:0] +:logaccept-14 - [0:0] :logaccept-2 - [0:0] :logaccept-3 - [0:0] :logaccept-4 - [0:0] @@ -325,6 +612,7 @@ :logaccept-6 - [0:0] :logaccept-7 - [0:0] :logaccept-8 - [0:0] +:logaccept-9 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-10 - [0:0] @@ -338,7 +626,25 @@ :logaccept-final-18 - [0:0] :logaccept-final-19 - [0:0] :logaccept-final-2 - [0:0] +:logaccept-final-20 - [0:0] +:logaccept-final-21 - [0:0] +:logaccept-final-22 - [0:0] +:logaccept-final-23 - [0:0] +:logaccept-final-24 - [0:0] +:logaccept-final-25 - [0:0] +:logaccept-final-26 - [0:0] +:logaccept-final-27 - [0:0] +:logaccept-final-28 - [0:0] +:logaccept-final-29 - [0:0] :logaccept-final-3 - [0:0] +:logaccept-final-30 - [0:0] +:logaccept-final-31 - [0:0] +:logaccept-final-32 - [0:0] +:logaccept-final-33 - [0:0] +:logaccept-final-34 - [0:0] +:logaccept-final-35 - [0:0] +:logaccept-final-36 - [0:0] +:logaccept-final-37 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] :logaccept-final-6 - [0:0] @@ -352,21 +658,105 @@ :logdrop-101 - [0:0] :logdrop-102 - [0:0] :logdrop-103 - [0:0] +:logdrop-104 - [0:0] :logdrop-105 - [0:0] :logdrop-106 - [0:0] :logdrop-107 - [0:0] +:logdrop-108 - [0:0] :logdrop-109 - [0:0] :logdrop-11 - [0:0] :logdrop-110 - [0:0] +:logdrop-111 - [0:0] +:logdrop-112 - [0:0] +:logdrop-113 - [0:0] +:logdrop-114 - [0:0] +:logdrop-115 - [0:0] +:logdrop-116 - [0:0] +:logdrop-117 - [0:0] +:logdrop-118 - [0:0] +:logdrop-119 - [0:0] :logdrop-12 - [0:0] +:logdrop-120 - [0:0] +:logdrop-121 - [0:0] +:logdrop-122 - [0:0] +:logdrop-123 - [0:0] +:logdrop-124 - [0:0] +:logdrop-125 - [0:0] +:logdrop-126 - [0:0] +:logdrop-127 - [0:0] +:logdrop-128 - [0:0] +:logdrop-129 - [0:0] :logdrop-13 - [0:0] +:logdrop-130 - [0:0] +:logdrop-131 - [0:0] +:logdrop-132 - [0:0] +:logdrop-133 - [0:0] +:logdrop-134 - [0:0] +:logdrop-135 - [0:0] +:logdrop-136 - [0:0] +:logdrop-137 - [0:0] +:logdrop-138 - [0:0] +:logdrop-139 - [0:0] :logdrop-14 - [0:0] +:logdrop-140 - [0:0] +:logdrop-141 - [0:0] +:logdrop-142 - [0:0] +:logdrop-143 - [0:0] +:logdrop-144 - [0:0] +:logdrop-145 - [0:0] +:logdrop-146 - [0:0] +:logdrop-147 - [0:0] +:logdrop-148 - [0:0] +:logdrop-149 - [0:0] :logdrop-15 - [0:0] +:logdrop-150 - [0:0] +:logdrop-151 - [0:0] +:logdrop-153 - [0:0] +:logdrop-154 - [0:0] +:logdrop-155 - [0:0] +:logdrop-157 - [0:0] +:logdrop-158 - [0:0] +:logdrop-159 - [0:0] :logdrop-16 - [0:0] +:logdrop-160 - [0:0] +:logdrop-161 - [0:0] +:logdrop-162 - [0:0] +:logdrop-163 - [0:0] +:logdrop-165 - [0:0] +:logdrop-166 - [0:0] +:logdrop-167 - [0:0] +:logdrop-169 - [0:0] :logdrop-17 - [0:0] +:logdrop-170 - [0:0] +:logdrop-171 - [0:0] +:logdrop-172 - [0:0] +:logdrop-173 - [0:0] +:logdrop-174 - [0:0] +:logdrop-175 - [0:0] +:logdrop-176 - [0:0] +:logdrop-177 - [0:0] +:logdrop-178 - [0:0] +:logdrop-179 - [0:0] :logdrop-18 - [0:0] +:logdrop-180 - [0:0] +:logdrop-181 - [0:0] +:logdrop-183 - [0:0] +:logdrop-184 - [0:0] +:logdrop-185 - [0:0] +:logdrop-187 - [0:0] +:logdrop-188 - [0:0] +:logdrop-189 - [0:0] :logdrop-19 - [0:0] +:logdrop-190 - [0:0] +:logdrop-191 - [0:0] +:logdrop-192 - [0:0] +:logdrop-193 - [0:0] +:logdrop-195 - [0:0] +:logdrop-196 - [0:0] +:logdrop-197 - [0:0] +:logdrop-199 - [0:0] :logdrop-2 - [0:0] +:logdrop-200 - [0:0] :logdrop-21 - [0:0] :logdrop-22 - [0:0] :logdrop-23 - [0:0] @@ -396,11 +786,9 @@ :logdrop-48 - [0:0] :logdrop-49 - [0:0] :logdrop-5 - [0:0] -:logdrop-50 - [0:0] :logdrop-51 - [0:0] :logdrop-52 - [0:0] :logdrop-53 - [0:0] -:logdrop-54 - [0:0] :logdrop-55 - [0:0] :logdrop-56 - [0:0] :logdrop-57 - [0:0] @@ -409,11 +797,9 @@ :logdrop-6 - [0:0] :logdrop-60 - [0:0] :logdrop-61 - [0:0] -:logdrop-62 - [0:0] :logdrop-63 - [0:0] :logdrop-64 - [0:0] :logdrop-65 - [0:0] -:logdrop-66 - [0:0] :logdrop-67 - [0:0] :logdrop-68 - [0:0] :logdrop-69 - [0:0] @@ -442,9 +828,11 @@ :logdrop-9 - [0:0] :logdrop-90 - [0:0] :logdrop-91 - [0:0] +:logdrop-92 - [0:0] :logdrop-93 - [0:0] :logdrop-94 - [0:0] :logdrop-95 - [0:0] +:logdrop-96 - [0:0] :logdrop-97 - [0:0] :logdrop-98 - [0:0] :logdrop-99 - [0:0] @@ -454,6 +842,210 @@ :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-427 +-A FORWARD -j limit-426 +-A FORWARD -j limit-425 +-A FORWARD -j limit-424 +-A FORWARD -j limit-423 +-A FORWARD -j limit-422 +-A FORWARD -j limit-421 +-A FORWARD -j limit-420 +-A FORWARD -j limit-419 +-A FORWARD -j limit-418 +-A FORWARD -j limit-417 +-A FORWARD -j limit-416 +-A FORWARD -j limit-415 +-A FORWARD -j limit-414 +-A FORWARD -j limit-413 +-A FORWARD -j limit-412 +-A FORWARD -j limit-411 +-A FORWARD -j limit-410 +-A FORWARD -j limit-409 +-A FORWARD -j limit-408 +-A FORWARD -j limit-407 +-A FORWARD -j limit-406 +-A FORWARD -j limit-405 +-A FORWARD -j limit-404 +-A FORWARD -j limit-403 +-A FORWARD -j limit-402 +-A FORWARD -j limit-401 +-A FORWARD -j limit-400 +-A FORWARD -j limit-399 +-A FORWARD -j limit-398 +-A FORWARD -j limit-397 +-A FORWARD -j limit-396 +-A FORWARD -j limit-395 +-A FORWARD -j limit-394 +-A FORWARD -j limit-393 +-A FORWARD -j limit-392 +-A FORWARD -j limit-391 +-A FORWARD -j limit-390 +-A FORWARD -j limit-389 +-A FORWARD -j limit-388 +-A FORWARD -j limit-387 +-A FORWARD -j limit-386 +-A FORWARD -j limit-385 +-A FORWARD -j limit-384 +-A FORWARD -j limit-383 +-A FORWARD -j limit-382 +-A FORWARD -j limit-381 +-A FORWARD -j limit-380 +-A FORWARD -j limit-379 +-A FORWARD -j limit-378 +-A FORWARD -j limit-377 +-A FORWARD -j limit-376 +-A FORWARD -j limit-375 +-A FORWARD -j limit-374 +-A FORWARD -j limit-373 +-A FORWARD -j limit-372 +-A FORWARD -j limit-371 +-A FORWARD -j limit-370 +-A FORWARD -j limit-369 +-A FORWARD -j limit-368 +-A FORWARD -j limit-367 +-A FORWARD -j limit-366 +-A FORWARD -j limit-365 +-A FORWARD -j limit-364 +-A FORWARD -j limit-363 +-A FORWARD -j limit-362 +-A FORWARD -j limit-361 +-A FORWARD -j limit-360 +-A FORWARD -j limit-359 +-A FORWARD -j limit-358 +-A FORWARD -j limit-357 +-A FORWARD -j limit-356 +-A FORWARD -j limit-355 +-A FORWARD -j limit-354 +-A FORWARD -j limit-353 +-A FORWARD -j limit-352 +-A FORWARD -j limit-351 +-A FORWARD -j limit-350 +-A FORWARD -j limit-349 +-A FORWARD -j limit-348 +-A FORWARD -j limit-347 +-A FORWARD -j limit-346 +-A FORWARD -j limit-345 +-A FORWARD -j limit-344 +-A FORWARD -j limit-343 +-A FORWARD -j limit-342 +-A FORWARD -j limit-341 +-A FORWARD -j limit-340 +-A FORWARD -j limit-339 +-A FORWARD -j limit-338 +-A FORWARD -j limit-337 +-A FORWARD -j limit-336 +-A FORWARD -j limit-335 +-A FORWARD -j limit-334 +-A FORWARD -j limit-333 +-A FORWARD -j limit-332 +-A FORWARD -j limit-331 +-A FORWARD -j limit-330 +-A FORWARD -j limit-329 +-A FORWARD -j limit-328 +-A FORWARD -j limit-327 +-A FORWARD -j limit-326 +-A FORWARD -j limit-325 +-A FORWARD -j limit-324 +-A FORWARD -j limit-323 +-A FORWARD -j limit-322 +-A FORWARD -j limit-321 +-A FORWARD -j limit-320 +-A FORWARD -j limit-319 +-A FORWARD -j limit-318 +-A FORWARD -j limit-317 +-A FORWARD -j limit-316 +-A FORWARD -j limit-315 +-A FORWARD -j limit-314 +-A FORWARD -j limit-313 +-A FORWARD -j limit-312 +-A FORWARD -j limit-311 +-A FORWARD -j limit-310 +-A FORWARD -j limit-309 +-A FORWARD -j limit-308 +-A FORWARD -j limit-307 +-A FORWARD -j limit-306 +-A FORWARD -j limit-305 +-A FORWARD -j limit-304 +-A FORWARD -j limit-303 +-A FORWARD -j limit-302 +-A FORWARD -j limit-301 +-A FORWARD -j limit-300 +-A FORWARD -j limit-299 +-A FORWARD -j limit-298 +-A FORWARD -j limit-297 +-A FORWARD -j limit-296 +-A FORWARD -j limit-295 +-A FORWARD -j limit-294 +-A FORWARD -j limit-293 +-A FORWARD -j limit-292 +-A FORWARD -j limit-291 +-A FORWARD -j limit-290 +-A FORWARD -j limit-289 +-A FORWARD -j limit-288 +-A FORWARD -j limit-287 +-A FORWARD -j limit-286 +-A FORWARD -j limit-285 +-A FORWARD -j limit-284 +-A FORWARD -j limit-283 +-A FORWARD -j limit-282 +-A FORWARD -j limit-281 +-A FORWARD -j limit-280 +-A FORWARD -j limit-279 +-A FORWARD -j limit-278 +-A FORWARD -j limit-277 +-A FORWARD -j limit-276 +-A FORWARD -j limit-275 +-A FORWARD -j limit-274 +-A FORWARD -j limit-273 +-A FORWARD -j limit-272 +-A FORWARD -j limit-271 +-A FORWARD -j limit-270 +-A FORWARD -j limit-269 +-A FORWARD -j limit-268 +-A FORWARD -j limit-267 +-A FORWARD -j limit-266 +-A FORWARD -j limit-265 +-A FORWARD -j limit-264 +-A FORWARD -j limit-263 +-A FORWARD -j limit-262 +-A FORWARD -j limit-261 +-A FORWARD -j limit-260 +-A FORWARD -j limit-259 +-A FORWARD -j limit-258 +-A FORWARD -j limit-257 +-A FORWARD -j limit-256 +-A FORWARD -j limit-255 +-A FORWARD -j limit-254 +-A FORWARD -j limit-253 +-A FORWARD -j limit-252 +-A FORWARD -j limit-251 +-A FORWARD -j limit-250 +-A FORWARD -j limit-249 +-A FORWARD -j limit-248 +-A FORWARD -j limit-247 +-A FORWARD -j limit-246 +-A FORWARD -j limit-245 +-A FORWARD -j limit-244 +-A FORWARD -j limit-243 +-A FORWARD -j limit-242 +-A FORWARD -j limit-241 +-A FORWARD -j limit-240 +-A FORWARD -j limit-239 +-A FORWARD -j limit-238 +-A FORWARD -j limit-237 +-A FORWARD -j limit-236 +-A FORWARD -j limit-235 +-A FORWARD -j limit-234 +-A FORWARD -j limit-233 +-A FORWARD -j limit-232 +-A FORWARD -j limit-231 +-A FORWARD -j limit-230 +-A FORWARD -j limit-229 +-A FORWARD -j limit-228 +-A FORWARD -j limit-227 +-A FORWARD -j limit-226 +-A FORWARD -j limit-225 +-A FORWARD -j limit-224 -A FORWARD -j limit-223 -A FORWARD -j limit-222 -A FORWARD -j limit-221 @@ -464,108 +1056,6 @@ -A FORWARD -j limit-216 -A FORWARD -j limit-215 -A FORWARD -j limit-214 --A FORWARD -j limit-213 --A FORWARD -j limit-212 --A FORWARD -j limit-211 --A FORWARD -j limit-210 --A FORWARD -j limit-209 --A FORWARD -j limit-208 --A FORWARD -j limit-207 --A FORWARD -j limit-206 --A FORWARD -j limit-205 --A FORWARD -j limit-204 --A FORWARD -j limit-203 --A FORWARD -j limit-202 --A FORWARD -j limit-201 --A FORWARD -j limit-200 --A FORWARD -j limit-199 --A FORWARD -j limit-198 --A FORWARD -j limit-197 --A FORWARD -j limit-196 --A FORWARD -j limit-195 --A FORWARD -j limit-194 --A FORWARD -j limit-193 --A FORWARD -j limit-192 --A FORWARD -j limit-191 --A FORWARD -j limit-190 --A FORWARD -j limit-189 --A FORWARD -j limit-188 --A FORWARD -j limit-187 --A FORWARD -j limit-186 --A FORWARD -j limit-185 --A FORWARD -j limit-184 --A FORWARD -j limit-183 --A FORWARD -j limit-182 --A FORWARD -j limit-181 --A FORWARD -j limit-180 --A FORWARD -j limit-179 --A FORWARD -j limit-178 --A FORWARD -j limit-177 --A FORWARD -j limit-176 --A FORWARD -j limit-175 --A FORWARD -j limit-174 --A FORWARD -j limit-173 --A FORWARD -j limit-172 --A FORWARD -j limit-171 --A FORWARD -j limit-170 --A FORWARD -j limit-169 --A FORWARD -j limit-168 --A FORWARD -j limit-167 --A FORWARD -j limit-166 --A FORWARD -j limit-165 --A FORWARD -j limit-164 --A FORWARD -j limit-163 --A FORWARD -j limit-162 --A FORWARD -j limit-161 --A FORWARD -j limit-160 --A FORWARD -j limit-159 --A FORWARD -j limit-158 --A FORWARD -j limit-157 --A FORWARD -j limit-156 --A FORWARD -j limit-155 --A FORWARD -j limit-154 --A FORWARD -j limit-153 --A FORWARD -j limit-152 --A FORWARD -j limit-151 --A FORWARD -j limit-150 --A FORWARD -j limit-149 --A FORWARD -j limit-148 --A FORWARD -j limit-147 --A FORWARD -j limit-146 --A FORWARD -j limit-145 --A FORWARD -j limit-144 --A FORWARD -j limit-143 --A FORWARD -j limit-142 --A FORWARD -j limit-141 --A FORWARD -j limit-140 --A FORWARD -j limit-139 --A FORWARD -j limit-138 --A FORWARD -j limit-137 --A FORWARD -j limit-136 --A FORWARD -j limit-135 --A FORWARD -j limit-134 --A FORWARD -j limit-133 --A FORWARD -j limit-132 --A FORWARD -j limit-131 --A FORWARD -j limit-130 --A FORWARD -j limit-129 --A FORWARD -j limit-128 --A FORWARD -j limit-127 --A FORWARD -j limit-126 --A FORWARD -j limit-125 --A FORWARD -j limit-124 --A FORWARD -j limit-123 --A FORWARD -j limit-122 --A FORWARD -j limit-121 --A FORWARD -j limit-120 --A FORWARD -j limit-119 --A FORWARD -j limit-118 --A FORWARD -j limit-117 --A FORWARD -j limit-116 --A FORWARD -j limit-115 --A FORWARD -j limit-114 --A FORWARD -j limit-113 --A FORWARD -j limit-112 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -682,9 +1172,111 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-106 -A FORWARD -o eth1 -d fc00::/7 -j limit-107 -A FORWARD -o eth1 -d fc00::/7 -j limit-108 --A FORWARD -o eth1 -d fc00::/7 -j limit-109 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -A FORWARD -o eth1 -d fc00::/7 -j limit-110 -A FORWARD -o eth1 -d fc00::/7 -j limit-111 +-A FORWARD -o eth1 -d fc00::/7 -j limit-112 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-54 +-A FORWARD -o eth1 -d fc00::/7 -j limit-114 +-A FORWARD -o eth1 -d fc00::/7 -j limit-115 +-A FORWARD -o eth1 -d fc00::/7 -j limit-116 +-A FORWARD -o eth1 -d fc00::/7 -j limit-117 +-A FORWARD -o eth1 -d fc00::/7 -j limit-118 +-A FORWARD -o eth1 -d fc00::/7 -j limit-119 +-A FORWARD -o eth1 -d fc00::/7 -j limit-120 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-62 +-A FORWARD -o eth1 -d fc00::/7 -j limit-122 +-A FORWARD -o eth1 -d fc00::/7 -j limit-123 +-A FORWARD -o eth1 -d fc00::/7 -j limit-124 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-66 +-A FORWARD -o eth1 -d fc00::/7 -j limit-126 +-A FORWARD -o eth1 -d fc00::/7 -j limit-127 +-A FORWARD -o eth1 -d fc00::/7 -j limit-128 +-A FORWARD -o eth1 -d fc00::/7 -j limit-129 +-A FORWARD -o eth1 -d fc00::/7 -j limit-130 +-A FORWARD -o eth1 -d fc00::/7 -j limit-131 +-A FORWARD -o eth1 -d fc00::/7 -j limit-132 +-A FORWARD -o eth1 -d fc00::/7 -j limit-133 +-A FORWARD -o eth1 -d fc00::/7 -j limit-134 +-A FORWARD -o eth1 -d fc00::/7 -j limit-135 +-A FORWARD -o eth1 -d fc00::/7 -j limit-136 +-A FORWARD -o eth1 -d fc00::/7 -j limit-137 +-A FORWARD -o eth1 -d fc00::/7 -j limit-138 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-140 +-A FORWARD -o eth1 -d fc00::/7 -j limit-141 +-A FORWARD -o eth1 -d fc00::/7 -j limit-142 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-144 +-A FORWARD -o eth1 -d fc00::/7 -j limit-145 +-A FORWARD -o eth1 -d fc00::/7 -j limit-146 +-A FORWARD -o eth1 -d fc00::/7 -j limit-147 +-A FORWARD -o eth1 -d fc00::/7 -j limit-148 +-A FORWARD -o eth1 -d fc00::/7 -j limit-149 +-A FORWARD -o eth1 -d fc00::/7 -j limit-150 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-152 +-A FORWARD -o eth1 -d fc00::/7 -j limit-153 +-A FORWARD -o eth1 -d fc00::/7 -j limit-154 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-156 +-A FORWARD -o eth1 -d fc00::/7 -j limit-157 +-A FORWARD -o eth1 -d fc00::/7 -j limit-158 +-A FORWARD -o eth1 -d fc00::/7 -j limit-159 +-A FORWARD -o eth1 -d fc00::/7 -j limit-160 +-A FORWARD -o eth1 -d fc00::/7 -j limit-161 +-A FORWARD -o eth1 -d fc00::/7 -j limit-162 +-A FORWARD -o eth1 -d fc00::/7 -j limit-163 +-A FORWARD -o eth1 -d fc00::/7 -j limit-164 +-A FORWARD -o eth1 -d fc00::/7 -j limit-165 +-A FORWARD -o eth1 -d fc00::/7 -j limit-166 +-A FORWARD -o eth1 -d fc00::/7 -j limit-167 +-A FORWARD -o eth1 -d fc00::/7 -j limit-168 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-170 +-A FORWARD -o eth1 -d fc00::/7 -j limit-171 +-A FORWARD -o eth1 -d fc00::/7 -j limit-172 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-174 +-A FORWARD -o eth1 -d fc00::/7 -j limit-175 +-A FORWARD -o eth1 -d fc00::/7 -j limit-176 +-A FORWARD -o eth1 -d fc00::/7 -j limit-177 +-A FORWARD -o eth1 -d fc00::/7 -j limit-178 +-A FORWARD -o eth1 -d fc00::/7 -j limit-179 +-A FORWARD -o eth1 -d fc00::/7 -j limit-180 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-182 +-A FORWARD -o eth1 -d fc00::/7 -j limit-183 +-A FORWARD -o eth1 -d fc00::/7 -j limit-184 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-186 +-A FORWARD -o eth1 -d fc00::/7 -j limit-187 +-A FORWARD -o eth1 -d fc00::/7 -j limit-188 +-A FORWARD -o eth1 -d fc00::/7 -j limit-189 +-A FORWARD -o eth1 -d fc00::/7 -j limit-190 +-A FORWARD -o eth1 -d fc00::/7 -j limit-191 +-A FORWARD -o eth1 -d fc00::/7 -j limit-192 +-A FORWARD -o eth1 -d fc00::/7 -j limit-193 +-A FORWARD -o eth1 -d fc00::/7 -j limit-194 +-A FORWARD -o eth1 -d fc00::/7 -j limit-195 +-A FORWARD -o eth1 -d fc00::/7 -j limit-196 +-A FORWARD -o eth1 -d fc00::/7 -j limit-197 +-A FORWARD -o eth1 -d fc00::/7 -j limit-198 +-A FORWARD -o eth1 -d fc00::/7 -j limit-199 +-A FORWARD -o eth1 -d fc00::/7 -j limit-200 +-A FORWARD -o eth1 -d fc00::/7 -j limit-201 +-A FORWARD -o eth1 -d fc00::/7 -j limit-202 +-A FORWARD -o eth1 -d fc00::/7 -j limit-203 +-A FORWARD -o eth1 -d fc00::/7 -j limit-204 +-A FORWARD -o eth1 -d fc00::/7 -j limit-205 +-A FORWARD -o eth1 -d fc00::/7 -j limit-206 +-A FORWARD -o eth1 -d fc00::/7 -j limit-207 +-A FORWARD -o eth1 -d fc00::/7 -j limit-208 +-A FORWARD -o eth1 -d fc00::/7 -j limit-209 +-A FORWARD -o eth1 -d fc00::/7 -j limit-210 +-A FORWARD -o eth1 -d fc00::/7 -j limit-211 +-A FORWARD -o eth1 -d fc00::/7 -j limit-212 +-A FORWARD -o eth1 -d fc00::/7 -j limit-213 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -745,17 +1337,71 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-19 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-20 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-21 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-22 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-23 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-24 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-25 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-26 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-27 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-28 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-29 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-30 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-31 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-32 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-33 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-34 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-35 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-36 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-37 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-109 +-A FORWARD -j logdrop-199 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD --A FORWARD -j logaccept-8 --A FORWARD -j logdrop-110 +-A FORWARD -j logaccept-14 +-A FORWARD -j logdrop-200 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -788,6 +1434,210 @@ -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-427 +-A INPUT -j limit-426 +-A INPUT -j limit-425 +-A INPUT -j limit-424 +-A INPUT -j limit-423 +-A INPUT -j limit-422 +-A INPUT -j limit-421 +-A INPUT -j limit-420 +-A INPUT -j limit-419 +-A INPUT -j limit-418 +-A INPUT -j limit-417 +-A INPUT -j limit-416 +-A INPUT -j limit-415 +-A INPUT -j limit-414 +-A INPUT -j limit-413 +-A INPUT -j limit-412 +-A INPUT -j limit-411 +-A INPUT -j limit-410 +-A INPUT -j limit-409 +-A INPUT -j limit-408 +-A INPUT -j limit-407 +-A INPUT -j limit-406 +-A INPUT -j limit-405 +-A INPUT -j limit-404 +-A INPUT -j limit-403 +-A INPUT -j limit-402 +-A INPUT -j limit-401 +-A INPUT -j limit-400 +-A INPUT -j limit-399 +-A INPUT -j limit-398 +-A INPUT -j limit-397 +-A INPUT -j limit-396 +-A INPUT -j limit-395 +-A INPUT -j limit-394 +-A INPUT -j limit-393 +-A INPUT -j limit-392 +-A INPUT -j limit-391 +-A INPUT -j limit-390 +-A INPUT -j limit-389 +-A INPUT -j limit-388 +-A INPUT -j limit-387 +-A INPUT -j limit-386 +-A INPUT -j limit-385 +-A INPUT -j limit-384 +-A INPUT -j limit-383 +-A INPUT -j limit-382 +-A INPUT -j limit-381 +-A INPUT -j limit-380 +-A INPUT -j limit-379 +-A INPUT -j limit-378 +-A INPUT -j limit-377 +-A INPUT -j limit-376 +-A INPUT -j limit-375 +-A INPUT -j limit-374 +-A INPUT -j limit-373 +-A INPUT -j limit-372 +-A INPUT -j limit-371 +-A INPUT -j limit-370 +-A INPUT -j limit-369 +-A INPUT -j limit-368 +-A INPUT -j limit-367 +-A INPUT -j limit-366 +-A INPUT -j limit-365 +-A INPUT -j limit-364 +-A INPUT -j limit-363 +-A INPUT -j limit-362 +-A INPUT -j limit-361 +-A INPUT -j limit-360 +-A INPUT -j limit-359 +-A INPUT -j limit-358 +-A INPUT -j limit-357 +-A INPUT -j limit-356 +-A INPUT -j limit-355 +-A INPUT -j limit-354 +-A INPUT -j limit-353 +-A INPUT -j limit-352 +-A INPUT -j limit-351 +-A INPUT -j limit-350 +-A INPUT -j limit-349 +-A INPUT -j limit-348 +-A INPUT -j limit-347 +-A INPUT -j limit-346 +-A INPUT -j limit-345 +-A INPUT -j limit-344 +-A INPUT -j limit-343 +-A INPUT -j limit-342 +-A INPUT -j limit-341 +-A INPUT -j limit-340 +-A INPUT -j limit-339 +-A INPUT -j limit-338 +-A INPUT -j limit-337 +-A INPUT -j limit-336 +-A INPUT -j limit-335 +-A INPUT -j limit-334 +-A INPUT -j limit-333 +-A INPUT -j limit-332 +-A INPUT -j limit-331 +-A INPUT -j limit-330 +-A INPUT -j limit-329 +-A INPUT -j limit-328 +-A INPUT -j limit-327 +-A INPUT -j limit-326 +-A INPUT -j limit-325 +-A INPUT -j limit-324 +-A INPUT -j limit-323 +-A INPUT -j limit-322 +-A INPUT -j limit-321 +-A INPUT -j limit-320 +-A INPUT -j limit-319 +-A INPUT -j limit-318 +-A INPUT -j limit-317 +-A INPUT -j limit-316 +-A INPUT -j limit-315 +-A INPUT -j limit-314 +-A INPUT -j limit-313 +-A INPUT -j limit-312 +-A INPUT -j limit-311 +-A INPUT -j limit-310 +-A INPUT -j limit-309 +-A INPUT -j limit-308 +-A INPUT -j limit-307 +-A INPUT -j limit-306 +-A INPUT -j limit-305 +-A INPUT -j limit-304 +-A INPUT -j limit-303 +-A INPUT -j limit-302 +-A INPUT -j limit-301 +-A INPUT -j limit-300 +-A INPUT -j limit-299 +-A INPUT -j limit-298 +-A INPUT -j limit-297 +-A INPUT -j limit-296 +-A INPUT -j limit-295 +-A INPUT -j limit-294 +-A INPUT -j limit-293 +-A INPUT -j limit-292 +-A INPUT -j limit-291 +-A INPUT -j limit-290 +-A INPUT -j limit-289 +-A INPUT -j limit-288 +-A INPUT -j limit-287 +-A INPUT -j limit-286 +-A INPUT -j limit-285 +-A INPUT -j limit-284 +-A INPUT -j limit-283 +-A INPUT -j limit-282 +-A INPUT -j limit-281 +-A INPUT -j limit-280 +-A INPUT -j limit-279 +-A INPUT -j limit-278 +-A INPUT -j limit-277 +-A INPUT -j limit-276 +-A INPUT -j limit-275 +-A INPUT -j limit-274 +-A INPUT -j limit-273 +-A INPUT -j limit-272 +-A INPUT -j limit-271 +-A INPUT -j limit-270 +-A INPUT -j limit-269 +-A INPUT -j limit-268 +-A INPUT -j limit-267 +-A INPUT -j limit-266 +-A INPUT -j limit-265 +-A INPUT -j limit-264 +-A INPUT -j limit-263 +-A INPUT -j limit-262 +-A INPUT -j limit-261 +-A INPUT -j limit-260 +-A INPUT -j limit-259 +-A INPUT -j limit-258 +-A INPUT -j limit-257 +-A INPUT -j limit-256 +-A INPUT -j limit-255 +-A INPUT -j limit-254 +-A INPUT -j limit-253 +-A INPUT -j limit-252 +-A INPUT -j limit-251 +-A INPUT -j limit-250 +-A INPUT -j limit-249 +-A INPUT -j limit-248 +-A INPUT -j limit-247 +-A INPUT -j limit-246 +-A INPUT -j limit-245 +-A INPUT -j limit-244 +-A INPUT -j limit-243 +-A INPUT -j limit-242 +-A INPUT -j limit-241 +-A INPUT -j limit-240 +-A INPUT -j limit-239 +-A INPUT -j limit-238 +-A INPUT -j limit-237 +-A INPUT -j limit-236 +-A INPUT -j limit-235 +-A INPUT -j limit-234 +-A INPUT -j limit-233 +-A INPUT -j limit-232 +-A INPUT -j limit-231 +-A INPUT -j limit-230 +-A INPUT -j limit-229 +-A INPUT -j limit-228 +-A INPUT -j limit-227 +-A INPUT -j limit-226 +-A INPUT -j limit-225 +-A INPUT -j limit-224 -A INPUT -j limit-223 -A INPUT -j limit-222 -A INPUT -j limit-221 @@ -798,108 +1648,6 @@ -A INPUT -j limit-216 -A INPUT -j limit-215 -A INPUT -j limit-214 --A INPUT -j limit-213 --A INPUT -j limit-212 --A INPUT -j limit-211 --A INPUT -j limit-210 --A INPUT -j limit-209 --A INPUT -j limit-208 --A INPUT -j limit-207 --A INPUT -j limit-206 --A INPUT -j limit-205 --A INPUT -j limit-204 --A INPUT -j limit-203 --A INPUT -j limit-202 --A INPUT -j limit-201 --A INPUT -j limit-200 --A INPUT -j limit-199 --A INPUT -j limit-198 --A INPUT -j limit-197 --A INPUT -j limit-196 --A INPUT -j limit-195 --A INPUT -j limit-194 --A INPUT -j limit-193 --A INPUT -j limit-192 --A INPUT -j limit-191 --A INPUT -j limit-190 --A INPUT -j limit-189 --A INPUT -j limit-188 --A INPUT -j limit-187 --A INPUT -j limit-186 --A INPUT -j limit-185 --A INPUT -j limit-184 --A INPUT -j limit-183 --A INPUT -j limit-182 --A INPUT -j limit-181 --A INPUT -j limit-180 --A INPUT -j limit-179 --A INPUT -j limit-178 --A INPUT -j limit-177 --A INPUT -j limit-176 --A INPUT -j limit-175 --A INPUT -j limit-174 --A INPUT -j limit-173 --A INPUT -j limit-172 --A INPUT -j limit-171 --A INPUT -j limit-170 --A INPUT -j limit-169 --A INPUT -j limit-168 --A INPUT -j limit-167 --A INPUT -j limit-166 --A INPUT -j limit-165 --A INPUT -j limit-164 --A INPUT -j limit-163 --A INPUT -j limit-162 --A INPUT -j limit-161 --A INPUT -j limit-160 --A INPUT -j limit-159 --A INPUT -j limit-158 --A INPUT -j limit-157 --A INPUT -j limit-156 --A INPUT -j limit-155 --A INPUT -j limit-154 --A INPUT -j limit-153 --A INPUT -j limit-152 --A INPUT -j limit-151 --A INPUT -j limit-150 --A INPUT -j limit-149 --A INPUT -j limit-148 --A INPUT -j limit-147 --A INPUT -j limit-146 --A INPUT -j limit-145 --A INPUT -j limit-144 --A INPUT -j limit-143 --A INPUT -j limit-142 --A INPUT -j limit-141 --A INPUT -j limit-140 --A INPUT -j limit-139 --A INPUT -j limit-138 --A INPUT -j limit-137 --A INPUT -j limit-136 --A INPUT -j limit-135 --A INPUT -j limit-134 --A INPUT -j limit-133 --A INPUT -j limit-132 --A INPUT -j limit-131 --A INPUT -j limit-130 --A INPUT -j limit-129 --A INPUT -j limit-128 --A INPUT -j limit-127 --A INPUT -j limit-126 --A INPUT -j limit-125 --A INPUT -j limit-124 --A INPUT -j limit-123 --A INPUT -j limit-122 --A INPUT -j limit-121 --A INPUT -j limit-120 --A INPUT -j limit-119 --A INPUT -j limit-118 --A INPUT -j limit-117 --A INPUT -j limit-116 --A INPUT -j limit-115 --A INPUT -j limit-114 --A INPUT -j limit-113 --A INPUT -j limit-112 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -968,129 +1716,285 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-19 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-224 --A INPUT -i eth0 -j limit-225 --A INPUT -i eth0 -j limit-226 --A INPUT -i eth0 -j limit-227 --A INPUT -i eth0 -j limit-228 --A INPUT -i eth0 -j limit-229 --A INPUT -i eth0 -j limit-230 --A INPUT -i eth0 -j limit-231 --A INPUT -i eth0 -j limit-232 --A INPUT -i eth0 -j limit-233 --A INPUT -i eth0 -j limit-234 --A INPUT -i eth0 -j limit-235 --A INPUT -i eth0 -j limit-236 --A INPUT -i eth0 -j limit-237 --A INPUT -i eth0 -j limit-238 --A INPUT -i eth0 -j limit-239 --A INPUT -i eth0 -j limit-240 --A INPUT -i eth0 -j limit-241 --A INPUT -i eth0 -j limit-242 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-92 --A INPUT -i eth0 -j limit-244 --A INPUT -i eth0 -j limit-245 --A INPUT -i eth0 -j limit-246 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-96 --A INPUT -i eth0 -j limit-248 --A INPUT -i eth0 -j limit-249 --A INPUT -i eth0 -j limit-250 --A INPUT -i eth0 -j limit-251 --A INPUT -i eth0 -j limit-252 --A INPUT -i eth0 -j limit-253 --A INPUT -i eth0 -j limit-254 --A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-104 --A INPUT -i eth0 -j limit-256 --A INPUT -i eth0 -j limit-257 --A INPUT -i eth0 -j limit-258 --A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-108 --A INPUT -i eth0 -j limit-260 --A INPUT -i eth0 -j limit-261 --A INPUT -i eth0 -j limit-262 --A INPUT -i eth0 -j limit-263 --A INPUT -i eth0 -j limit-264 --A INPUT -i eth0 -j limit-265 --A INPUT -i eth0 -j limit-266 --A INPUT -i eth0 -j limit-267 --A INPUT -i eth0 -j limit-268 --A INPUT -i eth0 -j limit-269 --A INPUT -i eth0 -j limit-270 --A INPUT -i eth0 -j limit-271 --A INPUT -i eth0 -j limit-272 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-20 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-21 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-22 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-23 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-24 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-25 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-26 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-27 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-28 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-29 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-30 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-31 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-32 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-33 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-34 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-35 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-36 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-37 +-A INPUT -j ACCEPT +-A INPUT -i eth0 -j limit-428 +-A INPUT -i eth0 -j limit-429 +-A INPUT -i eth0 -j limit-430 +-A INPUT -i eth0 -j limit-431 +-A INPUT -i eth0 -j limit-432 +-A INPUT -i eth0 -j limit-433 +-A INPUT -i eth0 -j limit-434 +-A INPUT -i eth0 -j limit-435 +-A INPUT -i eth0 -j limit-436 +-A INPUT -i eth0 -j limit-437 +-A INPUT -i eth0 -j limit-438 +-A INPUT -i eth0 -j limit-439 +-A INPUT -i eth0 -j limit-440 +-A INPUT -i eth0 -j limit-441 +-A INPUT -i eth0 -j limit-442 +-A INPUT -i eth0 -j limit-443 +-A INPUT -i eth0 -j limit-444 +-A INPUT -i eth0 -j limit-445 +-A INPUT -i eth0 -j limit-446 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-152 +-A INPUT -i eth0 -j limit-448 +-A INPUT -i eth0 -j limit-449 +-A INPUT -i eth0 -j limit-450 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-156 +-A INPUT -i eth0 -j limit-452 +-A INPUT -i eth0 -j limit-453 +-A INPUT -i eth0 -j limit-454 +-A INPUT -i eth0 -j limit-455 +-A INPUT -i eth0 -j limit-456 +-A INPUT -i eth0 -j limit-457 +-A INPUT -i eth0 -j limit-458 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-164 +-A INPUT -i eth0 -j limit-460 +-A INPUT -i eth0 -j limit-461 +-A INPUT -i eth0 -j limit-462 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-168 +-A INPUT -i eth0 -j limit-464 +-A INPUT -i eth0 -j limit-465 +-A INPUT -i eth0 -j limit-466 +-A INPUT -i eth0 -j limit-467 +-A INPUT -i eth0 -j limit-468 +-A INPUT -i eth0 -j limit-469 +-A INPUT -i eth0 -j limit-470 +-A INPUT -i eth0 -j limit-471 +-A INPUT -i eth0 -j limit-472 +-A INPUT -i eth0 -j limit-473 +-A INPUT -i eth0 -j limit-474 +-A INPUT -i eth0 -j limit-475 +-A INPUT -i eth0 -j limit-476 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-274 --A INPUT -i eth0 -j limit-275 --A INPUT -i eth0 -j limit-276 +-A INPUT -i eth0 -j limit-478 +-A INPUT -i eth0 -j limit-479 +-A INPUT -i eth0 -j limit-480 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-278 --A INPUT -i eth0 -j limit-279 --A INPUT -i eth0 -j limit-280 --A INPUT -i eth0 -j limit-281 --A INPUT -i eth0 -j limit-282 --A INPUT -i eth0 -j limit-283 --A INPUT -i eth0 -j limit-284 +-A INPUT -i eth0 -j limit-482 +-A INPUT -i eth0 -j limit-483 +-A INPUT -i eth0 -j limit-484 +-A INPUT -i eth0 -j limit-485 +-A INPUT -i eth0 -j limit-486 +-A INPUT -i eth0 -j limit-487 +-A INPUT -i eth0 -j limit-488 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-286 --A INPUT -i eth0 -j limit-287 --A INPUT -i eth0 -j limit-288 +-A INPUT -i eth0 -j limit-490 +-A INPUT -i eth0 -j limit-491 +-A INPUT -i eth0 -j limit-492 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-290 --A INPUT -i eth0 -j limit-291 --A INPUT -i eth0 -j limit-292 --A INPUT -i eth0 -j limit-293 --A INPUT -i eth0 -j limit-294 --A INPUT -i eth0 -j limit-295 --A INPUT -i eth0 -j limit-296 --A INPUT -i eth0 -j limit-297 --A INPUT -i eth0 -j limit-298 --A INPUT -i eth0 -j limit-299 --A INPUT -i eth0 -j limit-300 --A INPUT -i eth0 -j limit-301 --A INPUT -i eth0 -j limit-302 +-A INPUT -i eth0 -j limit-494 +-A INPUT -i eth0 -j limit-495 +-A INPUT -i eth0 -j limit-496 +-A INPUT -i eth0 -j limit-497 +-A INPUT -i eth0 -j limit-498 +-A INPUT -i eth0 -j limit-499 +-A INPUT -i eth0 -j limit-500 +-A INPUT -i eth0 -j limit-501 +-A INPUT -i eth0 -j limit-502 +-A INPUT -i eth0 -j limit-503 +-A INPUT -i eth0 -j limit-504 +-A INPUT -i eth0 -j limit-505 +-A INPUT -i eth0 -j limit-506 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-304 --A INPUT -i eth0 -j limit-305 --A INPUT -i eth0 -j limit-306 +-A INPUT -i eth0 -j limit-508 +-A INPUT -i eth0 -j limit-509 +-A INPUT -i eth0 -j limit-510 -A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-308 --A INPUT -i eth0 -j limit-309 --A INPUT -i eth0 -j limit-310 --A INPUT -i eth0 -j limit-311 --A INPUT -i eth0 -j limit-312 --A INPUT -i eth0 -j limit-313 --A INPUT -i eth0 -j limit-314 +-A INPUT -i eth0 -j limit-512 +-A INPUT -i eth0 -j limit-513 +-A INPUT -i eth0 -j limit-514 +-A INPUT -i eth0 -j limit-515 +-A INPUT -i eth0 -j limit-516 +-A INPUT -i eth0 -j limit-517 +-A INPUT -i eth0 -j limit-518 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-316 --A INPUT -i eth0 -j limit-317 --A INPUT -i eth0 -j limit-318 +-A INPUT -i eth0 -j limit-520 +-A INPUT -i eth0 -j limit-521 +-A INPUT -i eth0 -j limit-522 -A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-320 --A INPUT -i eth0 -j limit-321 --A INPUT -i eth0 -j limit-322 --A INPUT -i eth0 -j limit-323 --A INPUT -i eth0 -j limit-324 --A INPUT -i eth0 -j limit-325 --A INPUT -i eth0 -j limit-326 --A INPUT -i eth0 -j limit-327 --A INPUT -i eth0 -j limit-328 --A INPUT -i eth0 -j limit-329 --A INPUT -i eth0 -j limit-330 --A INPUT -i eth0 -j limit-331 --A INPUT -i eth0 -j limit-332 --A INPUT -i eth0 -j limit-333 --A INPUT -i eth0 -j limit-334 --A INPUT -i eth0 -j limit-335 +-A INPUT -i eth0 -j limit-524 +-A INPUT -i eth0 -j limit-525 +-A INPUT -i eth0 -j limit-526 +-A INPUT -i eth0 -j limit-527 +-A INPUT -i eth0 -j limit-528 +-A INPUT -i eth0 -j limit-529 +-A INPUT -i eth0 -j limit-530 +-A INPUT -i eth0 -j limit-531 +-A INPUT -i eth0 -j limit-532 +-A INPUT -i eth0 -j limit-533 +-A INPUT -i eth0 -j limit-534 +-A INPUT -i eth0 -j limit-535 +-A INPUT -i eth0 -j limit-536 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-182 +-A INPUT -i eth0 -j limit-538 +-A INPUT -i eth0 -j limit-539 +-A INPUT -i eth0 -j limit-540 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-186 +-A INPUT -i eth0 -j limit-542 +-A INPUT -i eth0 -j limit-543 +-A INPUT -i eth0 -j limit-544 +-A INPUT -i eth0 -j limit-545 +-A INPUT -i eth0 -j limit-546 +-A INPUT -i eth0 -j limit-547 +-A INPUT -i eth0 -j limit-548 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-194 +-A INPUT -i eth0 -j limit-550 +-A INPUT -i eth0 -j limit-551 +-A INPUT -i eth0 -j limit-552 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-198 +-A INPUT -i eth0 -j limit-554 +-A INPUT -i eth0 -j limit-555 +-A INPUT -i eth0 -j limit-556 +-A INPUT -i eth0 -j limit-557 +-A INPUT -i eth0 -j limit-558 +-A INPUT -i eth0 -j limit-559 +-A INPUT -i eth0 -j limit-560 +-A INPUT -i eth0 -j limit-561 +-A INPUT -i eth0 -j limit-562 +-A INPUT -i eth0 -j limit-563 +-A INPUT -i eth0 -j limit-564 +-A INPUT -i eth0 -j limit-565 +-A INPUT -i eth0 -j limit-566 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-568 +-A INPUT -i eth0 -j limit-569 +-A INPUT -i eth0 -j limit-570 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-572 +-A INPUT -i eth0 -j limit-573 +-A INPUT -i eth0 -j limit-574 +-A INPUT -i eth0 -j limit-575 +-A INPUT -i eth0 -j limit-576 +-A INPUT -i eth0 -j limit-577 +-A INPUT -i eth0 -j limit-578 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-580 +-A INPUT -i eth0 -j limit-581 +-A INPUT -i eth0 -j limit-582 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-584 +-A INPUT -i eth0 -j limit-585 +-A INPUT -i eth0 -j limit-586 +-A INPUT -i eth0 -j limit-587 +-A INPUT -i eth0 -j limit-588 +-A INPUT -i eth0 -j limit-589 +-A INPUT -i eth0 -j limit-590 +-A INPUT -i eth0 -j limit-591 +-A INPUT -i eth0 -j limit-592 +-A INPUT -i eth0 -j limit-593 +-A INPUT -i eth0 -j limit-594 +-A INPUT -i eth0 -j limit-595 +-A INPUT -i eth0 -j limit-596 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-598 +-A INPUT -i eth0 -j limit-599 +-A INPUT -i eth0 -j limit-600 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-602 +-A INPUT -i eth0 -j limit-603 +-A INPUT -i eth0 -j limit-604 +-A INPUT -i eth0 -j limit-605 +-A INPUT -i eth0 -j limit-606 +-A INPUT -i eth0 -j limit-607 +-A INPUT -i eth0 -j limit-608 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-610 +-A INPUT -i eth0 -j limit-611 +-A INPUT -i eth0 -j limit-612 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A INPUT -i eth0 -j limit-614 +-A INPUT -i eth0 -j limit-615 +-A INPUT -i eth0 -j limit-616 +-A INPUT -i eth0 -j limit-617 +-A INPUT -i eth0 -j limit-618 +-A INPUT -i eth0 -j limit-619 +-A INPUT -i eth0 -j limit-620 +-A INPUT -i eth0 -j limit-621 +-A INPUT -i eth0 -j limit-622 +-A INPUT -i eth0 -j limit-623 +-A INPUT -i eth0 -j limit-624 +-A INPUT -i eth0 -j limit-625 +-A INPUT -i eth0 -j limit-626 +-A INPUT -i eth0 -j limit-627 +-A INPUT -i eth0 -j limit-628 +-A INPUT -i eth0 -j limit-629 +-A INPUT -i eth0 -j limit-630 +-A INPUT -i eth0 -j limit-631 +-A INPUT -i eth0 -j limit-632 +-A INPUT -i eth0 -j limit-633 +-A INPUT -i eth0 -j limit-634 +-A INPUT -i eth0 -j limit-635 +-A INPUT -i eth0 -j limit-636 +-A INPUT -i eth0 -j limit-637 +-A INPUT -i eth0 -j limit-638 +-A INPUT -i eth0 -j limit-639 +-A INPUT -i eth0 -j limit-640 +-A INPUT -i eth0 -j limit-641 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-109 +-A INPUT -j logdrop-199 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT --A INPUT -j logaccept-8 --A INPUT -j logdrop-110 +-A INPUT -j logaccept-14 +-A INPUT -j logdrop-200 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -1103,6 +2007,210 @@ -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-427 +-A OUTPUT -j limit-426 +-A OUTPUT -j limit-425 +-A OUTPUT -j limit-424 +-A OUTPUT -j limit-423 +-A OUTPUT -j limit-422 +-A OUTPUT -j limit-421 +-A OUTPUT -j limit-420 +-A OUTPUT -j limit-419 +-A OUTPUT -j limit-418 +-A OUTPUT -j limit-417 +-A OUTPUT -j limit-416 +-A OUTPUT -j limit-415 +-A OUTPUT -j limit-414 +-A OUTPUT -j limit-413 +-A OUTPUT -j limit-412 +-A OUTPUT -j limit-411 +-A OUTPUT -j limit-410 +-A OUTPUT -j limit-409 +-A OUTPUT -j limit-408 +-A OUTPUT -j limit-407 +-A OUTPUT -j limit-406 +-A OUTPUT -j limit-405 +-A OUTPUT -j limit-404 +-A OUTPUT -j limit-403 +-A OUTPUT -j limit-402 +-A OUTPUT -j limit-401 +-A OUTPUT -j limit-400 +-A OUTPUT -j limit-399 +-A OUTPUT -j limit-398 +-A OUTPUT -j limit-397 +-A OUTPUT -j limit-396 +-A OUTPUT -j limit-395 +-A OUTPUT -j limit-394 +-A OUTPUT -j limit-393 +-A OUTPUT -j limit-392 +-A OUTPUT -j limit-391 +-A OUTPUT -j limit-390 +-A OUTPUT -j limit-389 +-A OUTPUT -j limit-388 +-A OUTPUT -j limit-387 +-A OUTPUT -j limit-386 +-A OUTPUT -j limit-385 +-A OUTPUT -j limit-384 +-A OUTPUT -j limit-383 +-A OUTPUT -j limit-382 +-A OUTPUT -j limit-381 +-A OUTPUT -j limit-380 +-A OUTPUT -j limit-379 +-A OUTPUT -j limit-378 +-A OUTPUT -j limit-377 +-A OUTPUT -j limit-376 +-A OUTPUT -j limit-375 +-A OUTPUT -j limit-374 +-A OUTPUT -j limit-373 +-A OUTPUT -j limit-372 +-A OUTPUT -j limit-371 +-A OUTPUT -j limit-370 +-A OUTPUT -j limit-369 +-A OUTPUT -j limit-368 +-A OUTPUT -j limit-367 +-A OUTPUT -j limit-366 +-A OUTPUT -j limit-365 +-A OUTPUT -j limit-364 +-A OUTPUT -j limit-363 +-A OUTPUT -j limit-362 +-A OUTPUT -j limit-361 +-A OUTPUT -j limit-360 +-A OUTPUT -j limit-359 +-A OUTPUT -j limit-358 +-A OUTPUT -j limit-357 +-A OUTPUT -j limit-356 +-A OUTPUT -j limit-355 +-A OUTPUT -j limit-354 +-A OUTPUT -j limit-353 +-A OUTPUT -j limit-352 +-A OUTPUT -j limit-351 +-A OUTPUT -j limit-350 +-A OUTPUT -j limit-349 +-A OUTPUT -j limit-348 +-A OUTPUT -j limit-347 +-A OUTPUT -j limit-346 +-A OUTPUT -j limit-345 +-A OUTPUT -j limit-344 +-A OUTPUT -j limit-343 +-A OUTPUT -j limit-342 +-A OUTPUT -j limit-341 +-A OUTPUT -j limit-340 +-A OUTPUT -j limit-339 +-A OUTPUT -j limit-338 +-A OUTPUT -j limit-337 +-A OUTPUT -j limit-336 +-A OUTPUT -j limit-335 +-A OUTPUT -j limit-334 +-A OUTPUT -j limit-333 +-A OUTPUT -j limit-332 +-A OUTPUT -j limit-331 +-A OUTPUT -j limit-330 +-A OUTPUT -j limit-329 +-A OUTPUT -j limit-328 +-A OUTPUT -j limit-327 +-A OUTPUT -j limit-326 +-A OUTPUT -j limit-325 +-A OUTPUT -j limit-324 +-A OUTPUT -j limit-323 +-A OUTPUT -j limit-322 +-A OUTPUT -j limit-321 +-A OUTPUT -j limit-320 +-A OUTPUT -j limit-319 +-A OUTPUT -j limit-318 +-A OUTPUT -j limit-317 +-A OUTPUT -j limit-316 +-A OUTPUT -j limit-315 +-A OUTPUT -j limit-314 +-A OUTPUT -j limit-313 +-A OUTPUT -j limit-312 +-A OUTPUT -j limit-311 +-A OUTPUT -j limit-310 +-A OUTPUT -j limit-309 +-A OUTPUT -j limit-308 +-A OUTPUT -j limit-307 +-A OUTPUT -j limit-306 +-A OUTPUT -j limit-305 +-A OUTPUT -j limit-304 +-A OUTPUT -j limit-303 +-A OUTPUT -j limit-302 +-A OUTPUT -j limit-301 +-A OUTPUT -j limit-300 +-A OUTPUT -j limit-299 +-A OUTPUT -j limit-298 +-A OUTPUT -j limit-297 +-A OUTPUT -j limit-296 +-A OUTPUT -j limit-295 +-A OUTPUT -j limit-294 +-A OUTPUT -j limit-293 +-A OUTPUT -j limit-292 +-A OUTPUT -j limit-291 +-A OUTPUT -j limit-290 +-A OUTPUT -j limit-289 +-A OUTPUT -j limit-288 +-A OUTPUT -j limit-287 +-A OUTPUT -j limit-286 +-A OUTPUT -j limit-285 +-A OUTPUT -j limit-284 +-A OUTPUT -j limit-283 +-A OUTPUT -j limit-282 +-A OUTPUT -j limit-281 +-A OUTPUT -j limit-280 +-A OUTPUT -j limit-279 +-A OUTPUT -j limit-278 +-A OUTPUT -j limit-277 +-A OUTPUT -j limit-276 +-A OUTPUT -j limit-275 +-A OUTPUT -j limit-274 +-A OUTPUT -j limit-273 +-A OUTPUT -j limit-272 +-A OUTPUT -j limit-271 +-A OUTPUT -j limit-270 +-A OUTPUT -j limit-269 +-A OUTPUT -j limit-268 +-A OUTPUT -j limit-267 +-A OUTPUT -j limit-266 +-A OUTPUT -j limit-265 +-A OUTPUT -j limit-264 +-A OUTPUT -j limit-263 +-A OUTPUT -j limit-262 +-A OUTPUT -j limit-261 +-A OUTPUT -j limit-260 +-A OUTPUT -j limit-259 +-A OUTPUT -j limit-258 +-A OUTPUT -j limit-257 +-A OUTPUT -j limit-256 +-A OUTPUT -j limit-255 +-A OUTPUT -j limit-254 +-A OUTPUT -j limit-253 +-A OUTPUT -j limit-252 +-A OUTPUT -j limit-251 +-A OUTPUT -j limit-250 +-A OUTPUT -j limit-249 +-A OUTPUT -j limit-248 +-A OUTPUT -j limit-247 +-A OUTPUT -j limit-246 +-A OUTPUT -j limit-245 +-A OUTPUT -j limit-244 +-A OUTPUT -j limit-243 +-A OUTPUT -j limit-242 +-A OUTPUT -j limit-241 +-A OUTPUT -j limit-240 +-A OUTPUT -j limit-239 +-A OUTPUT -j limit-238 +-A OUTPUT -j limit-237 +-A OUTPUT -j limit-236 +-A OUTPUT -j limit-235 +-A OUTPUT -j limit-234 +-A OUTPUT -j limit-233 +-A OUTPUT -j limit-232 +-A OUTPUT -j limit-231 +-A OUTPUT -j limit-230 +-A OUTPUT -j limit-229 +-A OUTPUT -j limit-228 +-A OUTPUT -j limit-227 +-A OUTPUT -j limit-226 +-A OUTPUT -j limit-225 +-A OUTPUT -j limit-224 -A OUTPUT -j limit-223 -A OUTPUT -j limit-222 -A OUTPUT -j limit-221 @@ -1113,108 +2221,6 @@ -A OUTPUT -j limit-216 -A OUTPUT -j limit-215 -A OUTPUT -j limit-214 --A OUTPUT -j limit-213 --A OUTPUT -j limit-212 --A OUTPUT -j limit-211 --A OUTPUT -j limit-210 --A OUTPUT -j limit-209 --A OUTPUT -j limit-208 --A OUTPUT -j limit-207 --A OUTPUT -j limit-206 --A OUTPUT -j limit-205 --A OUTPUT -j limit-204 --A OUTPUT -j limit-203 --A OUTPUT -j limit-202 --A OUTPUT -j limit-201 --A OUTPUT -j limit-200 --A OUTPUT -j limit-199 --A OUTPUT -j limit-198 --A OUTPUT -j limit-197 --A OUTPUT -j limit-196 --A OUTPUT -j limit-195 --A OUTPUT -j limit-194 --A OUTPUT -j limit-193 --A OUTPUT -j limit-192 --A OUTPUT -j limit-191 --A OUTPUT -j limit-190 --A OUTPUT -j limit-189 --A OUTPUT -j limit-188 --A OUTPUT -j limit-187 --A OUTPUT -j limit-186 --A OUTPUT -j limit-185 --A OUTPUT -j limit-184 --A OUTPUT -j limit-183 --A OUTPUT -j limit-182 --A OUTPUT -j limit-181 --A OUTPUT -j limit-180 --A OUTPUT -j limit-179 --A OUTPUT -j limit-178 --A OUTPUT -j limit-177 --A OUTPUT -j limit-176 --A OUTPUT -j limit-175 --A OUTPUT -j limit-174 --A OUTPUT -j limit-173 --A OUTPUT -j limit-172 --A OUTPUT -j limit-171 --A OUTPUT -j limit-170 --A OUTPUT -j limit-169 --A OUTPUT -j limit-168 --A OUTPUT -j limit-167 --A OUTPUT -j limit-166 --A OUTPUT -j limit-165 --A OUTPUT -j limit-164 --A OUTPUT -j limit-163 --A OUTPUT -j limit-162 --A OUTPUT -j limit-161 --A OUTPUT -j limit-160 --A OUTPUT -j limit-159 --A OUTPUT -j limit-158 --A OUTPUT -j limit-157 --A OUTPUT -j limit-156 --A OUTPUT -j limit-155 --A OUTPUT -j limit-154 --A OUTPUT -j limit-153 --A OUTPUT -j limit-152 --A OUTPUT -j limit-151 --A OUTPUT -j limit-150 --A OUTPUT -j limit-149 --A OUTPUT -j limit-148 --A OUTPUT -j limit-147 --A OUTPUT -j limit-146 --A OUTPUT -j limit-145 --A OUTPUT -j limit-144 --A OUTPUT -j limit-143 --A OUTPUT -j limit-142 --A OUTPUT -j limit-141 --A OUTPUT -j limit-140 --A OUTPUT -j limit-139 --A OUTPUT -j limit-138 --A OUTPUT -j limit-137 --A OUTPUT -j limit-136 --A OUTPUT -j limit-135 --A OUTPUT -j limit-134 --A OUTPUT -j limit-133 --A OUTPUT -j limit-132 --A OUTPUT -j limit-131 --A OUTPUT -j limit-130 --A OUTPUT -j limit-129 --A OUTPUT -j limit-128 --A OUTPUT -j limit-127 --A OUTPUT -j limit-126 --A OUTPUT -j limit-125 --A OUTPUT -j limit-124 --A OUTPUT -j limit-123 --A OUTPUT -j limit-122 --A OUTPUT -j limit-121 --A OUTPUT -j limit-120 --A OUTPUT -j limit-119 --A OUTPUT -j limit-118 --A OUTPUT -j limit-117 --A OUTPUT -j limit-116 --A OUTPUT -j limit-115 --A OUTPUT -j limit-114 --A OUTPUT -j limit-113 --A OUTPUT -j limit-112 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -1332,9 +2338,111 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-106 -A OUTPUT -o eth1 -d fc00::/7 -j limit-107 -A OUTPUT -o eth1 -d fc00::/7 -j limit-108 --A OUTPUT -o eth1 -d fc00::/7 -j limit-109 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-50 -A OUTPUT -o eth1 -d fc00::/7 -j limit-110 -A OUTPUT -o eth1 -d fc00::/7 -j limit-111 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-112 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-54 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-114 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-115 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-116 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-117 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-118 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-119 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-120 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-62 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-122 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-123 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-124 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-66 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-126 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-127 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-128 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-129 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-130 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-131 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-132 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-133 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-134 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-135 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-136 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-137 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-138 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-140 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-141 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-142 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-144 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-145 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-146 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-147 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-148 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-149 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-150 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-152 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-153 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-154 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-156 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-157 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-158 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-159 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-160 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-161 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-162 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-163 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-164 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-165 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-166 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-167 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-168 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-170 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-171 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-172 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-174 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-175 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-176 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-177 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-178 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-179 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-180 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-182 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-183 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-184 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-186 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-187 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-188 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-189 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-190 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-191 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-192 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-193 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-194 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-195 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-196 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-197 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-198 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-199 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-200 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-201 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-202 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-203 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-204 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-205 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-206 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-207 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-208 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-209 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-210 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-211 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-212 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-213 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -1395,6 +2503,114 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-19 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-20 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-21 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-22 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-23 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-24 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-25 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-26 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-27 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-28 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-29 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-30 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-31 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-32 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-33 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-34 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-35 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-36 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-37 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -1459,13 +2675,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-109 +-A OUTPUT -j logdrop-199 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT --A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-110 +-A OUTPUT -j logaccept-14 +-A OUTPUT -j logdrop-200 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -1486,574 +2702,1153 @@ -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-100 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j ACCEPT --A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -j DROP --A limit-101 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN --A limit-101 -m limit --limit 1/second -j LOG --A limit-101 -j DROP --A limit-102 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j logaccept-1 --A limit-102 -m limit --limit 1/second -j LOG --A limit-102 -j DROP --A limit-103 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j ACCEPT --A limit-103 -m limit --limit 1/second -j LOG --A limit-103 -j DROP --A limit-104 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT --A limit-104 -j DROP --A limit-105 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN --A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-2 --A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT --A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT --A limit-108 -j DROP --A limit-109 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN --A limit-109 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-41 +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-42 +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-102 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-43 +-A limit-102 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-103 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-44 +-A limit-103 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-104 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-45 +-A limit-104 -m limit --limit 1/second -j LOG +-A limit-104 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-105 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-46 +-A limit-105 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-47 +-A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-48 +-A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-49 +-A limit-108 -j ACCEPT -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-110 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-3 --A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT --A limit-111 -j DROP --A limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-51 +-A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -j ACCEPT +-A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-52 +-A limit-111 -m limit --limit 1/second -j LOG +-A limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-53 +-A limit-112 -j ACCEPT +-A limit-114 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-55 +-A limit-114 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-115 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-56 +-A limit-115 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-116 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-57 +-A limit-116 -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-117 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-58 +-A limit-117 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-118 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-59 +-A limit-118 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-119 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-60 +-A limit-119 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 --A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 --A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-120 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-61 +-A limit-120 -j ACCEPT +-A limit-122 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-63 +-A limit-122 -m limit --limit 1/second -j LOG +-A limit-122 -j ACCEPT +-A limit-123 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-64 +-A limit-123 -m limit --limit 1/second -j LOG +-A limit-124 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-65 +-A limit-124 -j ACCEPT +-A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-128 -m recent --name limit-128 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-128 -m limit --limit 1/second -j LOG +-A limit-128 -m recent --name limit-128 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-129 -m recent --name limit-129 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-129 -m recent --name limit-129 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-55 --A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-56 --A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-57 --A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-58 --A limit-133 -m limit --limit 1/second -j LOG --A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-59 --A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-60 --A limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 --A limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 --A limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 --A limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 --A limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-130 -m recent --name limit-130 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-130 -m recent --name limit-130 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-131 -m recent --name limit-131 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-131 -m recent --name limit-131 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-134 -m limit --limit 1/second -j LOG +-A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-136 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-136 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-137 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-137 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-138 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-138 -j ACCEPT -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 --A limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 --A limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-142 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 --A limit-143 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 --A limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 --A limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 --A limit-145 -m limit --limit 1/second -j LOG --A limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 --A limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 --A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-140 -m limit --limit 1/second -j LOG +-A limit-140 -j ACCEPT +-A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-141 -m limit --limit 1/second -j LOG +-A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-142 -j ACCEPT +-A limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-146 -m limit --limit 1/second -j LOG +-A limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-148 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-148 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-149 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-149 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-150 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-150 -j ACCEPT +-A limit-152 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-152 -m limit --limit 1/second -j LOG +-A limit-152 -j ACCEPT +-A limit-153 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-153 -m limit --limit 1/second -j LOG +-A limit-154 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-154 -j ACCEPT +-A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-158 -m limit --limit 1/second -j LOG +-A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-160 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-161 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-163 -m limit --limit 1/second -j LOG --A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-164 -m limit --limit 1/second -j LOG +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-168 -j ACCEPT -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-172 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-173 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-175 -m limit --limit 1/second -j LOG --A limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-170 -m limit --limit 1/second -j LOG +-A limit-170 -j ACCEPT +-A limit-171 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-171 -m limit --limit 1/second -j LOG +-A limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-172 -j ACCEPT +-A limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-176 -m limit --limit 1/second -j LOG +-A limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-178 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-178 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-179 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-179 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-18 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19 -A limit-18 -j ACCEPT --A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-193 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-180 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-180 -j ACCEPT +-A limit-182 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-182 -m limit --limit 1/second -j LOG +-A limit-182 -j ACCEPT +-A limit-183 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-183 -m limit --limit 1/second -j LOG +-A limit-184 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-184 -j ACCEPT +-A limit-186 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-186 -j ACCEPT +-A limit-186 -m limit --limit 1/second -j LOG +-A limit-186 -j DROP +-A limit-187 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-187 -j RETURN +-A limit-187 -m limit --limit 1/second -j LOG +-A limit-187 -j DROP +-A limit-188 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-188 -j logaccept-0 +-A limit-188 -m limit --limit 1/second -j LOG +-A limit-188 -j DROP +-A limit-189 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-189 -j ACCEPT +-A limit-189 -m limit --limit 1/second -j LOG +-A limit-189 -j DROP +-A limit-190 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-190 -j ACCEPT +-A limit-190 -m limit --limit 1/second -j LOG +-A limit-190 -j DROP +-A limit-191 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-191 -j RETURN +-A limit-191 -m limit --limit 1/second -j LOG +-A limit-191 -j DROP +-A limit-192 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-192 -j logaccept-1 +-A limit-192 -m limit --limit 1/second -j LOG +-A limit-192 -j DROP +-A limit-193 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-193 -j ACCEPT -A limit-193 -m limit --limit 1/second -j LOG --A limit-194 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-195 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-193 -j DROP +-A limit-194 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-194 -j ACCEPT +-A limit-194 -j DROP +-A limit-195 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-195 -j RETURN +-A limit-195 -j DROP +-A limit-196 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-196 -j logaccept-2 +-A limit-196 -j DROP +-A limit-197 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-197 -j ACCEPT +-A limit-197 -j DROP +-A limit-198 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-198 -j ACCEPT +-A limit-198 -j DROP +-A limit-199 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-199 -j RETURN +-A limit-199 -j DROP -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-20 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG -A limit-20 -j ACCEPT --A limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-202 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-203 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-204 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-205 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-200 -j logaccept-3 +-A limit-200 -j DROP +-A limit-201 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-201 -j ACCEPT +-A limit-201 -j DROP +-A limit-202 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-202 -j ACCEPT +-A limit-202 -m limit --limit 1/second -j LOG +-A limit-202 -j DROP +-A limit-203 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-203 -j RETURN +-A limit-203 -m limit --limit 1/second -j LOG +-A limit-203 -j DROP +-A limit-204 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-204 -j logaccept-4 +-A limit-204 -m limit --limit 1/second -j LOG +-A limit-204 -j DROP +-A limit-205 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-205 -j ACCEPT -A limit-205 -m limit --limit 1/second -j LOG --A limit-206 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-207 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-208 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j RETURN --A limit-208 -m limit --limit 1/second -j LOG +-A limit-205 -j DROP +-A limit-206 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-206 -j ACCEPT +-A limit-206 -j DROP +-A limit-207 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-207 -j RETURN +-A limit-207 -j DROP +-A limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j logaccept-5 -A limit-208 -j DROP --A limit-209 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j RETURN --A limit-209 -m limit --limit 1/second -j LOG +-A limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j ACCEPT -A limit-209 -j DROP -A limit-21 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22 -A limit-21 -m limit --limit 1/second -j LOG --A limit-210 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j RETURN --A limit-210 -m limit --limit 1/second -j LOG +-A limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j ACCEPT -A limit-210 -j DROP --A limit-211 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN --A limit-211 -m limit --limit 1/second -j LOG +-A limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN -A limit-211 -j DROP --A limit-212 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j RETURN --A limit-212 -m limit --limit 1/second -j LOG +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j logaccept-6 -A limit-212 -j DROP --A limit-213 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN --A limit-213 -m limit --limit 1/second -j LOG +-A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j ACCEPT -A limit-213 -j DROP --A limit-214 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j RETURN --A limit-214 -m limit --limit 1/second -j LOG --A limit-214 -j DROP --A limit-215 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j RETURN --A limit-215 -m limit --limit 1/second -j LOG --A limit-215 -j DROP --A limit-216 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j RETURN --A limit-216 -j DROP --A limit-217 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN --A limit-217 -j DROP --A limit-218 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j RETURN --A limit-218 -j DROP --A limit-219 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j RETURN --A limit-219 -j DROP +-A limit-214 -m recent --name limit-214 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-214 -m recent --name limit-214 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-215 -m recent --name limit-215 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-68 +-A limit-215 -m recent --name limit-215 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-216 -m recent --name limit-216 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-216 -m recent --name limit-216 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-217 -m recent --name limit-217 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-217 -m recent --name limit-217 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-218 -m recent --name limit-218 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-218 -m recent --name limit-218 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-219 -m recent --name limit-219 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-72 +-A limit-219 -m recent --name limit-219 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-22 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23 -A limit-22 -j ACCEPT --A limit-220 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j RETURN --A limit-220 -j DROP --A limit-221 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN --A limit-221 -j DROP --A limit-222 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j RETURN --A limit-222 -j DROP --A limit-223 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j RETURN --A limit-223 -j DROP --A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 --A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-220 -m recent --name limit-220 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 +-A limit-220 -m recent --name limit-220 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-221 -m recent --name limit-221 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-221 -m recent --name limit-221 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-222 -m recent --name limit-222 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 +-A limit-222 -m recent --name limit-222 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-223 -m recent --name limit-223 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 +-A limit-223 -m recent --name limit-223 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 +-A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 -A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 --A limit-226 -m limit --limit 1/second -j LOG --A limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 --A limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 --A limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 --A limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 --A limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 --A limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 --A limit-232 -m limit --limit 1/second -j LOG --A limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 --A limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 --A limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 --A limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-85 --A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-86 --A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-87 --A limit-238 -m limit --limit 1/second -j LOG --A limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-88 --A limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-226 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 +-A limit-226 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-227 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 +-A limit-227 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-228 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 +-A limit-228 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-229 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 +-A limit-229 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-230 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 +-A limit-230 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-231 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 +-A limit-231 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-232 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-85 +-A limit-233 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-86 +-A limit-234 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-87 +-A limit-235 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-88 +-A limit-235 -m limit --limit 1/second -j LOG +-A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-89 +-A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-90 +-A limit-238 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-91 +-A limit-238 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-239 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-92 +-A limit-239 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 -A limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-89 --A limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-90 --A limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-242 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-91 --A limit-242 -j ACCEPT --A limit-244 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-93 --A limit-244 -m limit --limit 1/second -j LOG --A limit-244 -j ACCEPT --A limit-245 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-94 --A limit-245 -m limit --limit 1/second -j LOG --A limit-246 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-95 --A limit-246 -j ACCEPT --A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-97 --A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-98 --A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-240 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-93 +-A limit-240 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-241 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-94 +-A limit-241 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-242 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-95 +-A limit-242 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-243 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-96 +-A limit-243 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-244 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-97 +-A limit-245 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-98 +-A limit-246 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-99 +-A limit-247 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-100 +-A limit-247 -m limit --limit 1/second -j LOG +-A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-101 +-A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-102 -A limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 -A limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-99 --A limit-250 -m limit --limit 1/second -j LOG --A limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-100 --A limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-101 --A limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-102 --A limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-254 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-103 --A limit-254 -j ACCEPT --A limit-256 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-105 --A limit-256 -m limit --limit 1/second -j LOG --A limit-256 -j ACCEPT --A limit-257 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-106 --A limit-257 -m limit --limit 1/second -j LOG --A limit-258 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-107 --A limit-258 -j ACCEPT +-A limit-250 -m recent --name limit-250 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-250 -m recent --name limit-250 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-251 -m recent --name limit-251 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-251 -m recent --name limit-251 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-252 -m recent --name limit-252 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-252 -m recent --name limit-252 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-253 -m recent --name limit-253 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-253 -m recent --name limit-253 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-254 -m recent --name limit-254 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-254 -m recent --name limit-254 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-255 -m recent --name limit-255 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-255 -m recent --name limit-255 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-256 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-256 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-257 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-257 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-258 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-258 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-259 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-259 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-26 -m limit --limit 1/second -j LOG -A limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-262 -m limit --limit 1/second -j LOG --A limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-268 -m limit --limit 1/second -j LOG --A limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-260 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-260 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-261 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-261 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-262 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-263 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-264 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m limit --limit 1/second -j LOG +-A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-269 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-269 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 -A limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-272 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-272 -j ACCEPT --A limit-274 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-274 -m limit --limit 1/second -j LOG --A limit-274 -j ACCEPT --A limit-275 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-275 -m limit --limit 1/second -j LOG --A limit-276 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-276 -j ACCEPT --A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-270 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-270 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-271 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-271 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-272 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-272 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-273 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-273 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-274 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-275 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-276 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-277 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-277 -m limit --limit 1/second -j LOG +-A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 -A limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-280 -m limit --limit 1/second -j LOG --A limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-284 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-284 -j ACCEPT --A limit-286 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-286 -m limit --limit 1/second -j LOG --A limit-286 -j ACCEPT --A limit-287 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-287 -m limit --limit 1/second -j LOG --A limit-288 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-288 -j ACCEPT +-A limit-280 -m recent --name limit-280 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-280 -m recent --name limit-280 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-281 -m recent --name limit-281 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-281 -m recent --name limit-281 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-282 -m recent --name limit-282 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-282 -m recent --name limit-282 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-283 -m recent --name limit-283 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-283 -m recent --name limit-283 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-284 -m recent --name limit-284 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-284 -m recent --name limit-284 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-285 -m recent --name limit-285 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-285 -m recent --name limit-285 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-286 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-286 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-287 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-287 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-288 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-288 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-289 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-289 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 -A limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-292 -m limit --limit 1/second -j LOG --A limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-298 -m limit --limit 1/second -j LOG --A limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-290 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-290 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-291 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-291 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-292 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-293 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-294 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m limit --limit 1/second -j LOG +-A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-299 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-299 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-30 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-31 -A limit-30 -j ACCEPT --A limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-302 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-302 -j ACCEPT --A limit-304 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-304 -m limit --limit 1/second -j LOG --A limit-304 -j ACCEPT --A limit-305 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-305 -m limit --limit 1/second -j LOG --A limit-306 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-306 -j ACCEPT --A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-310 -m limit --limit 1/second -j LOG --A limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-314 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-314 -j ACCEPT --A limit-316 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-316 -m limit --limit 1/second -j LOG --A limit-316 -j ACCEPT --A limit-317 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-317 -m limit --limit 1/second -j LOG --A limit-318 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-318 -j ACCEPT +-A limit-300 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-300 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-301 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-301 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-302 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-302 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-303 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-303 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-304 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-305 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-306 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-307 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-307 -m limit --limit 1/second -j LOG +-A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-310 -m recent --name limit-310 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-103 +-A limit-310 -m recent --name limit-310 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-311 -m recent --name limit-311 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-104 +-A limit-311 -m recent --name limit-311 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-312 -m recent --name limit-312 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-105 +-A limit-312 -m recent --name limit-312 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-313 -m recent --name limit-313 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-106 +-A limit-313 -m recent --name limit-313 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-314 -m recent --name limit-314 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-107 +-A limit-314 -m recent --name limit-314 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-315 -m recent --name limit-315 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-108 +-A limit-315 -m recent --name limit-315 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-316 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-109 +-A limit-316 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-317 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-110 +-A limit-317 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-318 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-111 +-A limit-318 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-319 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-112 +-A limit-319 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-32 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-33 -A limit-32 -m limit --limit 1/second -j LOG -A limit-32 -j ACCEPT --A limit-320 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-320 -j ACCEPT --A limit-320 -m limit --limit 1/second -j LOG --A limit-320 -j DROP --A limit-321 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-321 -j RETURN --A limit-321 -m limit --limit 1/second -j LOG --A limit-321 -j DROP --A limit-322 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-322 -j logaccept-4 --A limit-322 -m limit --limit 1/second -j LOG --A limit-322 -j DROP --A limit-323 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-323 -j ACCEPT --A limit-323 -m limit --limit 1/second -j LOG --A limit-323 -j DROP --A limit-324 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-324 -j ACCEPT --A limit-324 -m limit --limit 1/second -j LOG --A limit-324 -j DROP --A limit-325 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-325 -j RETURN +-A limit-320 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-113 +-A limit-320 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-321 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-114 +-A limit-321 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-322 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-115 +-A limit-323 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-116 +-A limit-324 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-117 +-A limit-325 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-118 -A limit-325 -m limit --limit 1/second -j LOG --A limit-325 -j DROP --A limit-326 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-326 -j logaccept-5 --A limit-326 -m limit --limit 1/second -j LOG --A limit-326 -j DROP --A limit-327 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-327 -j ACCEPT --A limit-327 -m limit --limit 1/second -j LOG --A limit-327 -j DROP --A limit-328 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-328 -j ACCEPT --A limit-328 -j DROP --A limit-329 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-329 -j RETURN --A limit-329 -j DROP +-A limit-326 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-119 +-A limit-327 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-120 +-A limit-328 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-121 +-A limit-328 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-329 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-122 +-A limit-329 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-33 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-34 -A limit-33 -m limit --limit 1/second -j LOG --A limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-330 -j logaccept-6 --A limit-330 -j DROP --A limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-331 -j ACCEPT --A limit-331 -j DROP --A limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-332 -j ACCEPT --A limit-332 -j DROP --A limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-333 -j RETURN --A limit-333 -j DROP --A limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-334 -j logaccept-7 --A limit-334 -j DROP --A limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-335 -j ACCEPT --A limit-335 -j DROP +-A limit-330 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-123 +-A limit-330 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-331 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-124 +-A limit-331 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-332 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-125 +-A limit-332 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-333 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-126 +-A limit-333 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-334 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-127 +-A limit-335 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-128 +-A limit-336 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-129 +-A limit-337 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-130 +-A limit-337 -m limit --limit 1/second -j LOG +-A limit-338 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-131 +-A limit-339 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-132 -A limit-34 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-35 -A limit-34 -j ACCEPT +-A limit-340 -m recent --name limit-340 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-340 -m recent --name limit-340 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-341 -m recent --name limit-341 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-341 -m recent --name limit-341 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-342 -m recent --name limit-342 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-342 -m recent --name limit-342 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-343 -m recent --name limit-343 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-343 -m recent --name limit-343 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-344 -m recent --name limit-344 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-344 -m recent --name limit-344 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-345 -m recent --name limit-345 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-345 -m recent --name limit-345 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-346 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-346 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-347 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-347 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-348 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-348 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-349 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-349 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-350 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-350 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-351 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-351 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-352 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-353 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-354 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-355 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-355 -m limit --limit 1/second -j LOG +-A limit-356 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-357 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-358 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-358 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-359 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-359 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-360 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-360 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-361 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-361 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-362 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-362 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-363 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-363 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-364 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-365 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-366 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-367 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-367 -m limit --limit 1/second -j LOG +-A limit-368 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-369 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP -A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-370 -m recent --name limit-370 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-370 -m recent --name limit-370 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-371 -m recent --name limit-371 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-371 -m recent --name limit-371 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-372 -m recent --name limit-372 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-372 -m recent --name limit-372 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-373 -m recent --name limit-373 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-373 -m recent --name limit-373 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-374 -m recent --name limit-374 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-374 -m recent --name limit-374 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-375 -m recent --name limit-375 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-375 -m recent --name limit-375 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-376 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-376 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-377 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-377 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-378 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-378 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-379 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-379 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG -A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-380 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-380 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-381 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-381 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-382 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-383 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-384 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-385 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-385 -m limit --limit 1/second -j LOG +-A limit-386 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-387 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-388 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-388 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-389 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-389 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-390 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-390 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-391 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-391 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-392 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-392 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-393 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-393 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-394 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-395 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-396 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-397 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-397 -m limit --limit 1/second -j LOG +-A limit-398 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-399 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-400 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-400 -j RETURN +-A limit-400 -m limit --limit 1/second -j LOG +-A limit-400 -j DROP +-A limit-401 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-401 -j RETURN +-A limit-401 -m limit --limit 1/second -j LOG +-A limit-401 -j DROP +-A limit-402 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-402 -j RETURN +-A limit-402 -m limit --limit 1/second -j LOG +-A limit-402 -j DROP +-A limit-403 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-403 -j RETURN +-A limit-403 -m limit --limit 1/second -j LOG +-A limit-403 -j DROP +-A limit-404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-404 -j RETURN +-A limit-404 -m limit --limit 1/second -j LOG +-A limit-404 -j DROP +-A limit-405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-405 -j RETURN +-A limit-405 -m limit --limit 1/second -j LOG +-A limit-405 -j DROP +-A limit-406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-406 -j RETURN +-A limit-406 -m limit --limit 1/second -j LOG +-A limit-406 -j DROP +-A limit-407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-407 -j RETURN +-A limit-407 -m limit --limit 1/second -j LOG +-A limit-407 -j DROP +-A limit-408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-408 -j RETURN +-A limit-408 -j DROP +-A limit-409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-409 -j RETURN +-A limit-409 -j DROP -A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-410 -j RETURN +-A limit-410 -j DROP +-A limit-411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-411 -j RETURN +-A limit-411 -j DROP +-A limit-412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-412 -j RETURN +-A limit-412 -j DROP +-A limit-413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-413 -j RETURN +-A limit-413 -j DROP +-A limit-414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-414 -j RETURN +-A limit-414 -j DROP +-A limit-415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-415 -j RETURN +-A limit-415 -j DROP +-A limit-416 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-416 -j RETURN +-A limit-416 -m limit --limit 1/second -j LOG +-A limit-416 -j DROP +-A limit-417 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-417 -j RETURN +-A limit-417 -m limit --limit 1/second -j LOG +-A limit-417 -j DROP +-A limit-418 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-418 -j RETURN +-A limit-418 -m limit --limit 1/second -j LOG +-A limit-418 -j DROP +-A limit-419 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-419 -j RETURN +-A limit-419 -m limit --limit 1/second -j LOG +-A limit-419 -j DROP -A limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-420 -j RETURN +-A limit-420 -j DROP +-A limit-421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-421 -j RETURN +-A limit-421 -j DROP +-A limit-422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-422 -j RETURN +-A limit-422 -j DROP +-A limit-423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-423 -j RETURN +-A limit-423 -j DROP +-A limit-424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-424 -j RETURN +-A limit-424 -j DROP +-A limit-425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-425 -j RETURN +-A limit-425 -j DROP +-A limit-426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-426 -j RETURN +-A limit-426 -j DROP +-A limit-427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-427 -j RETURN +-A limit-427 -j DROP +-A limit-428 -m recent --name limit-428 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-133 +-A limit-428 -m recent --name limit-428 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-429 -m recent --name limit-429 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-134 +-A limit-429 -m recent --name limit-429 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-430 -m recent --name limit-430 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-135 +-A limit-430 -m limit --limit 1/second -j LOG +-A limit-430 -m recent --name limit-430 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-431 -m recent --name limit-431 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-136 +-A limit-431 -m recent --name limit-431 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-432 -m recent --name limit-432 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-137 +-A limit-432 -m recent --name limit-432 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-433 -m recent --name limit-433 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-138 +-A limit-433 -m recent --name limit-433 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-434 -m recent --name limit-434 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-139 +-A limit-434 -m recent --name limit-434 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-435 -m recent --name limit-435 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-140 +-A limit-435 -m recent --name limit-435 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-436 -m recent --name limit-436 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-141 +-A limit-436 -m limit --limit 1/second -j LOG +-A limit-436 -m recent --name limit-436 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-437 -m recent --name limit-437 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-142 +-A limit-437 -m recent --name limit-437 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-438 -m recent --name limit-438 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-143 +-A limit-438 -m recent --name limit-438 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-439 -m recent --name limit-439 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-144 +-A limit-439 -m recent --name limit-439 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG -A limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-440 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-145 +-A limit-440 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-441 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-146 +-A limit-441 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-442 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-147 +-A limit-442 -m limit --limit 1/second -j LOG +-A limit-442 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-443 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-148 +-A limit-443 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-444 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-149 +-A limit-444 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-445 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-150 +-A limit-445 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-446 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-151 +-A limit-446 -j ACCEPT +-A limit-448 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-153 +-A limit-448 -m limit --limit 1/second -j LOG +-A limit-448 -j ACCEPT +-A limit-449 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-154 +-A limit-449 -m limit --limit 1/second -j LOG -A limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-450 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-155 +-A limit-450 -j ACCEPT +-A limit-452 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-157 +-A limit-452 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-453 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-158 +-A limit-453 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-454 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-159 +-A limit-454 -m limit --limit 1/second -j LOG +-A limit-454 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-455 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-160 +-A limit-455 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-456 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-161 +-A limit-456 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-457 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-162 +-A limit-457 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-458 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-163 +-A limit-458 -j ACCEPT -A limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-460 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-165 +-A limit-460 -m limit --limit 1/second -j LOG +-A limit-460 -j ACCEPT +-A limit-461 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-166 +-A limit-461 -m limit --limit 1/second -j LOG +-A limit-462 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-167 +-A limit-462 -j ACCEPT +-A limit-464 -m recent --name limit-464 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-464 -m recent --name limit-464 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-465 -m recent --name limit-465 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-465 -m recent --name limit-465 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-466 -m recent --name limit-466 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-466 -m limit --limit 1/second -j LOG +-A limit-466 -m recent --name limit-466 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-467 -m recent --name limit-467 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-467 -m recent --name limit-467 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-468 -m recent --name limit-468 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-468 -m recent --name limit-468 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-469 -m recent --name limit-469 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-469 -m recent --name limit-469 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-470 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-470 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-471 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-471 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-472 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-472 -m limit --limit 1/second -j LOG +-A limit-472 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-473 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-473 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-474 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-474 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-475 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-475 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-476 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-476 -j ACCEPT +-A limit-478 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-478 -m limit --limit 1/second -j LOG +-A limit-478 -j ACCEPT +-A limit-479 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-479 -m limit --limit 1/second -j LOG -A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-48 -j ACCEPT +-A limit-480 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-480 -j ACCEPT +-A limit-482 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-482 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-483 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-483 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-484 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-484 -m limit --limit 1/second -j LOG +-A limit-484 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-485 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-485 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-486 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-486 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-487 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-487 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-488 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-488 -j ACCEPT +-A limit-490 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-490 -m limit --limit 1/second -j LOG +-A limit-490 -j ACCEPT +-A limit-491 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-491 -m limit --limit 1/second -j LOG +-A limit-492 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-492 -j ACCEPT +-A limit-494 -m recent --name limit-494 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-494 -m recent --name limit-494 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-495 -m recent --name limit-495 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-495 -m recent --name limit-495 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-496 -m recent --name limit-496 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-496 -m limit --limit 1/second -j LOG +-A limit-496 -m recent --name limit-496 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-497 -m recent --name limit-497 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-497 -m recent --name limit-497 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-498 -m recent --name limit-498 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-498 -m recent --name limit-498 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-499 -m recent --name limit-499 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-499 -m recent --name limit-499 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-50 -m limit --limit 1/second -j LOG -A limit-50 -j ACCEPT +-A limit-500 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-500 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-501 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-501 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-502 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-502 -m limit --limit 1/second -j LOG +-A limit-502 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-503 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-503 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-504 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-504 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-505 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-505 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-506 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-506 -j ACCEPT +-A limit-508 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-508 -m limit --limit 1/second -j LOG +-A limit-508 -j ACCEPT +-A limit-509 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-509 -m limit --limit 1/second -j LOG -A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-51 -m limit --limit 1/second -j LOG +-A limit-510 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-510 -j ACCEPT +-A limit-512 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-512 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-513 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-513 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-514 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-514 -m limit --limit 1/second -j LOG +-A limit-514 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-515 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-515 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-516 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-516 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-517 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-517 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-518 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-518 -j ACCEPT -A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-52 -j ACCEPT +-A limit-520 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-520 -m limit --limit 1/second -j LOG +-A limit-520 -j ACCEPT +-A limit-521 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-521 -m limit --limit 1/second -j LOG +-A limit-522 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-522 -j ACCEPT +-A limit-524 -m recent --name limit-524 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-169 +-A limit-524 -m recent --name limit-524 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-525 -m recent --name limit-525 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-170 +-A limit-525 -m recent --name limit-525 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-171 +-A limit-526 -m limit --limit 1/second -j LOG +-A limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-172 +-A limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-173 +-A limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-174 +-A limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-530 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-175 +-A limit-530 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-531 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-176 +-A limit-531 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-532 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-177 +-A limit-532 -m limit --limit 1/second -j LOG +-A limit-532 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-533 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-178 +-A limit-533 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-534 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-179 +-A limit-534 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-535 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-180 +-A limit-535 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-536 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-181 +-A limit-536 -j ACCEPT +-A limit-538 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-183 +-A limit-538 -m limit --limit 1/second -j LOG +-A limit-538 -j ACCEPT +-A limit-539 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-184 +-A limit-539 -m limit --limit 1/second -j LOG -A limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-540 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-185 +-A limit-540 -j ACCEPT +-A limit-542 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-187 +-A limit-542 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-543 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-188 +-A limit-543 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-544 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-189 +-A limit-544 -m limit --limit 1/second -j LOG +-A limit-544 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-545 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-190 +-A limit-545 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-546 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-191 +-A limit-546 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-547 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-192 +-A limit-547 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-548 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-193 +-A limit-548 -j ACCEPT -A limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-550 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-195 +-A limit-550 -m limit --limit 1/second -j LOG +-A limit-550 -j ACCEPT +-A limit-551 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-196 +-A limit-551 -m limit --limit 1/second -j LOG +-A limit-552 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-197 +-A limit-552 -j ACCEPT +-A limit-554 -m recent --name limit-554 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-554 -m recent --name limit-554 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-555 -m recent --name limit-555 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-555 -m recent --name limit-555 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-556 -m recent --name limit-556 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-556 -m limit --limit 1/second -j LOG +-A limit-556 -m recent --name limit-556 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-557 -m recent --name limit-557 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-557 -m recent --name limit-557 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-558 -m recent --name limit-558 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-558 -m recent --name limit-558 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-559 -m recent --name limit-559 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-559 -m recent --name limit-559 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-56 -m limit --limit 1/second -j LOG -A limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-560 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-560 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-561 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-561 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-562 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-562 -m limit --limit 1/second -j LOG +-A limit-562 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-563 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-563 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-564 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-564 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-565 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-565 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-566 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-566 -j ACCEPT +-A limit-568 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-568 -m limit --limit 1/second -j LOG +-A limit-568 -j ACCEPT +-A limit-569 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-569 -m limit --limit 1/second -j LOG -A limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-570 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-570 -j ACCEPT +-A limit-572 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-572 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-573 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-573 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-574 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-574 -m limit --limit 1/second -j LOG +-A limit-574 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-575 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-575 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-576 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-576 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-577 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-577 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-578 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-578 -j ACCEPT -A limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-580 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-580 -m limit --limit 1/second -j LOG +-A limit-580 -j ACCEPT +-A limit-581 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-581 -m limit --limit 1/second -j LOG +-A limit-582 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-582 -j ACCEPT +-A limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-586 -m recent --name limit-586 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-586 -m limit --limit 1/second -j LOG +-A limit-586 -m recent --name limit-586 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-587 -m recent --name limit-587 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-587 -m recent --name limit-587 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-588 -m recent --name limit-588 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-588 -m recent --name limit-588 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-589 -m recent --name limit-589 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-589 -m recent --name limit-589 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-590 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-590 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-591 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-591 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-592 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-592 -m limit --limit 1/second -j LOG +-A limit-592 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-593 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-593 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-594 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-594 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-595 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-595 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-596 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-596 -j ACCEPT +-A limit-598 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-598 -m limit --limit 1/second -j LOG +-A limit-598 -j ACCEPT +-A limit-599 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-599 -m limit --limit 1/second -j LOG -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-60 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-60 -j ACCEPT +-A limit-600 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-600 -j ACCEPT +-A limit-602 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-602 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-603 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-603 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-604 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-604 -m limit --limit 1/second -j LOG +-A limit-604 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-605 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-605 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-606 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-606 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-607 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP +-A limit-607 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-608 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-608 -j ACCEPT +-A limit-610 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-610 -m limit --limit 1/second -j LOG +-A limit-610 -j ACCEPT +-A limit-611 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-611 -m limit --limit 1/second -j LOG +-A limit-612 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP +-A limit-612 -j ACCEPT +-A limit-614 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-614 -j ACCEPT +-A limit-614 -m limit --limit 1/second -j LOG +-A limit-614 -j DROP +-A limit-615 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-615 -j RETURN +-A limit-615 -m limit --limit 1/second -j LOG +-A limit-615 -j DROP +-A limit-616 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-616 -j logaccept-7 +-A limit-616 -m limit --limit 1/second -j LOG +-A limit-616 -j DROP +-A limit-617 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-617 -j ACCEPT +-A limit-617 -m limit --limit 1/second -j LOG +-A limit-617 -j DROP +-A limit-618 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-618 -j ACCEPT +-A limit-618 -m limit --limit 1/second -j LOG +-A limit-618 -j DROP +-A limit-619 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-619 -j RETURN +-A limit-619 -m limit --limit 1/second -j LOG +-A limit-619 -j DROP -A limit-62 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-62 -m limit --limit 1/second -j LOG -A limit-62 -j ACCEPT +-A limit-620 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-620 -j logaccept-8 +-A limit-620 -m limit --limit 1/second -j LOG +-A limit-620 -j DROP +-A limit-621 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-621 -j ACCEPT +-A limit-621 -m limit --limit 1/second -j LOG +-A limit-621 -j DROP +-A limit-622 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-622 -j ACCEPT +-A limit-622 -j DROP +-A limit-623 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-623 -j RETURN +-A limit-623 -j DROP +-A limit-624 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-624 -j logaccept-9 +-A limit-624 -j DROP +-A limit-625 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-625 -j ACCEPT +-A limit-625 -j DROP +-A limit-626 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-626 -j ACCEPT +-A limit-626 -j DROP +-A limit-627 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-627 -j RETURN +-A limit-627 -j DROP +-A limit-628 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-628 -j logaccept-10 +-A limit-628 -j DROP +-A limit-629 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-629 -j ACCEPT +-A limit-629 -j DROP -A limit-63 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-63 -m limit --limit 1/second -j LOG +-A limit-630 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-630 -j ACCEPT +-A limit-630 -m limit --limit 1/second -j LOG +-A limit-630 -j DROP +-A limit-631 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-631 -j RETURN +-A limit-631 -m limit --limit 1/second -j LOG +-A limit-631 -j DROP +-A limit-632 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-632 -j logaccept-11 +-A limit-632 -m limit --limit 1/second -j LOG +-A limit-632 -j DROP +-A limit-633 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-633 -j ACCEPT +-A limit-633 -m limit --limit 1/second -j LOG +-A limit-633 -j DROP +-A limit-634 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-634 -j ACCEPT +-A limit-634 -j DROP +-A limit-635 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-635 -j RETURN +-A limit-635 -j DROP +-A limit-636 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-636 -j logaccept-12 +-A limit-636 -j DROP +-A limit-637 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-637 -j ACCEPT +-A limit-637 -j DROP +-A limit-638 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-638 -j ACCEPT +-A limit-638 -j DROP +-A limit-639 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-639 -j RETURN +-A limit-639 -j DROP -A limit-64 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-64 -j ACCEPT +-A limit-640 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-640 -j logaccept-13 +-A limit-640 -j DROP +-A limit-641 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-641 -j ACCEPT +-A limit-641 -j DROP -A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP @@ -2118,22 +3913,29 @@ -A limit-93 -m limit --limit 1/second -j LOG -A limit-94 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-94 -j ACCEPT --A limit-96 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-96 -j ACCEPT --A limit-96 -m limit --limit 1/second -j LOG --A limit-96 -j DROP --A limit-97 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-97 -j RETURN --A limit-97 -m limit --limit 1/second -j LOG --A limit-97 -j DROP --A limit-98 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-98 -j logaccept-0 +-A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-37 +-A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-38 +-A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-39 -A limit-98 -m limit --limit 1/second -j LOG --A limit-98 -j DROP --A limit-99 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-99 -j ACCEPT --A limit-99 -m limit --limit 1/second -j LOG --A limit-99 -j DROP +-A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-40 +-A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG -A logaccept-1 -j ACCEPT +-A logaccept-10 -m limit --limit 1/second -j LOG +-A logaccept-10 -j ACCEPT +-A logaccept-11 -m limit --limit 1/second -j LOG +-A logaccept-11 -j ACCEPT +-A logaccept-12 -m limit --limit 1/second -j LOG +-A logaccept-12 -j ACCEPT +-A logaccept-13 -m limit --limit 1/second -j LOG +-A logaccept-13 -j ACCEPT +-A logaccept-14 -m limit --limit 1/second -j LOG +-A logaccept-14 -j ACCEPT -A logaccept-2 -m limit --limit 1/second -j LOG -A logaccept-2 -j ACCEPT -A logaccept-3 -m limit --limit 1/second -j LOG @@ -2148,6 +3950,8 @@ -A logaccept-7 -j ACCEPT -A logaccept-8 -m limit --limit 1/second -j LOG -A logaccept-8 -j ACCEPT +-A logaccept-9 -m limit --limit 1/second -j LOG +-A logaccept-9 -j ACCEPT -A logaccept-final-0 -m limit --limit 1/second -j LOG -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG @@ -2174,8 +3978,44 @@ -A logaccept-final-19 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT +-A logaccept-final-20 -m limit --limit 1/second -j LOG +-A logaccept-final-20 -j ACCEPT +-A logaccept-final-21 -m limit --limit 1/second -j LOG +-A logaccept-final-21 -j ACCEPT +-A logaccept-final-22 -m limit --limit 1/second -j LOG +-A logaccept-final-22 -j ACCEPT +-A logaccept-final-23 -m limit --limit 1/second -j LOG +-A logaccept-final-23 -j ACCEPT +-A logaccept-final-24 -m limit --limit 1/second -j LOG +-A logaccept-final-24 -j ACCEPT +-A logaccept-final-25 -m limit --limit 1/second -j LOG +-A logaccept-final-25 -j ACCEPT +-A logaccept-final-26 -m limit --limit 1/second -j LOG +-A logaccept-final-26 -j ACCEPT +-A logaccept-final-27 -m limit --limit 1/second -j LOG +-A logaccept-final-27 -j ACCEPT +-A logaccept-final-28 -m limit --limit 1/second -j LOG +-A logaccept-final-28 -j ACCEPT +-A logaccept-final-29 -m limit --limit 1/second -j LOG +-A logaccept-final-29 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG -A logaccept-final-3 -j ACCEPT +-A logaccept-final-30 -m limit --limit 1/second -j LOG +-A logaccept-final-30 -j ACCEPT +-A logaccept-final-31 -m limit --limit 1/second -j LOG +-A logaccept-final-31 -j ACCEPT +-A logaccept-final-32 -m limit --limit 1/second -j LOG +-A logaccept-final-32 -j ACCEPT +-A logaccept-final-33 -m limit --limit 1/second -j LOG +-A logaccept-final-33 -j ACCEPT +-A logaccept-final-34 -m limit --limit 1/second -j LOG +-A logaccept-final-34 -j ACCEPT +-A logaccept-final-35 -m limit --limit 1/second -j LOG +-A logaccept-final-35 -j ACCEPT +-A logaccept-final-36 -m limit --limit 1/second -j LOG +-A logaccept-final-36 -j ACCEPT +-A logaccept-final-37 -m limit --limit 1/second -j LOG +-A logaccept-final-37 -j ACCEPT -A logaccept-final-4 -m limit --limit 1/second -j LOG -A logaccept-final-4 -j ACCEPT -A logaccept-final-5 -m limit --limit 1/second -j LOG @@ -2202,36 +4042,204 @@ -A logdrop-102 -j DROP -A logdrop-103 -m limit --limit 1/second -j LOG -A logdrop-103 -j DROP +-A logdrop-104 -m limit --limit 1/second -j LOG +-A logdrop-104 -j DROP -A logdrop-105 -m limit --limit 1/second -j LOG -A logdrop-105 -j DROP -A logdrop-106 -m limit --limit 1/second -j LOG -A logdrop-106 -j DROP -A logdrop-107 -m limit --limit 1/second -j LOG -A logdrop-107 -j DROP +-A logdrop-108 -m limit --limit 1/second -j LOG +-A logdrop-108 -j DROP -A logdrop-109 -m limit --limit 1/second -j LOG -A logdrop-109 -j DROP -A logdrop-11 -m limit --limit 1/second -j LOG -A logdrop-11 -j DROP -A logdrop-110 -m limit --limit 1/second -j LOG -A logdrop-110 -j DROP +-A logdrop-111 -m limit --limit 1/second -j LOG +-A logdrop-111 -j DROP +-A logdrop-112 -m limit --limit 1/second -j LOG +-A logdrop-112 -j DROP +-A logdrop-113 -m limit --limit 1/second -j LOG +-A logdrop-113 -j DROP +-A logdrop-114 -m limit --limit 1/second -j LOG +-A logdrop-114 -j DROP +-A logdrop-115 -m limit --limit 1/second -j LOG +-A logdrop-115 -j DROP +-A logdrop-116 -m limit --limit 1/second -j LOG +-A logdrop-116 -j DROP +-A logdrop-117 -m limit --limit 1/second -j LOG +-A logdrop-117 -j DROP +-A logdrop-118 -m limit --limit 1/second -j LOG +-A logdrop-118 -j DROP +-A logdrop-119 -m limit --limit 1/second -j LOG +-A logdrop-119 -j DROP -A logdrop-12 -m limit --limit 1/second -j LOG -A logdrop-12 -j DROP +-A logdrop-120 -m limit --limit 1/second -j LOG +-A logdrop-120 -j DROP +-A logdrop-121 -m limit --limit 1/second -j LOG +-A logdrop-121 -j DROP +-A logdrop-122 -m limit --limit 1/second -j LOG +-A logdrop-122 -j DROP +-A logdrop-123 -m limit --limit 1/second -j LOG +-A logdrop-123 -j DROP +-A logdrop-124 -m limit --limit 1/second -j LOG +-A logdrop-124 -j DROP +-A logdrop-125 -m limit --limit 1/second -j LOG +-A logdrop-125 -j DROP +-A logdrop-126 -m limit --limit 1/second -j LOG +-A logdrop-126 -j DROP +-A logdrop-127 -m limit --limit 1/second -j LOG +-A logdrop-127 -j DROP +-A logdrop-128 -m limit --limit 1/second -j LOG +-A logdrop-128 -j DROP +-A logdrop-129 -m limit --limit 1/second -j LOG +-A logdrop-129 -j DROP -A logdrop-13 -m limit --limit 1/second -j LOG -A logdrop-13 -j DROP +-A logdrop-130 -m limit --limit 1/second -j LOG +-A logdrop-130 -j DROP +-A logdrop-131 -m limit --limit 1/second -j LOG +-A logdrop-131 -j DROP +-A logdrop-132 -m limit --limit 1/second -j LOG +-A logdrop-132 -j DROP +-A logdrop-133 -m limit --limit 1/second -j LOG +-A logdrop-133 -j DROP +-A logdrop-134 -m limit --limit 1/second -j LOG +-A logdrop-134 -j DROP +-A logdrop-135 -m limit --limit 1/second -j LOG +-A logdrop-135 -j DROP +-A logdrop-136 -m limit --limit 1/second -j LOG +-A logdrop-136 -j DROP +-A logdrop-137 -m limit --limit 1/second -j LOG +-A logdrop-137 -j DROP +-A logdrop-138 -m limit --limit 1/second -j LOG +-A logdrop-138 -j DROP +-A logdrop-139 -m limit --limit 1/second -j LOG +-A logdrop-139 -j DROP -A logdrop-14 -m limit --limit 1/second -j LOG -A logdrop-14 -j DROP +-A logdrop-140 -m limit --limit 1/second -j LOG +-A logdrop-140 -j DROP +-A logdrop-141 -m limit --limit 1/second -j LOG +-A logdrop-141 -j DROP +-A logdrop-142 -m limit --limit 1/second -j LOG +-A logdrop-142 -j DROP +-A logdrop-143 -m limit --limit 1/second -j LOG +-A logdrop-143 -j DROP +-A logdrop-144 -m limit --limit 1/second -j LOG +-A logdrop-144 -j DROP +-A logdrop-145 -m limit --limit 1/second -j LOG +-A logdrop-145 -j DROP +-A logdrop-146 -m limit --limit 1/second -j LOG +-A logdrop-146 -j DROP +-A logdrop-147 -m limit --limit 1/second -j LOG +-A logdrop-147 -j DROP +-A logdrop-148 -m limit --limit 1/second -j LOG +-A logdrop-148 -j DROP +-A logdrop-149 -m limit --limit 1/second -j LOG +-A logdrop-149 -j DROP -A logdrop-15 -m limit --limit 1/second -j LOG -A logdrop-15 -j DROP +-A logdrop-150 -m limit --limit 1/second -j LOG +-A logdrop-150 -j DROP +-A logdrop-151 -m limit --limit 1/second -j LOG +-A logdrop-151 -j DROP +-A logdrop-153 -m limit --limit 1/second -j LOG +-A logdrop-153 -j DROP +-A logdrop-154 -m limit --limit 1/second -j LOG +-A logdrop-154 -j DROP +-A logdrop-155 -m limit --limit 1/second -j LOG +-A logdrop-155 -j DROP +-A logdrop-157 -m limit --limit 1/second -j LOG +-A logdrop-157 -j DROP +-A logdrop-158 -m limit --limit 1/second -j LOG +-A logdrop-158 -j DROP +-A logdrop-159 -m limit --limit 1/second -j LOG +-A logdrop-159 -j DROP -A logdrop-16 -m limit --limit 1/second -j LOG -A logdrop-16 -j DROP +-A logdrop-160 -m limit --limit 1/second -j LOG +-A logdrop-160 -j DROP +-A logdrop-161 -m limit --limit 1/second -j LOG +-A logdrop-161 -j DROP +-A logdrop-162 -m limit --limit 1/second -j LOG +-A logdrop-162 -j DROP +-A logdrop-163 -m limit --limit 1/second -j LOG +-A logdrop-163 -j DROP +-A logdrop-165 -m limit --limit 1/second -j LOG +-A logdrop-165 -j DROP +-A logdrop-166 -m limit --limit 1/second -j LOG +-A logdrop-166 -j DROP +-A logdrop-167 -m limit --limit 1/second -j LOG +-A logdrop-167 -j DROP +-A logdrop-169 -m limit --limit 1/second -j LOG +-A logdrop-169 -j DROP -A logdrop-17 -m limit --limit 1/second -j LOG -A logdrop-17 -j DROP +-A logdrop-170 -m limit --limit 1/second -j LOG +-A logdrop-170 -j DROP +-A logdrop-171 -m limit --limit 1/second -j LOG +-A logdrop-171 -j DROP +-A logdrop-172 -m limit --limit 1/second -j LOG +-A logdrop-172 -j DROP +-A logdrop-173 -m limit --limit 1/second -j LOG +-A logdrop-173 -j DROP +-A logdrop-174 -m limit --limit 1/second -j LOG +-A logdrop-174 -j DROP +-A logdrop-175 -m limit --limit 1/second -j LOG +-A logdrop-175 -j DROP +-A logdrop-176 -m limit --limit 1/second -j LOG +-A logdrop-176 -j DROP +-A logdrop-177 -m limit --limit 1/second -j LOG +-A logdrop-177 -j DROP +-A logdrop-178 -m limit --limit 1/second -j LOG +-A logdrop-178 -j DROP +-A logdrop-179 -m limit --limit 1/second -j LOG +-A logdrop-179 -j DROP -A logdrop-18 -m limit --limit 1/second -j LOG -A logdrop-18 -j DROP +-A logdrop-180 -m limit --limit 1/second -j LOG +-A logdrop-180 -j DROP +-A logdrop-181 -m limit --limit 1/second -j LOG +-A logdrop-181 -j DROP +-A logdrop-183 -m limit --limit 1/second -j LOG +-A logdrop-183 -j DROP +-A logdrop-184 -m limit --limit 1/second -j LOG +-A logdrop-184 -j DROP +-A logdrop-185 -m limit --limit 1/second -j LOG +-A logdrop-185 -j DROP +-A logdrop-187 -m limit --limit 1/second -j LOG +-A logdrop-187 -j DROP +-A logdrop-188 -m limit --limit 1/second -j LOG +-A logdrop-188 -j DROP +-A logdrop-189 -m limit --limit 1/second -j LOG +-A logdrop-189 -j DROP -A logdrop-19 -m limit --limit 1/second -j LOG -A logdrop-19 -j DROP +-A logdrop-190 -m limit --limit 1/second -j LOG +-A logdrop-190 -j DROP +-A logdrop-191 -m limit --limit 1/second -j LOG +-A logdrop-191 -j DROP +-A logdrop-192 -m limit --limit 1/second -j LOG +-A logdrop-192 -j DROP +-A logdrop-193 -m limit --limit 1/second -j LOG +-A logdrop-193 -j DROP +-A logdrop-195 -m limit --limit 1/second -j LOG +-A logdrop-195 -j DROP +-A logdrop-196 -m limit --limit 1/second -j LOG +-A logdrop-196 -j DROP +-A logdrop-197 -m limit --limit 1/second -j LOG +-A logdrop-197 -j DROP +-A logdrop-199 -m limit --limit 1/second -j LOG +-A logdrop-199 -j DROP -A logdrop-2 -m limit --limit 1/second -j LOG -A logdrop-2 -j DROP +-A logdrop-200 -m limit --limit 1/second -j LOG +-A logdrop-200 -j DROP -A logdrop-21 -m limit --limit 1/second -j LOG -A logdrop-21 -j DROP -A logdrop-22 -m limit --limit 1/second -j LOG @@ -2290,16 +4298,12 @@ -A logdrop-49 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG -A logdrop-5 -j DROP --A logdrop-50 -m limit --limit 1/second -j LOG --A logdrop-50 -j DROP -A logdrop-51 -m limit --limit 1/second -j LOG -A logdrop-51 -j DROP -A logdrop-52 -m limit --limit 1/second -j LOG -A logdrop-52 -j DROP -A logdrop-53 -m limit --limit 1/second -j LOG -A logdrop-53 -j DROP --A logdrop-54 -m limit --limit 1/second -j LOG --A logdrop-54 -j DROP -A logdrop-55 -m limit --limit 1/second -j LOG -A logdrop-55 -j DROP -A logdrop-56 -m limit --limit 1/second -j LOG @@ -2316,16 +4320,12 @@ -A logdrop-60 -j DROP -A logdrop-61 -m limit --limit 1/second -j LOG -A logdrop-61 -j DROP --A logdrop-62 -m limit --limit 1/second -j LOG --A logdrop-62 -j DROP -A logdrop-63 -m limit --limit 1/second -j LOG -A logdrop-63 -j DROP -A logdrop-64 -m limit --limit 1/second -j LOG -A logdrop-64 -j DROP -A logdrop-65 -m limit --limit 1/second -j LOG -A logdrop-65 -j DROP --A logdrop-66 -m limit --limit 1/second -j LOG --A logdrop-66 -j DROP -A logdrop-67 -m limit --limit 1/second -j LOG -A logdrop-67 -j DROP -A logdrop-68 -m limit --limit 1/second -j LOG @@ -2382,12 +4382,16 @@ -A logdrop-90 -j DROP -A logdrop-91 -m limit --limit 1/second -j LOG -A logdrop-91 -j DROP +-A logdrop-92 -m limit --limit 1/second -j LOG +-A logdrop-92 -j DROP -A logdrop-93 -m limit --limit 1/second -j LOG -A logdrop-93 -j DROP -A logdrop-94 -m limit --limit 1/second -j LOG -A logdrop-94 -j DROP -A logdrop-95 -m limit --limit 1/second -j LOG -A logdrop-95 -j DROP +-A logdrop-96 -m limit --limit 1/second -j LOG +-A logdrop-96 -j DROP -A logdrop-97 -m limit --limit 1/second -j LOG -A logdrop-97 -j DROP -A logdrop-98 -m limit --limit 1/second -j LOG @@ -2476,6 +4480,60 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -2593,6 +4651,108 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack |