diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 13:55:41 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 13:55:41 +0300 |
commit | b4d83b0152ca8fd96f2e5922ce9cac9a1c1a2478 (patch) | |
tree | 1e67729d1b6569abc2c439812a4b12b574c7a4cd /test | |
parent | 44424903aeed8310c6cc4100d79ad3b1f4e8b06f (diff) | |
download | awall-b4d83b0152ca8fd96f2e5922ce9cac9a1c1a2478.tar.bz2 awall-b4d83b0152ca8fd96f2e5922ce9cac9a1c1a2478.tar.xz |
test: filter-limit: addr
Diffstat (limited to 'test')
-rw-r--r-- | test/mandatory/filter-limit.lua | 45 | ||||
-rw-r--r-- | test/output/dump | 9220 | ||||
-rw-r--r-- | test/output/rules-save | 1901 | ||||
-rw-r--r-- | test/output/rules6-save | 1901 |
4 files changed, 8788 insertions, 4279 deletions
diff --git a/test/mandatory/filter-limit.lua b/test/mandatory/filter-limit.lua index 4c9b7cd..3cbca1e 100644 --- a/test/mandatory/filter-limit.lua +++ b/test/mandatory/filter-limit.lua @@ -14,25 +14,32 @@ function add(limit_type, base) for _, name in ipairs{ false, type(limit) == 'table' and count == 1 and 'foo' or nil } do - for _, no_update in ipairs{false, name or nil} do - local upd - if no_update then upd = false end - for _, log in ipairs{false, true, 'none'} do - for _, action in ipairs{false, 'pass'} do - if not (count == 30 and log and action) then - table.insert( - res, - update( - { - [limit_type..'-limit']=type(limit) == 'table' and update( - {name=name or nil, update=upd}, limit - ) or limit, - log=log or nil, - action=action or nil - }, - base or {} - ) - ) + for _, addr in ipairs{false, name and 'dest' or nil} do + for _, no_update in ipairs{false, name or nil} do + local upd + if no_update then upd = false end + for _, log in ipairs{false, true, 'none'} do + for _, action in ipairs{false, 'pass'} do + if not (count == 30 and log and action) then + table.insert( + res, + update( + { + [limit_type..'-limit']=type(limit) == 'table' and update( + { + name=name or nil, + addr=addr or nil, + update=upd + }, + limit + ) or limit, + log=log or nil, + action=action or nil + }, + base or {} + ) + ) + end end end end diff --git a/test/output/dump b/test/output/dump index a20ee36..57058c9 100644 --- a/test/output/dump +++ b/test/output/dump @@ -430,1293 +430,1031 @@ Filter 30 {"action":"pass","conn-limit":{"count":1,"nam inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-24 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-24 -Filter 31 {"conn-limit":{"count":1,"log":false},"out":"B"} +Filter 31 {"conn-limit":{"addr":"dest","count":1,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-24 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-24 - inet/filter/limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 + inet6/filter/limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 + inet/filter/logdrop-25 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-25 -m limit --limit 1/second -j LOG + inet/filter/logdrop-25 -j DROP + inet6/filter/logdrop-25 -j DROP + inet/filter/limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 32 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} +Filter 32 {"action":"pass","conn-limit":{"addr":"dest","count":1,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-25 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-25 - inet/filter/limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 + inet6/filter/limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 + inet/filter/logdrop-26 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG + inet/filter/logdrop-26 -j DROP + inet6/filter/logdrop-26 -j DROP + inet/filter/limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 33 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} +Filter 33 {"conn-limit":{"addr":"dest","count":1,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26 - inet/filter/limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 + inet6/filter/limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 + inet/filter/logdrop-27 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-27 -m limit --limit 1/second -j LOG + inet/filter/logdrop-27 -j DROP + inet6/filter/logdrop-27 -j DROP inet/filter/limit-26 -m limit --limit 1/second -j LOG inet6/filter/limit-26 -m limit --limit 1/second -j LOG - inet/filter/limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 34 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} +Filter 34 {"action":"pass","conn-limit":{"addr":"dest","count":1,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-27 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-27 - inet/filter/limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 + inet6/filter/limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 + inet/filter/logdrop-28 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-28 -m limit --limit 1/second -j LOG + inet/filter/logdrop-28 -j DROP + inet6/filter/logdrop-28 -j DROP + inet/filter/limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 35 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} +Filter 35 {"conn-limit":{"addr":"dest","count":1,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-28 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-28 - inet/filter/limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 + inet6/filter/limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 + inet/filter/logdrop-29 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-29 -m limit --limit 1/second -j LOG + inet/filter/logdrop-29 -j DROP + inet6/filter/logdrop-29 -j DROP + inet/filter/limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 36 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} +Filter 36 {"action":"pass","conn-limit":{"addr":"dest","count":1,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-29 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-29 - inet/filter/limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 + inet6/filter/limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 + inet/filter/logdrop-30 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-30 -m limit --limit 1/second -j LOG + inet/filter/logdrop-30 -j DROP + inet6/filter/logdrop-30 -j DROP + inet/filter/limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 37 {"conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} +Filter 37 {"conn-limit":{"addr":"dest","count":1,"name":"foo","update":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-30 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-30 - inet/filter/limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-30 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-31 + inet6/filter/limit-30 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-31 + inet/filter/logdrop-31 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-31 -m limit --limit 1/second -j LOG + inet/filter/logdrop-31 -j DROP + inet6/filter/logdrop-31 -j DROP + inet/filter/limit-30 -j ACCEPT + inet6/filter/limit-30 -j ACCEPT -Filter 38 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} +Filter 38 {"action":"pass","conn-limit":{"addr":"dest","count":1,"name":"foo","update":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-31 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-31 - inet/filter/limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-32 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-32 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -Filter 39 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} +Filter 39 {"conn-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-32 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-32 - inet/filter/limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-32 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-33 + inet6/filter/limit-32 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-33 + inet/filter/logdrop-33 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-33 -m limit --limit 1/second -j LOG + inet/filter/logdrop-33 -j DROP + inet6/filter/logdrop-33 -j DROP inet/filter/limit-32 -m limit --limit 1/second -j LOG inet6/filter/limit-32 -m limit --limit 1/second -j LOG - inet/filter/limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-32 -j ACCEPT + inet6/filter/limit-32 -j ACCEPT -Filter 40 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} +Filter 40 {"action":"pass","conn-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-33 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-33 - inet/filter/limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-33 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-34 + inet6/filter/limit-33 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-34 + inet/filter/logdrop-34 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-34 -m limit --limit 1/second -j LOG + inet/filter/logdrop-34 -j DROP + inet6/filter/logdrop-34 -j DROP + inet/filter/limit-33 -m limit --limit 1/second -j LOG + inet6/filter/limit-33 -m limit --limit 1/second -j LOG -Filter 41 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} +Filter 41 {"conn-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-34 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-34 - inet/filter/limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-34 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-35 + inet6/filter/limit-34 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-35 + inet/filter/logdrop-35 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-35 -m limit --limit 1/second -j LOG + inet/filter/logdrop-35 -j DROP + inet6/filter/logdrop-35 -j DROP + inet/filter/limit-34 -j ACCEPT + inet6/filter/limit-34 -j ACCEPT -Filter 42 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} +Filter 42 {"action":"pass","conn-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-35 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-35 - inet/filter/limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-36 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-36 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-36 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -Filter 43 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"out":"B"} +Filter 43 {"conn-limit":{"count":1,"log":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-36 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-36 - inet/filter/limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-36 -j ACCEPT - inet6/filter/limit-36 -j ACCEPT + inet/filter/limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 44 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"out":"B"} +Filter 44 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-37 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-37 + inet/filter/limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 45 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true,"out":"B"} +Filter 45 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-38 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-38 - inet/filter/limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-38 -m limit --limit 1/second -j LOG inet6/filter/limit-38 -m limit --limit 1/second -j LOG - inet/filter/limit-38 -j ACCEPT - inet6/filter/limit-38 -j ACCEPT + inet/filter/limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 46 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true,"out":"B"} +Filter 46 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-39 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-39 - inet/filter/limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-39 -m limit --limit 1/second -j LOG - inet6/filter/limit-39 -m limit --limit 1/second -j LOG + inet/filter/limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 47 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none","out":"B"} +Filter 47 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-40 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-40 - inet/filter/limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-40 -j ACCEPT - inet6/filter/limit-40 -j ACCEPT + inet/filter/limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 48 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none","out":"B"} +Filter 48 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-41 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-41 + inet/filter/limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 49 {"conn-limit":{"count":1,"log":"none"},"out":"B"} +Filter 49 {"conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-42 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-42 - inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 50 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} +Filter 50 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-43 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-43 - inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 51 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} +Filter 51 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-44 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-44 - inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-44 -m limit --limit 1/second -j LOG inet6/filter/limit-44 -m limit --limit 1/second -j LOG - inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 52 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} +Filter 52 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-45 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-45 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-45 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-45 - inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 53 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} +Filter 53 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-46 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-46 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-46 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-46 - inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 54 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} +Filter 54 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-47 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-47 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-47 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-47 - inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 55 {"conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} +Filter 55 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-48 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-48 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-48 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-48 - inet/filter/limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-48 -j ACCEPT + inet6/filter/limit-48 -j ACCEPT -Filter 56 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} +Filter 56 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-49 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-49 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-49 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-49 - inet/filter/limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 57 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} +Filter 57 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-50 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-50 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-50 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-50 - inet/filter/limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/limit-50 -m limit --limit 1/second -j LOG inet6/filter/limit-50 -m limit --limit 1/second -j LOG - inet/filter/limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-50 -j ACCEPT + inet6/filter/limit-50 -j ACCEPT -Filter 58 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} +Filter 58 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-51 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-51 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-51 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-51 - inet/filter/limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-51 -m limit --limit 1/second -j LOG + inet6/filter/limit-51 -m limit --limit 1/second -j LOG -Filter 59 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +Filter 59 {"conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-52 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-52 - inet/filter/limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-52 -j ACCEPT + inet6/filter/limit-52 -j ACCEPT -Filter 60 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +Filter 60 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-53 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-53 - inet/filter/limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 61 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"out":"B"} +Filter 61 {"conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-54 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-54 - inet/filter/limit-54 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-54 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-54 -j ACCEPT - inet6/filter/limit-54 -j ACCEPT + inet/filter/limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 62 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"out":"B"} +Filter 62 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-55 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-55 + inet/filter/limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 63 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +Filter 63 {"conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-56 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-56 - inet/filter/limit-56 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-56 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-56 -m limit --limit 1/second -j LOG inet6/filter/limit-56 -m limit --limit 1/second -j LOG - inet/filter/limit-56 -j ACCEPT - inet6/filter/limit-56 -j ACCEPT + inet/filter/limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 64 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +Filter 64 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-57 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-57 - inet/filter/limit-57 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-57 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-57 -m limit --limit 1/second -j LOG - inet6/filter/limit-57 -m limit --limit 1/second -j LOG + inet/filter/limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 65 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +Filter 65 {"conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-58 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-58 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-58 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-58 - inet/filter/limit-58 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-58 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-58 -j ACCEPT - inet6/filter/limit-58 -j ACCEPT + inet/filter/limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 66 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +Filter 66 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-59 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-59 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-59 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-59 + inet/filter/limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 67 {"conn-limit":30,"out":"B"} +Filter 67 {"conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-60 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-60 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-60 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-60 - inet/filter/limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-60 -j ACCEPT - inet6/filter/limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-60 -j ACCEPT - inet/filter/limit-60 -m limit --limit 1/second -j LOG - inet6/filter/limit-60 -m limit --limit 1/second -j LOG - inet/filter/limit-60 -j DROP - inet6/filter/limit-60 -j DROP - -Filter 68 {"action":"pass","conn-limit":30,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-61 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-61 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-61 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-61 - inet/filter/limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-61 -j RETURN - inet6/filter/limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-61 -j RETURN - inet/filter/limit-61 -m limit --limit 1/second -j LOG - inet6/filter/limit-61 -m limit --limit 1/second -j LOG - inet/filter/limit-61 -j DROP - inet6/filter/limit-61 -j DROP - -Filter 69 {"conn-limit":30,"log":true,"out":"B"} + inet/filter/limit-60 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-60 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-60 -j ACCEPT + inet6/filter/limit-60 -j ACCEPT + +Filter 68 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 69 {"conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-62 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-62 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-62 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-62 - inet/filter/limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-62 -j logaccept-0 - inet6/filter/limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-62 -j logaccept-0 - inet/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-0 -j ACCEPT - inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-62 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-62 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/limit-62 -m limit --limit 1/second -j LOG inet6/filter/limit-62 -m limit --limit 1/second -j LOG - inet/filter/limit-62 -j DROP - inet6/filter/limit-62 -j DROP + inet/filter/limit-62 -j ACCEPT + inet6/filter/limit-62 -j ACCEPT -Filter 70 {"conn-limit":30,"log":"none","out":"B"} +Filter 70 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-63 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-63 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-63 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-63 - inet/filter/limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-63 -j ACCEPT - inet6/filter/limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-63 -j ACCEPT + inet/filter/limit-63 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-63 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/limit-63 -m limit --limit 1/second -j LOG inet6/filter/limit-63 -m limit --limit 1/second -j LOG - inet/filter/limit-63 -j DROP - inet6/filter/limit-63 -j DROP -Filter 71 {"conn-limit":{"count":30},"out":"B"} +Filter 71 {"conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-64 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-64 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-64 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-64 - inet/filter/limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j ACCEPT - inet6/filter/limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j ACCEPT - inet/filter/limit-64 -m limit --limit 1/second -j LOG - inet6/filter/limit-64 -m limit --limit 1/second -j LOG - inet/filter/limit-64 -j DROP - inet6/filter/limit-64 -j DROP - -Filter 72 {"action":"pass","conn-limit":{"count":30},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-65 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-65 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-65 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-65 - inet/filter/limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN - inet6/filter/limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN - inet/filter/limit-65 -m limit --limit 1/second -j LOG - inet6/filter/limit-65 -m limit --limit 1/second -j LOG - inet/filter/limit-65 -j DROP - inet6/filter/limit-65 -j DROP - -Filter 73 {"conn-limit":{"count":30},"log":true,"out":"B"} + inet/filter/limit-64 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-64 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-64 -j ACCEPT + inet6/filter/limit-64 -j ACCEPT + +Filter 72 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 73 {"conn-limit":{"count":1,"log":"none"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-66 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-66 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-66 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-66 - inet/filter/limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j logaccept-1 - inet6/filter/limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j logaccept-1 - inet/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-1 -j ACCEPT - inet6/filter/logaccept-1 -j ACCEPT - inet/filter/limit-66 -m limit --limit 1/second -j LOG - inet6/filter/limit-66 -m limit --limit 1/second -j LOG - inet/filter/limit-66 -j DROP - inet6/filter/limit-66 -j DROP + inet/filter/limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 74 {"conn-limit":{"count":30},"log":"none","out":"B"} +Filter 74 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-67 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-67 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-67 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-67 - inet/filter/limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j ACCEPT - inet6/filter/limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j ACCEPT - inet/filter/limit-67 -m limit --limit 1/second -j LOG - inet6/filter/limit-67 -m limit --limit 1/second -j LOG - inet/filter/limit-67 -j DROP - inet6/filter/limit-67 -j DROP + inet/filter/limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 75 {"conn-limit":{"count":30,"log":false},"out":"B"} +Filter 75 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-68 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-68 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-68 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-68 - inet/filter/limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j ACCEPT - inet6/filter/limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j ACCEPT - inet/filter/limit-68 -j DROP - inet6/filter/limit-68 -j DROP + inet/filter/limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-68 -m limit --limit 1/second -j LOG + inet6/filter/limit-68 -m limit --limit 1/second -j LOG + inet/filter/limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 76 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} +Filter 76 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-69 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-69 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-69 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-69 - inet/filter/limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN - inet6/filter/limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN - inet/filter/limit-69 -j DROP - inet6/filter/limit-69 -j DROP + inet/filter/limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 77 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} +Filter 77 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-70 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-70 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-70 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-70 - inet/filter/limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j logaccept-2 - inet6/filter/limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j logaccept-2 - inet/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-2 -j ACCEPT - inet6/filter/logaccept-2 -j ACCEPT - inet/filter/limit-70 -j DROP - inet6/filter/limit-70 -j DROP + inet/filter/limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 78 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} +Filter 78 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-71 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-71 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-71 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-71 - inet/filter/limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j ACCEPT - inet6/filter/limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j ACCEPT - inet/filter/limit-71 -j DROP - inet6/filter/limit-71 -j DROP + inet/filter/limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 79 {"conn-limit":{"count":30,"log":"none"},"out":"B"} +Filter 79 {"conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-72 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-72 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-72 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-72 - inet/filter/limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j ACCEPT - inet6/filter/limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j ACCEPT - inet/filter/limit-72 -j DROP - inet6/filter/limit-72 -j DROP + inet/filter/limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 80 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} +Filter 80 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-73 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-73 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-73 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-73 - inet/filter/limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN - inet6/filter/limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN - inet/filter/limit-73 -j DROP - inet6/filter/limit-73 -j DROP + inet/filter/limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 81 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} +Filter 81 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-74 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-74 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-74 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-74 - inet/filter/limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j logaccept-3 - inet6/filter/limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j logaccept-3 - inet/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-3 -j ACCEPT - inet6/filter/logaccept-3 -j ACCEPT - inet/filter/limit-74 -j DROP - inet6/filter/limit-74 -j DROP + inet/filter/limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-74 -m limit --limit 1/second -j LOG + inet6/filter/limit-74 -m limit --limit 1/second -j LOG + inet/filter/limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 82 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} +Filter 82 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-75 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-75 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-75 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-75 - inet/filter/limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j ACCEPT - inet6/filter/limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j ACCEPT - inet/filter/limit-75 -j DROP - inet6/filter/limit-75 -j DROP - -Filter 83 {"flow-limit":1} -(filter-limit) - inet/filter/FORWARD -j limit-76 - inet6/filter/FORWARD -j limit-76 - inet/filter/INPUT -j limit-76 - inet6/filter/INPUT -j limit-76 - inet/filter/OUTPUT -j limit-76 - inet6/filter/OUTPUT -j limit-76 - inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 - inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 - inet/filter/logdrop-25 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-25 -m limit --limit 1/second -j LOG - inet/filter/logdrop-25 -j DROP - inet6/filter/logdrop-25 -j DROP - inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 84 {"action":"pass","flow-limit":1} -(filter-limit) - inet/filter/FORWARD -j limit-77 - inet6/filter/FORWARD -j limit-77 - inet/filter/INPUT -j limit-77 - inet6/filter/INPUT -j limit-77 - inet/filter/OUTPUT -j limit-77 - inet6/filter/OUTPUT -j limit-77 - inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 - inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 - inet/filter/logdrop-26 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG - inet/filter/logdrop-26 -j DROP - inet6/filter/logdrop-26 -j DROP - inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 85 {"flow-limit":1,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-78 - inet6/filter/FORWARD -j limit-78 - inet/filter/INPUT -j limit-78 - inet6/filter/INPUT -j limit-78 - inet/filter/OUTPUT -j limit-78 - inet6/filter/OUTPUT -j limit-78 - inet/filter/limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 - inet6/filter/limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 - inet/filter/logdrop-27 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-27 -m limit --limit 1/second -j LOG - inet/filter/logdrop-27 -j DROP - inet6/filter/logdrop-27 -j DROP - inet/filter/limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-0 - inet6/filter/FORWARD -j logaccept-final-0 - inet/filter/INPUT -j logaccept-final-0 - inet6/filter/INPUT -j logaccept-final-0 - inet/filter/OUTPUT -j logaccept-final-0 - inet6/filter/OUTPUT -j logaccept-final-0 - inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-0 -j ACCEPT - inet6/filter/logaccept-final-0 -j ACCEPT - -Filter 86 {"action":"pass","flow-limit":1,"log":true} + inet/filter/limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 83 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-76 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-76 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-76 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-76 + inet/filter/limit-76 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-76 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-76 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-76 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 84 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-77 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-77 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-77 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-77 + inet/filter/limit-77 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-77 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-77 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-77 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 85 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-78 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-78 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-78 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-78 + inet/filter/limit-78 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-78 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-78 -j ACCEPT + inet6/filter/limit-78 -j ACCEPT + +Filter 86 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-79 - inet6/filter/FORWARD -j limit-79 - inet/filter/INPUT -j limit-79 - inet6/filter/INPUT -j limit-79 - inet/filter/OUTPUT -j limit-79 - inet6/filter/OUTPUT -j limit-79 - inet/filter/limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 - inet6/filter/limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 - inet/filter/logdrop-28 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-28 -m limit --limit 1/second -j LOG - inet/filter/logdrop-28 -j DROP - inet6/filter/logdrop-28 -j DROP - inet/filter/limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 87 {"flow-limit":1,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-80 - inet6/filter/FORWARD -j limit-80 - inet/filter/INPUT -j limit-80 - inet6/filter/INPUT -j limit-80 - inet/filter/OUTPUT -j limit-80 - inet6/filter/OUTPUT -j limit-80 - inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 - inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 - inet/filter/logdrop-29 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-29 -m limit --limit 1/second -j LOG - inet/filter/logdrop-29 -j DROP - inet6/filter/logdrop-29 -j DROP - inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 88 {"action":"pass","flow-limit":1,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-81 - inet6/filter/FORWARD -j limit-81 - inet/filter/INPUT -j limit-81 - inet6/filter/INPUT -j limit-81 - inet/filter/OUTPUT -j limit-81 - inet6/filter/OUTPUT -j limit-81 - inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 - inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 - inet/filter/logdrop-30 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-30 -m limit --limit 1/second -j LOG - inet/filter/logdrop-30 -j DROP - inet6/filter/logdrop-30 -j DROP - inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 89 {"flow-limit":{"count":1}} -(filter-limit) - inet/filter/FORWARD -j limit-82 - inet6/filter/FORWARD -j limit-82 - inet/filter/INPUT -j limit-82 - inet6/filter/INPUT -j limit-82 - inet/filter/OUTPUT -j limit-82 - inet6/filter/OUTPUT -j limit-82 - inet/filter/limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 - inet6/filter/limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 - inet/filter/logdrop-31 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-31 -m limit --limit 1/second -j LOG - inet/filter/logdrop-31 -j DROP - inet6/filter/logdrop-31 -j DROP - inet/filter/limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 90 {"action":"pass","flow-limit":{"count":1}} -(filter-limit) - inet/filter/FORWARD -j limit-83 - inet6/filter/FORWARD -j limit-83 - inet/filter/INPUT -j limit-83 - inet6/filter/INPUT -j limit-83 - inet/filter/OUTPUT -j limit-83 - inet6/filter/OUTPUT -j limit-83 - inet/filter/limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 - inet6/filter/limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 - inet/filter/logdrop-32 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-32 -m limit --limit 1/second -j LOG - inet/filter/logdrop-32 -j DROP - inet6/filter/logdrop-32 -j DROP - inet/filter/limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 91 {"flow-limit":{"count":1},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-84 - inet6/filter/FORWARD -j limit-84 - inet/filter/INPUT -j limit-84 - inet6/filter/INPUT -j limit-84 - inet/filter/OUTPUT -j limit-84 - inet6/filter/OUTPUT -j limit-84 - inet/filter/limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 - inet6/filter/limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 - inet/filter/logdrop-33 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-33 -m limit --limit 1/second -j LOG - inet/filter/logdrop-33 -j DROP - inet6/filter/logdrop-33 -j DROP - inet/filter/limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-1 - inet6/filter/FORWARD -j logaccept-final-1 - inet/filter/INPUT -j logaccept-final-1 - inet6/filter/INPUT -j logaccept-final-1 - inet/filter/OUTPUT -j logaccept-final-1 - inet6/filter/OUTPUT -j logaccept-final-1 - inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-1 -j ACCEPT - inet6/filter/logaccept-final-1 -j ACCEPT - -Filter 92 {"action":"pass","flow-limit":{"count":1},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-85 - inet6/filter/FORWARD -j limit-85 - inet/filter/INPUT -j limit-85 - inet6/filter/INPUT -j limit-85 - inet/filter/OUTPUT -j limit-85 - inet6/filter/OUTPUT -j limit-85 - inet/filter/limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 - inet6/filter/limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 - inet/filter/logdrop-34 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-34 -m limit --limit 1/second -j LOG - inet/filter/logdrop-34 -j DROP - inet6/filter/logdrop-34 -j DROP - inet/filter/limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 93 {"flow-limit":{"count":1},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-86 - inet6/filter/FORWARD -j limit-86 - inet/filter/INPUT -j limit-86 - inet6/filter/INPUT -j limit-86 - inet/filter/OUTPUT -j limit-86 - inet6/filter/OUTPUT -j limit-86 - inet/filter/limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 - inet6/filter/limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 - inet/filter/logdrop-35 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-35 -m limit --limit 1/second -j LOG - inet/filter/logdrop-35 -j DROP - inet6/filter/logdrop-35 -j DROP - inet/filter/limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 94 {"action":"pass","flow-limit":{"count":1},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-87 - inet6/filter/FORWARD -j limit-87 - inet/filter/INPUT -j limit-87 - inet6/filter/INPUT -j limit-87 - inet/filter/OUTPUT -j limit-87 - inet6/filter/OUTPUT -j limit-87 - inet/filter/limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 - inet6/filter/limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 - inet/filter/logdrop-36 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-36 -m limit --limit 1/second -j LOG - inet/filter/logdrop-36 -j DROP - inet6/filter/logdrop-36 -j DROP - inet/filter/limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 95 {"flow-limit":{"count":1,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-88 - inet6/filter/FORWARD -j limit-88 - inet/filter/INPUT -j limit-88 - inet6/filter/INPUT -j limit-88 - inet/filter/OUTPUT -j limit-88 - inet6/filter/OUTPUT -j limit-88 - inet/filter/limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 - inet6/filter/limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 - inet/filter/logdrop-37 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG - inet/filter/logdrop-37 -j DROP - inet6/filter/logdrop-37 -j DROP - inet/filter/limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 96 {"action":"pass","flow-limit":{"count":1,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-89 - inet6/filter/FORWARD -j limit-89 - inet/filter/INPUT -j limit-89 - inet6/filter/INPUT -j limit-89 - inet/filter/OUTPUT -j limit-89 - inet6/filter/OUTPUT -j limit-89 - inet/filter/limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 - inet6/filter/limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 - inet/filter/logdrop-38 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG - inet/filter/logdrop-38 -j DROP - inet6/filter/logdrop-38 -j DROP - inet/filter/limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 97 {"flow-limit":{"count":1,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-90 - inet6/filter/FORWARD -j limit-90 - inet/filter/INPUT -j limit-90 - inet6/filter/INPUT -j limit-90 - inet/filter/OUTPUT -j limit-90 - inet6/filter/OUTPUT -j limit-90 - inet/filter/limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 - inet6/filter/limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 - inet/filter/logdrop-39 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-39 -m limit --limit 1/second -j LOG - inet/filter/logdrop-39 -j DROP - inet6/filter/logdrop-39 -j DROP - inet/filter/limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-2 - inet6/filter/FORWARD -j logaccept-final-2 - inet/filter/INPUT -j logaccept-final-2 - inet6/filter/INPUT -j logaccept-final-2 - inet/filter/OUTPUT -j logaccept-final-2 - inet6/filter/OUTPUT -j logaccept-final-2 - inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-2 -j ACCEPT - inet6/filter/logaccept-final-2 -j ACCEPT - -Filter 98 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-91 - inet6/filter/FORWARD -j limit-91 - inet/filter/INPUT -j limit-91 - inet6/filter/INPUT -j limit-91 - inet/filter/OUTPUT -j limit-91 - inet6/filter/OUTPUT -j limit-91 - inet/filter/limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 - inet6/filter/limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 - inet/filter/logdrop-40 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-40 -m limit --limit 1/second -j LOG - inet/filter/logdrop-40 -j DROP - inet6/filter/logdrop-40 -j DROP - inet/filter/limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 99 {"flow-limit":{"count":1,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-92 - inet6/filter/FORWARD -j limit-92 - inet/filter/INPUT -j limit-92 - inet6/filter/INPUT -j limit-92 - inet/filter/OUTPUT -j limit-92 - inet6/filter/OUTPUT -j limit-92 - inet/filter/limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 - inet6/filter/limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 - inet/filter/logdrop-41 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-41 -m limit --limit 1/second -j LOG - inet/filter/logdrop-41 -j DROP - inet6/filter/logdrop-41 -j DROP - inet/filter/limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 100 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-93 - inet6/filter/FORWARD -j limit-93 - inet/filter/INPUT -j limit-93 - inet6/filter/INPUT -j limit-93 - inet/filter/OUTPUT -j limit-93 - inet6/filter/OUTPUT -j limit-93 - inet/filter/limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 - inet6/filter/limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 - inet/filter/logdrop-42 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-42 -m limit --limit 1/second -j LOG - inet/filter/logdrop-42 -j DROP - inet6/filter/logdrop-42 -j DROP - inet/filter/limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 101 {"flow-limit":{"count":1,"name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-94 - inet6/filter/FORWARD -j limit-94 - inet/filter/INPUT -j limit-94 - inet6/filter/INPUT -j limit-94 - inet/filter/OUTPUT -j limit-94 - inet6/filter/OUTPUT -j limit-94 - inet/filter/limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-43 - inet6/filter/limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-43 - inet/filter/logdrop-43 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-43 -m limit --limit 1/second -j LOG - inet/filter/logdrop-43 -j DROP - inet6/filter/logdrop-43 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 102 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false}} -(filter-limit) - inet/filter/FORWARD -j limit-95 - inet6/filter/FORWARD -j limit-95 - inet/filter/INPUT -j limit-95 - inet6/filter/INPUT -j limit-95 - inet/filter/OUTPUT -j limit-95 - inet6/filter/OUTPUT -j limit-95 - inet/filter/limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-44 - inet6/filter/limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-44 - inet/filter/logdrop-44 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG - inet/filter/logdrop-44 -j DROP - inet6/filter/logdrop-44 -j DROP + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 103 {"flow-limit":{"count":1,"name":"foo","update":false},"log":true} +Filter 87 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-80 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-80 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-80 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-80 + inet/filter/limit-80 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-80 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-80 -m limit --limit 1/second -j LOG + inet6/filter/limit-80 -m limit --limit 1/second -j LOG + inet/filter/limit-80 -j ACCEPT + inet6/filter/limit-80 -j ACCEPT + +Filter 88 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-81 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-81 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-81 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-81 + inet/filter/limit-81 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-81 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-81 -m limit --limit 1/second -j LOG + inet6/filter/limit-81 -m limit --limit 1/second -j LOG + +Filter 89 {"conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-82 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-82 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-82 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-82 + inet/filter/limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-82 -j ACCEPT + inet6/filter/limit-82 -j ACCEPT + +Filter 90 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-96 - inet6/filter/FORWARD -j limit-96 - inet/filter/INPUT -j limit-96 - inet6/filter/INPUT -j limit-96 - inet/filter/OUTPUT -j limit-96 - inet6/filter/OUTPUT -j limit-96 - inet/filter/limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-45 - inet6/filter/limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-45 - inet/filter/logdrop-45 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-45 -m limit --limit 1/second -j LOG - inet/filter/logdrop-45 -j DROP - inet6/filter/logdrop-45 -j DROP - inet/filter/FORWARD -j logaccept-final-3 - inet6/filter/FORWARD -j logaccept-final-3 - inet/filter/INPUT -j logaccept-final-3 - inet6/filter/INPUT -j logaccept-final-3 - inet/filter/OUTPUT -j logaccept-final-3 - inet6/filter/OUTPUT -j logaccept-final-3 - inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-3 -j ACCEPT - inet6/filter/logaccept-final-3 -j ACCEPT + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -Filter 104 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-97 - inet6/filter/FORWARD -j limit-97 - inet/filter/INPUT -j limit-97 - inet6/filter/INPUT -j limit-97 - inet/filter/OUTPUT -j limit-97 - inet6/filter/OUTPUT -j limit-97 - inet/filter/limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-46 - inet6/filter/limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-46 - inet/filter/logdrop-46 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-46 -m limit --limit 1/second -j LOG - inet/filter/logdrop-46 -j DROP - inet6/filter/logdrop-46 -j DROP +Filter 91 {"conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-84 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-84 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-84 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-84 + inet/filter/limit-84 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-84 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-84 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-84 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 92 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-85 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-85 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-85 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-85 + inet/filter/limit-85 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-85 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-85 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-85 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 93 {"conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-86 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-86 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-86 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-86 + inet/filter/limit-86 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-86 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-86 -m limit --limit 1/second -j LOG + inet6/filter/limit-86 -m limit --limit 1/second -j LOG + inet/filter/limit-86 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-86 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 94 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-87 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-87 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-87 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-87 + inet/filter/limit-87 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-87 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-87 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-87 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 95 {"conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-88 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-88 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-88 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-88 + inet/filter/limit-88 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-88 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-88 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-88 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 96 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-89 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-89 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-89 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-89 + inet/filter/limit-89 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-89 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-89 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-89 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 97 {"conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-90 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-90 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-90 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-90 + inet/filter/limit-90 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-90 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-90 -j ACCEPT + inet6/filter/limit-90 -j ACCEPT + +Filter 98 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 99 {"conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-92 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-92 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-92 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-92 + inet/filter/limit-92 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-92 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-92 -m limit --limit 1/second -j LOG + inet6/filter/limit-92 -m limit --limit 1/second -j LOG + inet/filter/limit-92 -j ACCEPT + inet6/filter/limit-92 -j ACCEPT + +Filter 100 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-93 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-93 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-93 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-93 + inet/filter/limit-93 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-93 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-93 -m limit --limit 1/second -j LOG + inet6/filter/limit-93 -m limit --limit 1/second -j LOG + +Filter 101 {"conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-94 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-94 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-94 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-94 + inet/filter/limit-94 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-94 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-94 -j ACCEPT + inet6/filter/limit-94 -j ACCEPT + +Filter 102 {"action":"pass","conn-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 103 {"conn-limit":30,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-96 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-96 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-96 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-96 + inet/filter/limit-96 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-96 -j ACCEPT + inet6/filter/limit-96 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-96 -j ACCEPT + inet/filter/limit-96 -m limit --limit 1/second -j LOG + inet6/filter/limit-96 -m limit --limit 1/second -j LOG + inet/filter/limit-96 -j DROP + inet6/filter/limit-96 -j DROP + +Filter 104 {"action":"pass","conn-limit":30,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-97 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-97 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-97 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-97 + inet/filter/limit-97 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-97 -j RETURN + inet6/filter/limit-97 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-97 -j RETURN inet/filter/limit-97 -m limit --limit 1/second -j LOG inet6/filter/limit-97 -m limit --limit 1/second -j LOG + inet/filter/limit-97 -j DROP + inet6/filter/limit-97 -j DROP -Filter 105 {"flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-98 - inet6/filter/FORWARD -j limit-98 - inet/filter/INPUT -j limit-98 - inet6/filter/INPUT -j limit-98 - inet/filter/OUTPUT -j limit-98 - inet6/filter/OUTPUT -j limit-98 - inet/filter/limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-47 - inet6/filter/limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-47 - inet/filter/logdrop-47 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-47 -m limit --limit 1/second -j LOG - inet/filter/logdrop-47 -j DROP - inet6/filter/logdrop-47 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 106 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} +Filter 105 {"conn-limit":30,"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-99 - inet6/filter/FORWARD -j limit-99 - inet/filter/INPUT -j limit-99 - inet6/filter/INPUT -j limit-99 - inet/filter/OUTPUT -j limit-99 - inet6/filter/OUTPUT -j limit-99 - inet/filter/limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-48 - inet6/filter/limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-48 - inet/filter/logdrop-48 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-48 -m limit --limit 1/second -j LOG - inet/filter/logdrop-48 -j DROP - inet6/filter/logdrop-48 -j DROP - -Filter 107 {"flow-limit":{"count":1,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-100 - inet6/filter/FORWARD -j limit-100 - inet/filter/INPUT -j limit-100 - inet6/filter/INPUT -j limit-100 - inet/filter/OUTPUT -j limit-100 - inet6/filter/OUTPUT -j limit-100 - inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 108 {"action":"pass","flow-limit":{"count":1,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-101 - inet6/filter/FORWARD -j limit-101 - inet/filter/INPUT -j limit-101 - inet6/filter/INPUT -j limit-101 - inet/filter/OUTPUT -j limit-101 - inet6/filter/OUTPUT -j limit-101 - inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 109 {"flow-limit":{"count":1,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-102 - inet6/filter/FORWARD -j limit-102 - inet/filter/INPUT -j limit-102 - inet6/filter/INPUT -j limit-102 - inet/filter/OUTPUT -j limit-102 - inet6/filter/OUTPUT -j limit-102 - inet/filter/limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-4 - inet6/filter/FORWARD -j logaccept-final-4 - inet/filter/INPUT -j logaccept-final-4 - inet6/filter/INPUT -j logaccept-final-4 - inet/filter/OUTPUT -j logaccept-final-4 - inet6/filter/OUTPUT -j logaccept-final-4 - inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-4 -j ACCEPT - inet6/filter/logaccept-final-4 -j ACCEPT - -Filter 110 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-103 - inet6/filter/FORWARD -j limit-103 - inet/filter/INPUT -j limit-103 - inet6/filter/INPUT -j limit-103 - inet/filter/OUTPUT -j limit-103 - inet6/filter/OUTPUT -j limit-103 - inet/filter/limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 111 {"flow-limit":{"count":1,"log":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-104 - inet6/filter/FORWARD -j limit-104 - inet/filter/INPUT -j limit-104 - inet6/filter/INPUT -j limit-104 - inet/filter/OUTPUT -j limit-104 - inet6/filter/OUTPUT -j limit-104 - inet/filter/limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 112 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-105 - inet6/filter/FORWARD -j limit-105 - inet/filter/INPUT -j limit-105 - inet6/filter/INPUT -j limit-105 - inet/filter/OUTPUT -j limit-105 - inet6/filter/OUTPUT -j limit-105 - inet/filter/limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 113 {"flow-limit":{"count":1,"log":false,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-106 - inet6/filter/FORWARD -j limit-106 - inet/filter/INPUT -j limit-106 - inet6/filter/INPUT -j limit-106 - inet/filter/OUTPUT -j limit-106 - inet6/filter/OUTPUT -j limit-106 - inet/filter/limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 114 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"}} -(filter-limit) - inet/filter/FORWARD -j limit-107 - inet6/filter/FORWARD -j limit-107 - inet/filter/INPUT -j limit-107 - inet6/filter/INPUT -j limit-107 - inet/filter/OUTPUT -j limit-107 - inet6/filter/OUTPUT -j limit-107 - inet/filter/limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 115 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-108 - inet6/filter/FORWARD -j limit-108 - inet/filter/INPUT -j limit-108 - inet6/filter/INPUT -j limit-108 - inet/filter/OUTPUT -j limit-108 - inet6/filter/OUTPUT -j limit-108 - inet/filter/limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-5 - inet6/filter/FORWARD -j logaccept-final-5 - inet/filter/INPUT -j logaccept-final-5 - inet6/filter/INPUT -j logaccept-final-5 - inet/filter/OUTPUT -j logaccept-final-5 - inet6/filter/OUTPUT -j logaccept-final-5 - inet/filter/logaccept-final-5 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-5 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-5 -j ACCEPT - inet6/filter/logaccept-final-5 -j ACCEPT - -Filter 116 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-109 - inet6/filter/FORWARD -j limit-109 - inet/filter/INPUT -j limit-109 - inet6/filter/INPUT -j limit-109 - inet/filter/OUTPUT -j limit-109 - inet6/filter/OUTPUT -j limit-109 - inet/filter/limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 117 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-110 - inet6/filter/FORWARD -j limit-110 - inet/filter/INPUT -j limit-110 - inet6/filter/INPUT -j limit-110 - inet/filter/OUTPUT -j limit-110 - inet6/filter/OUTPUT -j limit-110 - inet/filter/limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-98 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-98 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-98 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-98 + inet/filter/limit-98 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-98 -j logaccept-0 + inet6/filter/limit-98 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-98 -j logaccept-0 + inet/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-0 -j ACCEPT + inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-98 -m limit --limit 1/second -j LOG + inet6/filter/limit-98 -m limit --limit 1/second -j LOG + inet/filter/limit-98 -j DROP + inet6/filter/limit-98 -j DROP + +Filter 106 {"conn-limit":30,"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-99 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-99 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-99 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-99 + inet/filter/limit-99 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-99 -j ACCEPT + inet6/filter/limit-99 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-99 -j ACCEPT + inet/filter/limit-99 -m limit --limit 1/second -j LOG + inet6/filter/limit-99 -m limit --limit 1/second -j LOG + inet/filter/limit-99 -j DROP + inet6/filter/limit-99 -j DROP + +Filter 107 {"conn-limit":{"count":30},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-100 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-100 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-100 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-100 + inet/filter/limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j ACCEPT + inet6/filter/limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j ACCEPT + inet/filter/limit-100 -m limit --limit 1/second -j LOG + inet6/filter/limit-100 -m limit --limit 1/second -j LOG + inet/filter/limit-100 -j DROP + inet6/filter/limit-100 -j DROP + +Filter 108 {"action":"pass","conn-limit":{"count":30},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-101 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-101 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-101 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-101 + inet/filter/limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN + inet6/filter/limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN + inet/filter/limit-101 -m limit --limit 1/second -j LOG + inet6/filter/limit-101 -m limit --limit 1/second -j LOG + inet/filter/limit-101 -j DROP + inet6/filter/limit-101 -j DROP + +Filter 109 {"conn-limit":{"count":30},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-102 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-102 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-102 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-102 + inet/filter/limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j logaccept-1 + inet6/filter/limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j logaccept-1 + inet/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-1 -j ACCEPT + inet6/filter/logaccept-1 -j ACCEPT + inet/filter/limit-102 -m limit --limit 1/second -j LOG + inet6/filter/limit-102 -m limit --limit 1/second -j LOG + inet/filter/limit-102 -j DROP + inet6/filter/limit-102 -j DROP + +Filter 110 {"conn-limit":{"count":30},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-103 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-103 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-103 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-103 + inet/filter/limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j ACCEPT + inet6/filter/limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j ACCEPT + inet/filter/limit-103 -m limit --limit 1/second -j LOG + inet6/filter/limit-103 -m limit --limit 1/second -j LOG + inet/filter/limit-103 -j DROP + inet6/filter/limit-103 -j DROP + +Filter 111 {"conn-limit":{"count":30,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-104 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-104 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-104 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-104 + inet/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT + inet6/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT + inet/filter/limit-104 -j DROP + inet6/filter/limit-104 -j DROP + +Filter 112 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-105 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-105 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-105 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-105 + inet/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN + inet6/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN + inet/filter/limit-105 -j DROP + inet6/filter/limit-105 -j DROP + +Filter 113 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-106 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-106 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-106 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-106 + inet/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-2 + inet6/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-2 + inet/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-2 -j ACCEPT + inet6/filter/logaccept-2 -j ACCEPT + inet/filter/limit-106 -j DROP + inet6/filter/limit-106 -j DROP + +Filter 114 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-107 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-107 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-107 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-107 + inet/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT + inet6/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT + inet/filter/limit-107 -j DROP + inet6/filter/limit-107 -j DROP + +Filter 115 {"conn-limit":{"count":30,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-108 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-108 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-108 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-108 + inet/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT + inet6/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT + inet/filter/limit-108 -j DROP + inet6/filter/limit-108 -j DROP + +Filter 116 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-109 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-109 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-109 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-109 + inet/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN + inet6/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN + inet/filter/limit-109 -j DROP + inet6/filter/limit-109 -j DROP + +Filter 117 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-110 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-110 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-110 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-110 + inet/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-3 + inet6/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-3 + inet/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-3 -j ACCEPT + inet6/filter/logaccept-3 -j ACCEPT + inet/filter/limit-110 -j DROP + inet6/filter/limit-110 -j DROP -Filter 118 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +Filter 118 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-111 - inet6/filter/FORWARD -j limit-111 - inet/filter/INPUT -j limit-111 - inet6/filter/INPUT -j limit-111 - inet/filter/OUTPUT -j limit-111 - inet6/filter/OUTPUT -j limit-111 - inet/filter/limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-111 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-111 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-111 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-111 + inet/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT + inet6/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT + inet/filter/limit-111 -j DROP + inet6/filter/limit-111 -j DROP -Filter 119 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false}} +Filter 119 {"flow-limit":1} (filter-limit) inet/filter/FORWARD -j limit-112 inet6/filter/FORWARD -j limit-112 @@ -1724,8 +1462,14 @@ Filter 119 {"flow-limit":{"count":1,"log":false,"name":" inet6/filter/INPUT -j limit-112 inet/filter/OUTPUT -j limit-112 inet6/filter/OUTPUT -j limit-112 - inet/filter/limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 + inet6/filter/limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 + inet/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet/filter/logdrop-37 -j DROP + inet6/filter/logdrop-37 -j DROP + inet/filter/limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1733,7 +1477,7 @@ Filter 119 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 120 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false}} +Filter 120 {"action":"pass","flow-limit":1} (filter-limit) inet/filter/FORWARD -j limit-113 inet6/filter/FORWARD -j limit-113 @@ -1741,10 +1485,16 @@ Filter 120 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-113 inet/filter/OUTPUT -j limit-113 inet6/filter/OUTPUT -j limit-113 - inet/filter/limit-113 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-113 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 + inet6/filter/limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 + inet/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet/filter/logdrop-38 -j DROP + inet6/filter/logdrop-38 -j DROP + inet/filter/limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 121 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} +Filter 121 {"flow-limit":1,"log":true} (filter-limit) inet/filter/FORWARD -j limit-114 inet6/filter/FORWARD -j limit-114 @@ -1752,20 +1502,26 @@ Filter 121 {"flow-limit":{"count":1,"log":false,"name":" inet6/filter/INPUT -j limit-114 inet/filter/OUTPUT -j limit-114 inet6/filter/OUTPUT -j limit-114 - inet/filter/limit-114 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-114 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/FORWARD -j logaccept-final-6 - inet6/filter/FORWARD -j logaccept-final-6 - inet/filter/INPUT -j logaccept-final-6 - inet6/filter/INPUT -j logaccept-final-6 - inet/filter/OUTPUT -j logaccept-final-6 - inet6/filter/OUTPUT -j logaccept-final-6 - inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-6 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-6 -j ACCEPT - inet6/filter/logaccept-final-6 -j ACCEPT + inet/filter/limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 + inet6/filter/limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 + inet/filter/logdrop-39 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-39 -m limit --limit 1/second -j LOG + inet/filter/logdrop-39 -j DROP + inet6/filter/logdrop-39 -j DROP + inet/filter/limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-0 + inet6/filter/FORWARD -j logaccept-final-0 + inet/filter/INPUT -j logaccept-final-0 + inet6/filter/INPUT -j logaccept-final-0 + inet/filter/OUTPUT -j logaccept-final-0 + inet6/filter/OUTPUT -j logaccept-final-0 + inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-0 -j ACCEPT + inet6/filter/logaccept-final-0 -j ACCEPT -Filter 122 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} +Filter 122 {"action":"pass","flow-limit":1,"log":true} (filter-limit) inet/filter/FORWARD -j limit-115 inet6/filter/FORWARD -j limit-115 @@ -1773,12 +1529,16 @@ Filter 122 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-115 inet/filter/OUTPUT -j limit-115 inet6/filter/OUTPUT -j limit-115 - inet/filter/limit-115 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-115 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-115 -m limit --limit 1/second -j LOG - inet6/filter/limit-115 -m limit --limit 1/second -j LOG + inet/filter/limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 + inet6/filter/limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 + inet/filter/logdrop-40 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-40 -m limit --limit 1/second -j LOG + inet/filter/logdrop-40 -j DROP + inet6/filter/logdrop-40 -j DROP + inet/filter/limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 123 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} +Filter 123 {"flow-limit":1,"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-116 inet6/filter/FORWARD -j limit-116 @@ -1786,8 +1546,14 @@ Filter 123 {"flow-limit":{"count":1,"log":false,"name":" inet6/filter/INPUT -j limit-116 inet/filter/OUTPUT -j limit-116 inet6/filter/OUTPUT -j limit-116 - inet/filter/limit-116 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-116 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 + inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 + inet/filter/logdrop-41 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-41 -m limit --limit 1/second -j LOG + inet/filter/logdrop-41 -j DROP + inet6/filter/logdrop-41 -j DROP + inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1795,7 +1561,7 @@ Filter 123 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 124 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} +Filter 124 {"action":"pass","flow-limit":1,"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-117 inet6/filter/FORWARD -j limit-117 @@ -1803,10 +1569,16 @@ Filter 124 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-117 inet/filter/OUTPUT -j limit-117 inet6/filter/OUTPUT -j limit-117 - inet/filter/limit-117 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-117 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 + inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 + inet/filter/logdrop-42 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-42 -m limit --limit 1/second -j LOG + inet/filter/logdrop-42 -j DROP + inet6/filter/logdrop-42 -j DROP + inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 125 {"flow-limit":{"count":1,"log":"none"}} +Filter 125 {"flow-limit":{"count":1}} (filter-limit) inet/filter/FORWARD -j limit-118 inet6/filter/FORWARD -j limit-118 @@ -1814,8 +1586,12 @@ Filter 125 {"flow-limit":{"count":1,"log":"none"}} inet6/filter/INPUT -j limit-118 inet/filter/OUTPUT -j limit-118 inet6/filter/OUTPUT -j limit-118 - inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 + inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 + inet/filter/logdrop-43 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-43 -m limit --limit 1/second -j LOG + inet/filter/logdrop-43 -j DROP + inet6/filter/logdrop-43 -j DROP inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT @@ -1825,7 +1601,7 @@ Filter 125 {"flow-limit":{"count":1,"log":"none"}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 126 {"action":"pass","flow-limit":{"count":1,"log":"none"}} +Filter 126 {"action":"pass","flow-limit":{"count":1}} (filter-limit) inet/filter/FORWARD -j limit-119 inet6/filter/FORWARD -j limit-119 @@ -1833,12 +1609,16 @@ Filter 126 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-119 inet/filter/OUTPUT -j limit-119 inet6/filter/OUTPUT -j limit-119 - inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 + inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 + inet/filter/logdrop-44 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG + inet/filter/logdrop-44 -j DROP + inet6/filter/logdrop-44 -j DROP inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 127 {"flow-limit":{"count":1,"log":"none"},"log":true} +Filter 127 {"flow-limit":{"count":1},"log":true} (filter-limit) inet/filter/FORWARD -j limit-120 inet6/filter/FORWARD -j limit-120 @@ -1846,22 +1626,26 @@ Filter 127 {"flow-limit":{"count":1,"log":"none"},"log": inet6/filter/INPUT -j limit-120 inet/filter/OUTPUT -j limit-120 inet6/filter/OUTPUT -j limit-120 - inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 + inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 + inet/filter/logdrop-45 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-45 -m limit --limit 1/second -j LOG + inet/filter/logdrop-45 -j DROP + inet6/filter/logdrop-45 -j DROP inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-7 - inet6/filter/FORWARD -j logaccept-final-7 - inet/filter/INPUT -j logaccept-final-7 - inet6/filter/INPUT -j logaccept-final-7 - inet/filter/OUTPUT -j logaccept-final-7 - inet6/filter/OUTPUT -j logaccept-final-7 - inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-7 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-7 -j ACCEPT - inet6/filter/logaccept-final-7 -j ACCEPT + inet/filter/FORWARD -j logaccept-final-1 + inet6/filter/FORWARD -j logaccept-final-1 + inet/filter/INPUT -j logaccept-final-1 + inet6/filter/INPUT -j logaccept-final-1 + inet/filter/OUTPUT -j logaccept-final-1 + inet6/filter/OUTPUT -j logaccept-final-1 + inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-1 -j ACCEPT + inet6/filter/logaccept-final-1 -j ACCEPT -Filter 128 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} +Filter 128 {"action":"pass","flow-limit":{"count":1},"log":true} (filter-limit) inet/filter/FORWARD -j limit-121 inet6/filter/FORWARD -j limit-121 @@ -1869,12 +1653,16 @@ Filter 128 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-121 inet/filter/OUTPUT -j limit-121 inet6/filter/OUTPUT -j limit-121 - inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 + inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 + inet/filter/logdrop-46 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-46 -m limit --limit 1/second -j LOG + inet/filter/logdrop-46 -j DROP + inet6/filter/logdrop-46 -j DROP inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 129 {"flow-limit":{"count":1,"log":"none"},"log":"none"} +Filter 129 {"flow-limit":{"count":1},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-122 inet6/filter/FORWARD -j limit-122 @@ -1882,8 +1670,12 @@ Filter 129 {"flow-limit":{"count":1,"log":"none"},"log": inet6/filter/INPUT -j limit-122 inet/filter/OUTPUT -j limit-122 inet6/filter/OUTPUT -j limit-122 - inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 + inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 + inet/filter/logdrop-47 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-47 -m limit --limit 1/second -j LOG + inet/filter/logdrop-47 -j DROP + inet6/filter/logdrop-47 -j DROP inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT @@ -1893,7 +1685,7 @@ Filter 129 {"flow-limit":{"count":1,"log":"none"},"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 130 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} +Filter 130 {"action":"pass","flow-limit":{"count":1},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-123 inet6/filter/FORWARD -j limit-123 @@ -1901,12 +1693,16 @@ Filter 130 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-123 inet/filter/OUTPUT -j limit-123 inet6/filter/OUTPUT -j limit-123 - inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 + inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 + inet/filter/logdrop-48 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-48 -m limit --limit 1/second -j LOG + inet/filter/logdrop-48 -j DROP + inet6/filter/logdrop-48 -j DROP inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 131 {"flow-limit":{"count":1,"log":"none","name":"foo"}} +Filter 131 {"flow-limit":{"count":1,"name":"foo"}} (filter-limit) inet/filter/FORWARD -j limit-124 inet6/filter/FORWARD -j limit-124 @@ -1914,8 +1710,12 @@ Filter 131 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-124 inet/filter/OUTPUT -j limit-124 inet6/filter/OUTPUT -j limit-124 - inet/filter/limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 + inet6/filter/limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 + inet/filter/logdrop-49 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-49 -m limit --limit 1/second -j LOG + inet/filter/logdrop-49 -j DROP + inet6/filter/logdrop-49 -j DROP inet/filter/limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT @@ -1925,7 +1725,7 @@ Filter 131 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 132 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"}} +Filter 132 {"action":"pass","flow-limit":{"count":1,"name":"foo"}} (filter-limit) inet/filter/FORWARD -j limit-125 inet6/filter/FORWARD -j limit-125 @@ -1933,12 +1733,16 @@ Filter 132 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-125 inet/filter/OUTPUT -j limit-125 inet6/filter/OUTPUT -j limit-125 - inet/filter/limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 + inet6/filter/limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 + inet/filter/logdrop-50 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-50 -m limit --limit 1/second -j LOG + inet/filter/logdrop-50 -j DROP + inet6/filter/logdrop-50 -j DROP inet/filter/limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 133 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +Filter 133 {"flow-limit":{"count":1,"name":"foo"},"log":true} (filter-limit) inet/filter/FORWARD -j limit-126 inet6/filter/FORWARD -j limit-126 @@ -1946,22 +1750,26 @@ Filter 133 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-126 inet/filter/OUTPUT -j limit-126 inet6/filter/OUTPUT -j limit-126 - inet/filter/limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 + inet6/filter/limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 + inet/filter/logdrop-51 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-51 -m limit --limit 1/second -j LOG + inet/filter/logdrop-51 -j DROP + inet6/filter/logdrop-51 -j DROP inet/filter/limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-8 - inet6/filter/FORWARD -j logaccept-final-8 - inet/filter/INPUT -j logaccept-final-8 - inet6/filter/INPUT -j logaccept-final-8 - inet/filter/OUTPUT -j logaccept-final-8 - inet6/filter/OUTPUT -j logaccept-final-8 - inet/filter/logaccept-final-8 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-8 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-8 -j ACCEPT - inet6/filter/logaccept-final-8 -j ACCEPT + inet/filter/FORWARD -j logaccept-final-2 + inet6/filter/FORWARD -j logaccept-final-2 + inet/filter/INPUT -j logaccept-final-2 + inet6/filter/INPUT -j logaccept-final-2 + inet/filter/OUTPUT -j logaccept-final-2 + inet6/filter/OUTPUT -j logaccept-final-2 + inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-2 -j ACCEPT + inet6/filter/logaccept-final-2 -j ACCEPT -Filter 134 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +Filter 134 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":true} (filter-limit) inet/filter/FORWARD -j limit-127 inet6/filter/FORWARD -j limit-127 @@ -1969,12 +1777,16 @@ Filter 134 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-127 inet/filter/OUTPUT -j limit-127 inet6/filter/OUTPUT -j limit-127 - inet/filter/limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 + inet6/filter/limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 + inet/filter/logdrop-52 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-52 -m limit --limit 1/second -j LOG + inet/filter/logdrop-52 -j DROP + inet6/filter/logdrop-52 -j DROP inet/filter/limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG inet6/filter/limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 135 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +Filter 135 {"flow-limit":{"count":1,"name":"foo"},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-128 inet6/filter/FORWARD -j limit-128 @@ -1982,8 +1794,12 @@ Filter 135 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-128 inet/filter/OUTPUT -j limit-128 inet6/filter/OUTPUT -j limit-128 - inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 + inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 + inet/filter/logdrop-53 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-53 -m limit --limit 1/second -j LOG + inet/filter/logdrop-53 -j DROP + inet6/filter/logdrop-53 -j DROP inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT @@ -1993,7 +1809,7 @@ Filter 135 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 136 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +Filter 136 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-129 inet6/filter/FORWARD -j limit-129 @@ -2001,12 +1817,16 @@ Filter 136 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-129 inet/filter/OUTPUT -j limit-129 inet6/filter/OUTPUT -j limit-129 - inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 + inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 + inet/filter/logdrop-54 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-54 -m limit --limit 1/second -j LOG + inet/filter/logdrop-54 -j DROP + inet6/filter/logdrop-54 -j DROP inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 137 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false}} +Filter 137 {"flow-limit":{"count":1,"name":"foo","update":false}} (filter-limit) inet/filter/FORWARD -j limit-130 inet6/filter/FORWARD -j limit-130 @@ -2014,8 +1834,12 @@ Filter 137 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-130 inet/filter/OUTPUT -j limit-130 inet6/filter/OUTPUT -j limit-130 - inet/filter/limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-55 + inet6/filter/limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-55 + inet/filter/logdrop-55 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-55 -m limit --limit 1/second -j LOG + inet/filter/logdrop-55 -j DROP + inet6/filter/logdrop-55 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2023,7 +1847,7 @@ Filter 137 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 138 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false}} +Filter 138 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false}} (filter-limit) inet/filter/FORWARD -j limit-131 inet6/filter/FORWARD -j limit-131 @@ -2031,10 +1855,14 @@ Filter 138 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-131 inet/filter/OUTPUT -j limit-131 inet6/filter/OUTPUT -j limit-131 - inet/filter/limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-56 + inet6/filter/limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-56 + inet/filter/logdrop-56 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG + inet/filter/logdrop-56 -j DROP + inet6/filter/logdrop-56 -j DROP -Filter 139 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} +Filter 139 {"flow-limit":{"count":1,"name":"foo","update":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-132 inet6/filter/FORWARD -j limit-132 @@ -2042,20 +1870,24 @@ Filter 139 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-132 inet/filter/OUTPUT -j limit-132 inet6/filter/OUTPUT -j limit-132 - inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/FORWARD -j logaccept-final-9 - inet6/filter/FORWARD -j logaccept-final-9 - inet/filter/INPUT -j logaccept-final-9 - inet6/filter/INPUT -j logaccept-final-9 - inet/filter/OUTPUT -j logaccept-final-9 - inet6/filter/OUTPUT -j logaccept-final-9 - inet/filter/logaccept-final-9 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-9 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-9 -j ACCEPT - inet6/filter/logaccept-final-9 -j ACCEPT + inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-57 + inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-57 + inet/filter/logdrop-57 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-57 -m limit --limit 1/second -j LOG + inet/filter/logdrop-57 -j DROP + inet6/filter/logdrop-57 -j DROP + inet/filter/FORWARD -j logaccept-final-3 + inet6/filter/FORWARD -j logaccept-final-3 + inet/filter/INPUT -j logaccept-final-3 + inet6/filter/INPUT -j logaccept-final-3 + inet/filter/OUTPUT -j logaccept-final-3 + inet6/filter/OUTPUT -j logaccept-final-3 + inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-3 -j ACCEPT + inet6/filter/logaccept-final-3 -j ACCEPT -Filter 140 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} +Filter 140 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-133 inet6/filter/FORWARD -j limit-133 @@ -2063,12 +1895,16 @@ Filter 140 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-133 inet/filter/OUTPUT -j limit-133 inet6/filter/OUTPUT -j limit-133 - inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-58 + inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-58 + inet/filter/logdrop-58 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-58 -m limit --limit 1/second -j LOG + inet/filter/logdrop-58 -j DROP + inet6/filter/logdrop-58 -j DROP inet/filter/limit-133 -m limit --limit 1/second -j LOG inet6/filter/limit-133 -m limit --limit 1/second -j LOG -Filter 141 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} +Filter 141 {"flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-134 inet6/filter/FORWARD -j limit-134 @@ -2076,8 +1912,12 @@ Filter 141 {"flow-limit":{"count":1,"log":"none","name": inet6/filter/INPUT -j limit-134 inet/filter/OUTPUT -j limit-134 inet6/filter/OUTPUT -j limit-134 - inet/filter/limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-59 + inet6/filter/limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-59 + inet/filter/logdrop-59 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-59 -m limit --limit 1/second -j LOG + inet/filter/logdrop-59 -j DROP + inet6/filter/logdrop-59 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2085,7 +1925,7 @@ Filter 141 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 142 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} +Filter 142 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-135 inet6/filter/FORWARD -j limit-135 @@ -2093,10 +1933,14 @@ Filter 142 {"action":"pass","flow-limit":{"count":1,"log inet6/filter/INPUT -j limit-135 inet/filter/OUTPUT -j limit-135 inet6/filter/OUTPUT -j limit-135 - inet/filter/limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-60 + inet6/filter/limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-60 + inet/filter/logdrop-60 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-60 -m limit --limit 1/second -j LOG + inet/filter/logdrop-60 -j DROP + inet6/filter/logdrop-60 -j DROP -Filter 143 {"flow-limit":30} +Filter 143 {"flow-limit":{"addr":"dest","count":1,"name":"foo"}} (filter-limit) inet/filter/FORWARD -j limit-136 inet6/filter/FORWARD -j limit-136 @@ -2104,12 +1948,14 @@ Filter 143 {"flow-limit":30} inet6/filter/INPUT -j limit-136 inet/filter/OUTPUT -j limit-136 inet6/filter/OUTPUT -j limit-136 - inet/filter/limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-136 -j RETURN - inet6/filter/limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-136 -j RETURN - inet/filter/limit-136 -m limit --limit 1/second -j LOG - inet6/filter/limit-136 -m limit --limit 1/second -j LOG - inet/filter/limit-136 -j DROP - inet6/filter/limit-136 -j DROP + inet/filter/limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 + inet6/filter/limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 + inet/filter/logdrop-61 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-61 -m limit --limit 1/second -j LOG + inet/filter/logdrop-61 -j DROP + inet6/filter/logdrop-61 -j DROP + inet/filter/limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2117,7 +1963,7 @@ Filter 143 {"flow-limit":30} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 144 {"action":"pass","flow-limit":30} +Filter 144 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"}} (filter-limit) inet/filter/FORWARD -j limit-137 inet6/filter/FORWARD -j limit-137 @@ -2125,14 +1971,16 @@ Filter 144 {"action":"pass","flow-limit":30} inet6/filter/INPUT -j limit-137 inet/filter/OUTPUT -j limit-137 inet6/filter/OUTPUT -j limit-137 - inet/filter/limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-137 -j RETURN - inet6/filter/limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-137 -j RETURN - inet/filter/limit-137 -m limit --limit 1/second -j LOG - inet6/filter/limit-137 -m limit --limit 1/second -j LOG - inet/filter/limit-137 -j DROP - inet6/filter/limit-137 -j DROP + inet/filter/limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 + inet6/filter/limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 + inet/filter/logdrop-62 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-62 -m limit --limit 1/second -j LOG + inet/filter/logdrop-62 -j DROP + inet6/filter/logdrop-62 -j DROP + inet/filter/limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 145 {"flow-limit":30,"log":true} +Filter 145 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":true} (filter-limit) inet/filter/FORWARD -j limit-138 inet6/filter/FORWARD -j limit-138 @@ -2140,24 +1988,26 @@ Filter 145 {"flow-limit":30,"log":true} inet6/filter/INPUT -j limit-138 inet/filter/OUTPUT -j limit-138 inet6/filter/OUTPUT -j limit-138 - inet/filter/limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-138 -j RETURN - inet6/filter/limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-138 -j RETURN - inet/filter/limit-138 -m limit --limit 1/second -j LOG - inet6/filter/limit-138 -m limit --limit 1/second -j LOG - inet/filter/limit-138 -j DROP - inet6/filter/limit-138 -j DROP - inet/filter/FORWARD -j logaccept-final-10 - inet6/filter/FORWARD -j logaccept-final-10 - inet/filter/INPUT -j logaccept-final-10 - inet6/filter/INPUT -j logaccept-final-10 - inet/filter/OUTPUT -j logaccept-final-10 - inet6/filter/OUTPUT -j logaccept-final-10 - inet/filter/logaccept-final-10 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-10 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-10 -j ACCEPT - inet6/filter/logaccept-final-10 -j ACCEPT + inet/filter/limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 + inet6/filter/limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 + inet/filter/logdrop-63 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-63 -m limit --limit 1/second -j LOG + inet/filter/logdrop-63 -j DROP + inet6/filter/logdrop-63 -j DROP + inet/filter/limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-4 + inet6/filter/FORWARD -j logaccept-final-4 + inet/filter/INPUT -j logaccept-final-4 + inet6/filter/INPUT -j logaccept-final-4 + inet/filter/OUTPUT -j logaccept-final-4 + inet6/filter/OUTPUT -j logaccept-final-4 + inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-4 -j ACCEPT + inet6/filter/logaccept-final-4 -j ACCEPT -Filter 146 {"flow-limit":30,"log":"none"} +Filter 146 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":true} (filter-limit) inet/filter/FORWARD -j limit-139 inet6/filter/FORWARD -j limit-139 @@ -2165,20 +2015,16 @@ Filter 146 {"flow-limit":30,"log":"none"} inet6/filter/INPUT -j limit-139 inet/filter/OUTPUT -j limit-139 inet6/filter/OUTPUT -j limit-139 - inet/filter/limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-139 -j RETURN - inet6/filter/limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-139 -j RETURN - inet/filter/limit-139 -m limit --limit 1/second -j LOG - inet6/filter/limit-139 -m limit --limit 1/second -j LOG - inet/filter/limit-139 -j DROP - inet6/filter/limit-139 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 + inet6/filter/limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 + inet/filter/logdrop-64 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-64 -m limit --limit 1/second -j LOG + inet/filter/logdrop-64 -j DROP + inet6/filter/logdrop-64 -j DROP + inet/filter/limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 147 {"flow-limit":{"count":30}} +Filter 147 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-140 inet6/filter/FORWARD -j limit-140 @@ -2186,12 +2032,14 @@ Filter 147 {"flow-limit":{"count":30}} inet6/filter/INPUT -j limit-140 inet/filter/OUTPUT -j limit-140 inet6/filter/OUTPUT -j limit-140 - inet/filter/limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-140 -j RETURN - inet6/filter/limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-140 -j RETURN - inet/filter/limit-140 -m limit --limit 1/second -j LOG - inet6/filter/limit-140 -m limit --limit 1/second -j LOG - inet/filter/limit-140 -j DROP - inet6/filter/limit-140 -j DROP + inet/filter/limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 + inet6/filter/limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 + inet/filter/logdrop-65 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-65 -m limit --limit 1/second -j LOG + inet/filter/logdrop-65 -j DROP + inet6/filter/logdrop-65 -j DROP + inet/filter/limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2199,7 +2047,7 @@ Filter 147 {"flow-limit":{"count":30}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 148 {"action":"pass","flow-limit":{"count":30}} +Filter 148 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-141 inet6/filter/FORWARD -j limit-141 @@ -2207,14 +2055,16 @@ Filter 148 {"action":"pass","flow-limit":{"count":30}} inet6/filter/INPUT -j limit-141 inet/filter/OUTPUT -j limit-141 inet6/filter/OUTPUT -j limit-141 - inet/filter/limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-141 -j RETURN - inet6/filter/limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-141 -j RETURN - inet/filter/limit-141 -m limit --limit 1/second -j LOG - inet6/filter/limit-141 -m limit --limit 1/second -j LOG - inet/filter/limit-141 -j DROP - inet6/filter/limit-141 -j DROP + inet/filter/limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 + inet6/filter/limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 + inet/filter/logdrop-66 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-66 -m limit --limit 1/second -j LOG + inet/filter/logdrop-66 -j DROP + inet6/filter/logdrop-66 -j DROP + inet/filter/limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 149 {"flow-limit":{"count":30},"log":true} +Filter 149 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false}} (filter-limit) inet/filter/FORWARD -j limit-142 inet6/filter/FORWARD -j limit-142 @@ -2222,24 +2072,20 @@ Filter 149 {"flow-limit":{"count":30},"log":true} inet6/filter/INPUT -j limit-142 inet/filter/OUTPUT -j limit-142 inet6/filter/OUTPUT -j limit-142 - inet/filter/limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-142 -j RETURN - inet6/filter/limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-142 -j RETURN - inet/filter/limit-142 -m limit --limit 1/second -j LOG - inet6/filter/limit-142 -m limit --limit 1/second -j LOG - inet/filter/limit-142 -j DROP - inet6/filter/limit-142 -j DROP - inet/filter/FORWARD -j logaccept-final-11 - inet6/filter/FORWARD -j logaccept-final-11 - inet/filter/INPUT -j logaccept-final-11 - inet6/filter/INPUT -j logaccept-final-11 - inet/filter/OUTPUT -j logaccept-final-11 - inet6/filter/OUTPUT -j logaccept-final-11 - inet/filter/logaccept-final-11 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-11 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-11 -j ACCEPT - inet6/filter/logaccept-final-11 -j ACCEPT + inet/filter/limit-142 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 + inet6/filter/limit-142 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 + inet/filter/logdrop-67 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-67 -m limit --limit 1/second -j LOG + inet/filter/logdrop-67 -j DROP + inet6/filter/logdrop-67 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT -Filter 150 {"flow-limit":{"count":30},"log":"none"} +Filter 150 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false}} (filter-limit) inet/filter/FORWARD -j limit-143 inet6/filter/FORWARD -j limit-143 @@ -2247,20 +2093,14 @@ Filter 150 {"flow-limit":{"count":30},"log":"none"} inet6/filter/INPUT -j limit-143 inet/filter/OUTPUT -j limit-143 inet6/filter/OUTPUT -j limit-143 - inet/filter/limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-143 -j RETURN - inet6/filter/limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-143 -j RETURN - inet/filter/limit-143 -m limit --limit 1/second -j LOG - inet6/filter/limit-143 -m limit --limit 1/second -j LOG - inet/filter/limit-143 -j DROP - inet6/filter/limit-143 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-143 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 + inet6/filter/limit-143 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 + inet/filter/logdrop-68 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-68 -m limit --limit 1/second -j LOG + inet/filter/logdrop-68 -j DROP + inet6/filter/logdrop-68 -j DROP -Filter 151 {"flow-limit":{"count":30,"log":false}} +Filter 151 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-144 inet6/filter/FORWARD -j limit-144 @@ -2268,18 +2108,24 @@ Filter 151 {"flow-limit":{"count":30,"log":false}} inet6/filter/INPUT -j limit-144 inet/filter/OUTPUT -j limit-144 inet6/filter/OUTPUT -j limit-144 - inet/filter/limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-144 -j RETURN - inet6/filter/limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-144 -j RETURN - inet/filter/limit-144 -j DROP - inet6/filter/limit-144 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 + inet6/filter/limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 + inet/filter/logdrop-69 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-69 -m limit --limit 1/second -j LOG + inet/filter/logdrop-69 -j DROP + inet6/filter/logdrop-69 -j DROP + inet/filter/FORWARD -j logaccept-final-5 + inet6/filter/FORWARD -j logaccept-final-5 + inet/filter/INPUT -j logaccept-final-5 + inet6/filter/INPUT -j logaccept-final-5 + inet/filter/OUTPUT -j logaccept-final-5 + inet6/filter/OUTPUT -j logaccept-final-5 + inet/filter/logaccept-final-5 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-5 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-5 -j ACCEPT + inet6/filter/logaccept-final-5 -j ACCEPT -Filter 152 {"action":"pass","flow-limit":{"count":30,"log":false}} +Filter 152 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-145 inet6/filter/FORWARD -j limit-145 @@ -2287,12 +2133,16 @@ Filter 152 {"action":"pass","flow-limit":{"count":30,"lo inet6/filter/INPUT -j limit-145 inet/filter/OUTPUT -j limit-145 inet6/filter/OUTPUT -j limit-145 - inet/filter/limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-145 -j RETURN - inet6/filter/limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-145 -j RETURN - inet/filter/limit-145 -j DROP - inet6/filter/limit-145 -j DROP + inet/filter/limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 + inet6/filter/limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 + inet/filter/logdrop-70 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-70 -m limit --limit 1/second -j LOG + inet/filter/logdrop-70 -j DROP + inet6/filter/logdrop-70 -j DROP + inet/filter/limit-145 -m limit --limit 1/second -j LOG + inet6/filter/limit-145 -m limit --limit 1/second -j LOG -Filter 153 {"flow-limit":{"count":30,"log":false},"log":true} +Filter 153 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-146 inet6/filter/FORWARD -j limit-146 @@ -2300,22 +2150,20 @@ Filter 153 {"flow-limit":{"count":30,"log":false},"log": inet6/filter/INPUT -j limit-146 inet/filter/OUTPUT -j limit-146 inet6/filter/OUTPUT -j limit-146 - inet/filter/limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-146 -j RETURN - inet6/filter/limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-146 -j RETURN - inet/filter/limit-146 -j DROP - inet6/filter/limit-146 -j DROP - inet/filter/FORWARD -j logaccept-final-12 - inet6/filter/FORWARD -j logaccept-final-12 - inet/filter/INPUT -j logaccept-final-12 - inet6/filter/INPUT -j logaccept-final-12 - inet/filter/OUTPUT -j logaccept-final-12 - inet6/filter/OUTPUT -j logaccept-final-12 - inet/filter/logaccept-final-12 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-12 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-12 -j ACCEPT - inet6/filter/logaccept-final-12 -j ACCEPT + inet/filter/limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 + inet6/filter/limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 + inet/filter/logdrop-71 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-71 -m limit --limit 1/second -j LOG + inet/filter/logdrop-71 -j DROP + inet6/filter/logdrop-71 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT -Filter 154 {"flow-limit":{"count":30,"log":false},"log":"none"} +Filter 154 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-147 inet6/filter/FORWARD -j limit-147 @@ -2323,18 +2171,14 @@ Filter 154 {"flow-limit":{"count":30,"log":false},"log": inet6/filter/INPUT -j limit-147 inet/filter/OUTPUT -j limit-147 inet6/filter/OUTPUT -j limit-147 - inet/filter/limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-147 -j RETURN - inet6/filter/limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-147 -j RETURN - inet/filter/limit-147 -j DROP - inet6/filter/limit-147 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 + inet6/filter/limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 + inet/filter/logdrop-72 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-72 -m limit --limit 1/second -j LOG + inet/filter/logdrop-72 -j DROP + inet6/filter/logdrop-72 -j DROP -Filter 155 {"flow-limit":{"count":30,"log":"none"}} +Filter 155 {"flow-limit":{"count":1,"log":false}} (filter-limit) inet/filter/FORWARD -j limit-148 inet6/filter/FORWARD -j limit-148 @@ -2342,10 +2186,10 @@ Filter 155 {"flow-limit":{"count":30,"log":"none"}} inet6/filter/INPUT -j limit-148 inet/filter/OUTPUT -j limit-148 inet6/filter/OUTPUT -j limit-148 - inet/filter/limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-148 -j RETURN - inet6/filter/limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-148 -j RETURN - inet/filter/limit-148 -j DROP - inet6/filter/limit-148 -j DROP + inet/filter/limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2353,7 +2197,7 @@ Filter 155 {"flow-limit":{"count":30,"log":"none"}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 156 {"action":"pass","flow-limit":{"count":30,"log":"none"}} +Filter 156 {"action":"pass","flow-limit":{"count":1,"log":false}} (filter-limit) inet/filter/FORWARD -j limit-149 inet6/filter/FORWARD -j limit-149 @@ -2361,12 +2205,12 @@ Filter 156 {"action":"pass","flow-limit":{"count":30,"lo inet6/filter/INPUT -j limit-149 inet/filter/OUTPUT -j limit-149 inet6/filter/OUTPUT -j limit-149 - inet/filter/limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-149 -j RETURN - inet6/filter/limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-149 -j RETURN - inet/filter/limit-149 -j DROP - inet6/filter/limit-149 -j DROP + inet/filter/limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 157 {"flow-limit":{"count":30,"log":"none"},"log":true} +Filter 157 {"flow-limit":{"count":1,"log":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-150 inet6/filter/FORWARD -j limit-150 @@ -2374,10 +2218,684 @@ Filter 157 {"flow-limit":{"count":30,"log":"none"},"log" inet6/filter/INPUT -j limit-150 inet/filter/OUTPUT -j limit-150 inet6/filter/OUTPUT -j limit-150 - inet/filter/limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-150 -j RETURN - inet6/filter/limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-150 -j RETURN - inet/filter/limit-150 -j DROP - inet6/filter/limit-150 -j DROP + inet/filter/limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-6 + inet6/filter/FORWARD -j logaccept-final-6 + inet/filter/INPUT -j logaccept-final-6 + inet6/filter/INPUT -j logaccept-final-6 + inet/filter/OUTPUT -j logaccept-final-6 + inet6/filter/OUTPUT -j logaccept-final-6 + inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-6 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-6 -j ACCEPT + inet6/filter/logaccept-final-6 -j ACCEPT + +Filter 158 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-151 + inet6/filter/FORWARD -j limit-151 + inet/filter/INPUT -j limit-151 + inet6/filter/INPUT -j limit-151 + inet/filter/OUTPUT -j limit-151 + inet6/filter/OUTPUT -j limit-151 + inet/filter/limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 159 {"flow-limit":{"count":1,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-152 + inet6/filter/FORWARD -j limit-152 + inet/filter/INPUT -j limit-152 + inet6/filter/INPUT -j limit-152 + inet/filter/OUTPUT -j limit-152 + inet6/filter/OUTPUT -j limit-152 + inet/filter/limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 160 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-153 + inet6/filter/FORWARD -j limit-153 + inet/filter/INPUT -j limit-153 + inet6/filter/INPUT -j limit-153 + inet/filter/OUTPUT -j limit-153 + inet6/filter/OUTPUT -j limit-153 + inet/filter/limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 161 {"flow-limit":{"count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-154 + inet6/filter/FORWARD -j limit-154 + inet/filter/INPUT -j limit-154 + inet6/filter/INPUT -j limit-154 + inet/filter/OUTPUT -j limit-154 + inet6/filter/OUTPUT -j limit-154 + inet/filter/limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 162 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-155 + inet6/filter/FORWARD -j limit-155 + inet/filter/INPUT -j limit-155 + inet6/filter/INPUT -j limit-155 + inet/filter/OUTPUT -j limit-155 + inet6/filter/OUTPUT -j limit-155 + inet/filter/limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 163 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-156 + inet6/filter/FORWARD -j limit-156 + inet/filter/INPUT -j limit-156 + inet6/filter/INPUT -j limit-156 + inet/filter/OUTPUT -j limit-156 + inet6/filter/OUTPUT -j limit-156 + inet/filter/limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-7 + inet6/filter/FORWARD -j logaccept-final-7 + inet/filter/INPUT -j logaccept-final-7 + inet6/filter/INPUT -j logaccept-final-7 + inet/filter/OUTPUT -j logaccept-final-7 + inet6/filter/OUTPUT -j logaccept-final-7 + inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-7 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-7 -j ACCEPT + inet6/filter/logaccept-final-7 -j ACCEPT + +Filter 164 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-157 + inet6/filter/FORWARD -j limit-157 + inet/filter/INPUT -j limit-157 + inet6/filter/INPUT -j limit-157 + inet/filter/OUTPUT -j limit-157 + inet6/filter/OUTPUT -j limit-157 + inet/filter/limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 165 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-158 + inet6/filter/FORWARD -j limit-158 + inet/filter/INPUT -j limit-158 + inet6/filter/INPUT -j limit-158 + inet/filter/OUTPUT -j limit-158 + inet6/filter/OUTPUT -j limit-158 + inet/filter/limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 166 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-159 + inet6/filter/FORWARD -j limit-159 + inet/filter/INPUT -j limit-159 + inet6/filter/INPUT -j limit-159 + inet/filter/OUTPUT -j limit-159 + inet6/filter/OUTPUT -j limit-159 + inet/filter/limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 167 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-160 + inet6/filter/FORWARD -j limit-160 + inet/filter/INPUT -j limit-160 + inet6/filter/INPUT -j limit-160 + inet/filter/OUTPUT -j limit-160 + inet6/filter/OUTPUT -j limit-160 + inet/filter/limit-160 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-160 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 168 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-161 + inet6/filter/FORWARD -j limit-161 + inet/filter/INPUT -j limit-161 + inet6/filter/INPUT -j limit-161 + inet/filter/OUTPUT -j limit-161 + inet6/filter/OUTPUT -j limit-161 + inet/filter/limit-161 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-161 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 169 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-162 + inet6/filter/FORWARD -j limit-162 + inet/filter/INPUT -j limit-162 + inet6/filter/INPUT -j limit-162 + inet/filter/OUTPUT -j limit-162 + inet6/filter/OUTPUT -j limit-162 + inet/filter/limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j logaccept-final-8 + inet6/filter/FORWARD -j logaccept-final-8 + inet/filter/INPUT -j logaccept-final-8 + inet6/filter/INPUT -j logaccept-final-8 + inet/filter/OUTPUT -j logaccept-final-8 + inet6/filter/OUTPUT -j logaccept-final-8 + inet/filter/logaccept-final-8 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-8 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-8 -j ACCEPT + inet6/filter/logaccept-final-8 -j ACCEPT + +Filter 170 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-163 + inet6/filter/FORWARD -j limit-163 + inet/filter/INPUT -j limit-163 + inet6/filter/INPUT -j limit-163 + inet/filter/OUTPUT -j limit-163 + inet6/filter/OUTPUT -j limit-163 + inet/filter/limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-163 -m limit --limit 1/second -j LOG + inet6/filter/limit-163 -m limit --limit 1/second -j LOG + +Filter 171 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-164 + inet6/filter/FORWARD -j limit-164 + inet/filter/INPUT -j limit-164 + inet6/filter/INPUT -j limit-164 + inet/filter/OUTPUT -j limit-164 + inet6/filter/OUTPUT -j limit-164 + inet/filter/limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 172 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-165 + inet6/filter/FORWARD -j limit-165 + inet/filter/INPUT -j limit-165 + inet6/filter/INPUT -j limit-165 + inet/filter/OUTPUT -j limit-165 + inet6/filter/OUTPUT -j limit-165 + inet/filter/limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 173 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-166 + inet6/filter/FORWARD -j limit-166 + inet/filter/INPUT -j limit-166 + inet6/filter/INPUT -j limit-166 + inet/filter/OUTPUT -j limit-166 + inet6/filter/OUTPUT -j limit-166 + inet/filter/limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 174 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-167 + inet6/filter/FORWARD -j limit-167 + inet/filter/INPUT -j limit-167 + inet6/filter/INPUT -j limit-167 + inet/filter/OUTPUT -j limit-167 + inet6/filter/OUTPUT -j limit-167 + inet/filter/limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 175 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-168 + inet6/filter/FORWARD -j limit-168 + inet/filter/INPUT -j limit-168 + inet6/filter/INPUT -j limit-168 + inet/filter/OUTPUT -j limit-168 + inet6/filter/OUTPUT -j limit-168 + inet/filter/limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-9 + inet6/filter/FORWARD -j logaccept-final-9 + inet/filter/INPUT -j logaccept-final-9 + inet6/filter/INPUT -j logaccept-final-9 + inet/filter/OUTPUT -j logaccept-final-9 + inet6/filter/OUTPUT -j logaccept-final-9 + inet/filter/logaccept-final-9 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-9 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-9 -j ACCEPT + inet6/filter/logaccept-final-9 -j ACCEPT + +Filter 176 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-169 + inet6/filter/FORWARD -j limit-169 + inet/filter/INPUT -j limit-169 + inet6/filter/INPUT -j limit-169 + inet/filter/OUTPUT -j limit-169 + inet6/filter/OUTPUT -j limit-169 + inet/filter/limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 177 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-170 + inet6/filter/FORWARD -j limit-170 + inet/filter/INPUT -j limit-170 + inet6/filter/INPUT -j limit-170 + inet/filter/OUTPUT -j limit-170 + inet6/filter/OUTPUT -j limit-170 + inet/filter/limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 178 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-171 + inet6/filter/FORWARD -j limit-171 + inet/filter/INPUT -j limit-171 + inet6/filter/INPUT -j limit-171 + inet/filter/OUTPUT -j limit-171 + inet6/filter/OUTPUT -j limit-171 + inet/filter/limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 179 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-172 + inet6/filter/FORWARD -j limit-172 + inet/filter/INPUT -j limit-172 + inet6/filter/INPUT -j limit-172 + inet/filter/OUTPUT -j limit-172 + inet6/filter/OUTPUT -j limit-172 + inet/filter/limit-172 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-172 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 180 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-173 + inet6/filter/FORWARD -j limit-173 + inet/filter/INPUT -j limit-173 + inet6/filter/INPUT -j limit-173 + inet/filter/OUTPUT -j limit-173 + inet6/filter/OUTPUT -j limit-173 + inet/filter/limit-173 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-173 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 181 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-174 + inet6/filter/FORWARD -j limit-174 + inet/filter/INPUT -j limit-174 + inet6/filter/INPUT -j limit-174 + inet/filter/OUTPUT -j limit-174 + inet6/filter/OUTPUT -j limit-174 + inet/filter/limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j logaccept-final-10 + inet6/filter/FORWARD -j logaccept-final-10 + inet/filter/INPUT -j logaccept-final-10 + inet6/filter/INPUT -j logaccept-final-10 + inet/filter/OUTPUT -j logaccept-final-10 + inet6/filter/OUTPUT -j logaccept-final-10 + inet/filter/logaccept-final-10 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-10 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-10 -j ACCEPT + inet6/filter/logaccept-final-10 -j ACCEPT + +Filter 182 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-175 + inet6/filter/FORWARD -j limit-175 + inet/filter/INPUT -j limit-175 + inet6/filter/INPUT -j limit-175 + inet/filter/OUTPUT -j limit-175 + inet6/filter/OUTPUT -j limit-175 + inet/filter/limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-175 -m limit --limit 1/second -j LOG + inet6/filter/limit-175 -m limit --limit 1/second -j LOG + +Filter 183 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-176 + inet6/filter/FORWARD -j limit-176 + inet/filter/INPUT -j limit-176 + inet6/filter/INPUT -j limit-176 + inet/filter/OUTPUT -j limit-176 + inet6/filter/OUTPUT -j limit-176 + inet/filter/limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 184 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-177 + inet6/filter/FORWARD -j limit-177 + inet/filter/INPUT -j limit-177 + inet6/filter/INPUT -j limit-177 + inet/filter/OUTPUT -j limit-177 + inet6/filter/OUTPUT -j limit-177 + inet/filter/limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 185 {"flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-178 + inet6/filter/FORWARD -j limit-178 + inet/filter/INPUT -j limit-178 + inet6/filter/INPUT -j limit-178 + inet/filter/OUTPUT -j limit-178 + inet6/filter/OUTPUT -j limit-178 + inet/filter/limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 186 {"action":"pass","flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-179 + inet6/filter/FORWARD -j limit-179 + inet/filter/INPUT -j limit-179 + inet6/filter/INPUT -j limit-179 + inet/filter/OUTPUT -j limit-179 + inet6/filter/OUTPUT -j limit-179 + inet/filter/limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 187 {"flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-180 + inet6/filter/FORWARD -j limit-180 + inet/filter/INPUT -j limit-180 + inet6/filter/INPUT -j limit-180 + inet/filter/OUTPUT -j limit-180 + inet6/filter/OUTPUT -j limit-180 + inet/filter/limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-11 + inet6/filter/FORWARD -j logaccept-final-11 + inet/filter/INPUT -j logaccept-final-11 + inet6/filter/INPUT -j logaccept-final-11 + inet/filter/OUTPUT -j logaccept-final-11 + inet6/filter/OUTPUT -j logaccept-final-11 + inet/filter/logaccept-final-11 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-11 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-11 -j ACCEPT + inet6/filter/logaccept-final-11 -j ACCEPT + +Filter 188 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-181 + inet6/filter/FORWARD -j limit-181 + inet/filter/INPUT -j limit-181 + inet6/filter/INPUT -j limit-181 + inet/filter/OUTPUT -j limit-181 + inet6/filter/OUTPUT -j limit-181 + inet/filter/limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 189 {"flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-182 + inet6/filter/FORWARD -j limit-182 + inet/filter/INPUT -j limit-182 + inet6/filter/INPUT -j limit-182 + inet/filter/OUTPUT -j limit-182 + inet6/filter/OUTPUT -j limit-182 + inet/filter/limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 190 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-183 + inet6/filter/FORWARD -j limit-183 + inet/filter/INPUT -j limit-183 + inet6/filter/INPUT -j limit-183 + inet/filter/OUTPUT -j limit-183 + inet6/filter/OUTPUT -j limit-183 + inet/filter/limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 191 {"flow-limit":{"count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-184 + inet6/filter/FORWARD -j limit-184 + inet/filter/INPUT -j limit-184 + inet6/filter/INPUT -j limit-184 + inet/filter/OUTPUT -j limit-184 + inet6/filter/OUTPUT -j limit-184 + inet/filter/limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 192 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-185 + inet6/filter/FORWARD -j limit-185 + inet/filter/INPUT -j limit-185 + inet6/filter/INPUT -j limit-185 + inet/filter/OUTPUT -j limit-185 + inet6/filter/OUTPUT -j limit-185 + inet/filter/limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 193 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-186 + inet6/filter/FORWARD -j limit-186 + inet/filter/INPUT -j limit-186 + inet6/filter/INPUT -j limit-186 + inet/filter/OUTPUT -j limit-186 + inet6/filter/OUTPUT -j limit-186 + inet/filter/limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-12 + inet6/filter/FORWARD -j logaccept-final-12 + inet/filter/INPUT -j logaccept-final-12 + inet6/filter/INPUT -j logaccept-final-12 + inet/filter/OUTPUT -j logaccept-final-12 + inet6/filter/OUTPUT -j logaccept-final-12 + inet/filter/logaccept-final-12 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-12 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-12 -j ACCEPT + inet6/filter/logaccept-final-12 -j ACCEPT + +Filter 194 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-187 + inet6/filter/FORWARD -j limit-187 + inet/filter/INPUT -j limit-187 + inet6/filter/INPUT -j limit-187 + inet/filter/OUTPUT -j limit-187 + inet6/filter/OUTPUT -j limit-187 + inet/filter/limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 195 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-188 + inet6/filter/FORWARD -j limit-188 + inet/filter/INPUT -j limit-188 + inet6/filter/INPUT -j limit-188 + inet/filter/OUTPUT -j limit-188 + inet6/filter/OUTPUT -j limit-188 + inet/filter/limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 196 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-189 + inet6/filter/FORWARD -j limit-189 + inet/filter/INPUT -j limit-189 + inet6/filter/INPUT -j limit-189 + inet/filter/OUTPUT -j limit-189 + inet6/filter/OUTPUT -j limit-189 + inet/filter/limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 197 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-190 + inet6/filter/FORWARD -j limit-190 + inet/filter/INPUT -j limit-190 + inet6/filter/INPUT -j limit-190 + inet/filter/OUTPUT -j limit-190 + inet6/filter/OUTPUT -j limit-190 + inet/filter/limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 198 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-191 + inet6/filter/FORWARD -j limit-191 + inet/filter/INPUT -j limit-191 + inet6/filter/INPUT -j limit-191 + inet/filter/OUTPUT -j limit-191 + inet6/filter/OUTPUT -j limit-191 + inet/filter/limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 199 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-192 + inet6/filter/FORWARD -j limit-192 + inet/filter/INPUT -j limit-192 + inet6/filter/INPUT -j limit-192 + inet/filter/OUTPUT -j limit-192 + inet6/filter/OUTPUT -j limit-192 + inet/filter/limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/filter/FORWARD -j logaccept-final-13 inet6/filter/FORWARD -j logaccept-final-13 inet/filter/INPUT -j logaccept-final-13 @@ -2389,18 +2907,312 @@ Filter 157 {"flow-limit":{"count":30,"log":"none"},"log" inet/filter/logaccept-final-13 -j ACCEPT inet6/filter/logaccept-final-13 -j ACCEPT -Filter 158 {"flow-limit":{"count":30,"log":"none"},"log":"none"} +Filter 200 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-193 + inet6/filter/FORWARD -j limit-193 + inet/filter/INPUT -j limit-193 + inet6/filter/INPUT -j limit-193 + inet/filter/OUTPUT -j limit-193 + inet6/filter/OUTPUT -j limit-193 + inet/filter/limit-193 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-193 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-193 -m limit --limit 1/second -j LOG + inet6/filter/limit-193 -m limit --limit 1/second -j LOG + +Filter 201 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-194 + inet6/filter/FORWARD -j limit-194 + inet/filter/INPUT -j limit-194 + inet6/filter/INPUT -j limit-194 + inet/filter/OUTPUT -j limit-194 + inet6/filter/OUTPUT -j limit-194 + inet/filter/limit-194 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-194 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 202 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-195 + inet6/filter/FORWARD -j limit-195 + inet/filter/INPUT -j limit-195 + inet6/filter/INPUT -j limit-195 + inet/filter/OUTPUT -j limit-195 + inet6/filter/OUTPUT -j limit-195 + inet/filter/limit-195 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-195 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 203 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-196 + inet6/filter/FORWARD -j limit-196 + inet/filter/INPUT -j limit-196 + inet6/filter/INPUT -j limit-196 + inet/filter/OUTPUT -j limit-196 + inet6/filter/OUTPUT -j limit-196 + inet/filter/limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 204 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-197 + inet6/filter/FORWARD -j limit-197 + inet/filter/INPUT -j limit-197 + inet6/filter/INPUT -j limit-197 + inet/filter/OUTPUT -j limit-197 + inet6/filter/OUTPUT -j limit-197 + inet/filter/limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 205 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-198 + inet6/filter/FORWARD -j limit-198 + inet/filter/INPUT -j limit-198 + inet6/filter/INPUT -j limit-198 + inet/filter/OUTPUT -j limit-198 + inet6/filter/OUTPUT -j limit-198 + inet/filter/limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-14 + inet6/filter/FORWARD -j logaccept-final-14 + inet/filter/INPUT -j logaccept-final-14 + inet6/filter/INPUT -j logaccept-final-14 + inet/filter/OUTPUT -j logaccept-final-14 + inet6/filter/OUTPUT -j logaccept-final-14 + inet/filter/logaccept-final-14 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-14 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-14 -j ACCEPT + inet6/filter/logaccept-final-14 -j ACCEPT + +Filter 206 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-199 + inet6/filter/FORWARD -j limit-199 + inet/filter/INPUT -j limit-199 + inet6/filter/INPUT -j limit-199 + inet/filter/OUTPUT -j limit-199 + inet6/filter/OUTPUT -j limit-199 + inet/filter/limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 207 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-200 + inet6/filter/FORWARD -j limit-200 + inet/filter/INPUT -j limit-200 + inet6/filter/INPUT -j limit-200 + inet/filter/OUTPUT -j limit-200 + inet6/filter/OUTPUT -j limit-200 + inet/filter/limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 208 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-201 + inet6/filter/FORWARD -j limit-201 + inet/filter/INPUT -j limit-201 + inet6/filter/INPUT -j limit-201 + inet/filter/OUTPUT -j limit-201 + inet6/filter/OUTPUT -j limit-201 + inet/filter/limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 209 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-202 + inet6/filter/FORWARD -j limit-202 + inet/filter/INPUT -j limit-202 + inet6/filter/INPUT -j limit-202 + inet/filter/OUTPUT -j limit-202 + inet6/filter/OUTPUT -j limit-202 + inet/filter/limit-202 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-202 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 210 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false}} +(filter-limit) + inet/filter/FORWARD -j limit-203 + inet6/filter/FORWARD -j limit-203 + inet/filter/INPUT -j limit-203 + inet6/filter/INPUT -j limit-203 + inet/filter/OUTPUT -j limit-203 + inet6/filter/OUTPUT -j limit-203 + inet/filter/limit-203 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-203 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 211 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-204 + inet6/filter/FORWARD -j limit-204 + inet/filter/INPUT -j limit-204 + inet6/filter/INPUT -j limit-204 + inet/filter/OUTPUT -j limit-204 + inet6/filter/OUTPUT -j limit-204 + inet/filter/limit-204 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-204 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j logaccept-final-15 + inet6/filter/FORWARD -j logaccept-final-15 + inet/filter/INPUT -j logaccept-final-15 + inet6/filter/INPUT -j logaccept-final-15 + inet/filter/OUTPUT -j logaccept-final-15 + inet6/filter/OUTPUT -j logaccept-final-15 + inet/filter/logaccept-final-15 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-15 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-15 -j ACCEPT + inet6/filter/logaccept-final-15 -j ACCEPT + +Filter 212 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-205 + inet6/filter/FORWARD -j limit-205 + inet/filter/INPUT -j limit-205 + inet6/filter/INPUT -j limit-205 + inet/filter/OUTPUT -j limit-205 + inet6/filter/OUTPUT -j limit-205 + inet/filter/limit-205 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-205 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-205 -m limit --limit 1/second -j LOG + inet6/filter/limit-205 -m limit --limit 1/second -j LOG + +Filter 213 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-206 + inet6/filter/FORWARD -j limit-206 + inet/filter/INPUT -j limit-206 + inet6/filter/INPUT -j limit-206 + inet/filter/OUTPUT -j limit-206 + inet6/filter/OUTPUT -j limit-206 + inet/filter/limit-206 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-206 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 214 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-207 + inet6/filter/FORWARD -j limit-207 + inet/filter/INPUT -j limit-207 + inet6/filter/INPUT -j limit-207 + inet/filter/OUTPUT -j limit-207 + inet6/filter/OUTPUT -j limit-207 + inet/filter/limit-207 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-207 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + +Filter 215 {"flow-limit":30} +(filter-limit) + inet/filter/FORWARD -j limit-208 + inet6/filter/FORWARD -j limit-208 + inet/filter/INPUT -j limit-208 + inet6/filter/INPUT -j limit-208 + inet/filter/OUTPUT -j limit-208 + inet6/filter/OUTPUT -j limit-208 + inet/filter/limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j RETURN + inet6/filter/limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j RETURN + inet/filter/limit-208 -m limit --limit 1/second -j LOG + inet6/filter/limit-208 -m limit --limit 1/second -j LOG + inet/filter/limit-208 -j DROP + inet6/filter/limit-208 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 216 {"action":"pass","flow-limit":30} (filter-limit) - inet/filter/FORWARD -j limit-151 - inet6/filter/FORWARD -j limit-151 - inet/filter/INPUT -j limit-151 - inet6/filter/INPUT -j limit-151 - inet/filter/OUTPUT -j limit-151 - inet6/filter/OUTPUT -j limit-151 - inet/filter/limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-151 -j RETURN - inet6/filter/limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-151 -j RETURN - inet/filter/limit-151 -j DROP - inet6/filter/limit-151 -j DROP + inet/filter/FORWARD -j limit-209 + inet6/filter/FORWARD -j limit-209 + inet/filter/INPUT -j limit-209 + inet6/filter/INPUT -j limit-209 + inet/filter/OUTPUT -j limit-209 + inet6/filter/OUTPUT -j limit-209 + inet/filter/limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j RETURN + inet6/filter/limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j RETURN + inet/filter/limit-209 -m limit --limit 1/second -j LOG + inet6/filter/limit-209 -m limit --limit 1/second -j LOG + inet/filter/limit-209 -j DROP + inet6/filter/limit-209 -j DROP + +Filter 217 {"flow-limit":30,"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-210 + inet6/filter/FORWARD -j limit-210 + inet/filter/INPUT -j limit-210 + inet6/filter/INPUT -j limit-210 + inet/filter/OUTPUT -j limit-210 + inet6/filter/OUTPUT -j limit-210 + inet/filter/limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j RETURN + inet6/filter/limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j RETURN + inet/filter/limit-210 -m limit --limit 1/second -j LOG + inet6/filter/limit-210 -m limit --limit 1/second -j LOG + inet/filter/limit-210 -j DROP + inet6/filter/limit-210 -j DROP + inet/filter/FORWARD -j logaccept-final-16 + inet6/filter/FORWARD -j logaccept-final-16 + inet/filter/INPUT -j logaccept-final-16 + inet6/filter/INPUT -j logaccept-final-16 + inet/filter/OUTPUT -j logaccept-final-16 + inet6/filter/OUTPUT -j logaccept-final-16 + inet/filter/logaccept-final-16 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-16 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-16 -j ACCEPT + inet6/filter/logaccept-final-16 -j ACCEPT + +Filter 218 {"flow-limit":30,"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-211 + inet6/filter/FORWARD -j limit-211 + inet/filter/INPUT -j limit-211 + inet6/filter/INPUT -j limit-211 + inet/filter/OUTPUT -j limit-211 + inet6/filter/OUTPUT -j limit-211 + inet/filter/limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN + inet6/filter/limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN + inet/filter/limit-211 -m limit --limit 1/second -j LOG + inet6/filter/limit-211 -m limit --limit 1/second -j LOG + inet/filter/limit-211 -j DROP + inet6/filter/limit-211 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -2408,18 +3220,248 @@ Filter 158 {"flow-limit":{"count":30,"log":"none"},"log" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 159 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +Filter 219 {"flow-limit":{"count":30}} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-152 - inet6/filter/INPUT -i eth0 -j limit-152 - inet/filter/limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 - inet6/filter/limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 - inet/filter/logdrop-49 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-49 -m limit --limit 1/second -j LOG - inet/filter/logdrop-49 -j DROP - inet6/filter/logdrop-49 -j DROP - inet/filter/limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/FORWARD -j limit-212 + inet6/filter/FORWARD -j limit-212 + inet/filter/INPUT -j limit-212 + inet6/filter/INPUT -j limit-212 + inet/filter/OUTPUT -j limit-212 + inet6/filter/OUTPUT -j limit-212 + inet/filter/limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j RETURN + inet6/filter/limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j RETURN + inet/filter/limit-212 -m limit --limit 1/second -j LOG + inet6/filter/limit-212 -m limit --limit 1/second -j LOG + inet/filter/limit-212 -j DROP + inet6/filter/limit-212 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 220 {"action":"pass","flow-limit":{"count":30}} +(filter-limit) + inet/filter/FORWARD -j limit-213 + inet6/filter/FORWARD -j limit-213 + inet/filter/INPUT -j limit-213 + inet6/filter/INPUT -j limit-213 + inet/filter/OUTPUT -j limit-213 + inet6/filter/OUTPUT -j limit-213 + inet/filter/limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN + inet6/filter/limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN + inet/filter/limit-213 -m limit --limit 1/second -j LOG + inet6/filter/limit-213 -m limit --limit 1/second -j LOG + inet/filter/limit-213 -j DROP + inet6/filter/limit-213 -j DROP + +Filter 221 {"flow-limit":{"count":30},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-214 + inet6/filter/FORWARD -j limit-214 + inet/filter/INPUT -j limit-214 + inet6/filter/INPUT -j limit-214 + inet/filter/OUTPUT -j limit-214 + inet6/filter/OUTPUT -j limit-214 + inet/filter/limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j RETURN + inet6/filter/limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j RETURN + inet/filter/limit-214 -m limit --limit 1/second -j LOG + inet6/filter/limit-214 -m limit --limit 1/second -j LOG + inet/filter/limit-214 -j DROP + inet6/filter/limit-214 -j DROP + inet/filter/FORWARD -j logaccept-final-17 + inet6/filter/FORWARD -j logaccept-final-17 + inet/filter/INPUT -j logaccept-final-17 + inet6/filter/INPUT -j logaccept-final-17 + inet/filter/OUTPUT -j logaccept-final-17 + inet6/filter/OUTPUT -j logaccept-final-17 + inet/filter/logaccept-final-17 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-17 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-17 -j ACCEPT + inet6/filter/logaccept-final-17 -j ACCEPT + +Filter 222 {"flow-limit":{"count":30},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-215 + inet6/filter/FORWARD -j limit-215 + inet/filter/INPUT -j limit-215 + inet6/filter/INPUT -j limit-215 + inet/filter/OUTPUT -j limit-215 + inet6/filter/OUTPUT -j limit-215 + inet/filter/limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j RETURN + inet6/filter/limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j RETURN + inet/filter/limit-215 -m limit --limit 1/second -j LOG + inet6/filter/limit-215 -m limit --limit 1/second -j LOG + inet/filter/limit-215 -j DROP + inet6/filter/limit-215 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 223 {"flow-limit":{"count":30,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-216 + inet6/filter/FORWARD -j limit-216 + inet/filter/INPUT -j limit-216 + inet6/filter/INPUT -j limit-216 + inet/filter/OUTPUT -j limit-216 + inet6/filter/OUTPUT -j limit-216 + inet/filter/limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j RETURN + inet6/filter/limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j RETURN + inet/filter/limit-216 -j DROP + inet6/filter/limit-216 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 224 {"action":"pass","flow-limit":{"count":30,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-217 + inet6/filter/FORWARD -j limit-217 + inet/filter/INPUT -j limit-217 + inet6/filter/INPUT -j limit-217 + inet/filter/OUTPUT -j limit-217 + inet6/filter/OUTPUT -j limit-217 + inet/filter/limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN + inet6/filter/limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN + inet/filter/limit-217 -j DROP + inet6/filter/limit-217 -j DROP + +Filter 225 {"flow-limit":{"count":30,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-218 + inet6/filter/FORWARD -j limit-218 + inet/filter/INPUT -j limit-218 + inet6/filter/INPUT -j limit-218 + inet/filter/OUTPUT -j limit-218 + inet6/filter/OUTPUT -j limit-218 + inet/filter/limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j RETURN + inet6/filter/limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j RETURN + inet/filter/limit-218 -j DROP + inet6/filter/limit-218 -j DROP + inet/filter/FORWARD -j logaccept-final-18 + inet6/filter/FORWARD -j logaccept-final-18 + inet/filter/INPUT -j logaccept-final-18 + inet6/filter/INPUT -j logaccept-final-18 + inet/filter/OUTPUT -j logaccept-final-18 + inet6/filter/OUTPUT -j logaccept-final-18 + inet/filter/logaccept-final-18 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-18 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-18 -j ACCEPT + inet6/filter/logaccept-final-18 -j ACCEPT + +Filter 226 {"flow-limit":{"count":30,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-219 + inet6/filter/FORWARD -j limit-219 + inet/filter/INPUT -j limit-219 + inet6/filter/INPUT -j limit-219 + inet/filter/OUTPUT -j limit-219 + inet6/filter/OUTPUT -j limit-219 + inet/filter/limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j RETURN + inet6/filter/limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j RETURN + inet/filter/limit-219 -j DROP + inet6/filter/limit-219 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 227 {"flow-limit":{"count":30,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-220 + inet6/filter/FORWARD -j limit-220 + inet/filter/INPUT -j limit-220 + inet6/filter/INPUT -j limit-220 + inet/filter/OUTPUT -j limit-220 + inet6/filter/OUTPUT -j limit-220 + inet/filter/limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j RETURN + inet6/filter/limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j RETURN + inet/filter/limit-220 -j DROP + inet6/filter/limit-220 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 228 {"action":"pass","flow-limit":{"count":30,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-221 + inet6/filter/FORWARD -j limit-221 + inet/filter/INPUT -j limit-221 + inet6/filter/INPUT -j limit-221 + inet/filter/OUTPUT -j limit-221 + inet6/filter/OUTPUT -j limit-221 + inet/filter/limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN + inet6/filter/limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN + inet/filter/limit-221 -j DROP + inet6/filter/limit-221 -j DROP + +Filter 229 {"flow-limit":{"count":30,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-222 + inet6/filter/FORWARD -j limit-222 + inet/filter/INPUT -j limit-222 + inet6/filter/INPUT -j limit-222 + inet/filter/OUTPUT -j limit-222 + inet6/filter/OUTPUT -j limit-222 + inet/filter/limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j RETURN + inet6/filter/limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j RETURN + inet/filter/limit-222 -j DROP + inet6/filter/limit-222 -j DROP + inet/filter/FORWARD -j logaccept-final-19 + inet6/filter/FORWARD -j logaccept-final-19 + inet/filter/INPUT -j logaccept-final-19 + inet6/filter/INPUT -j logaccept-final-19 + inet/filter/OUTPUT -j logaccept-final-19 + inet6/filter/OUTPUT -j logaccept-final-19 + inet/filter/logaccept-final-19 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-19 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-19 -j ACCEPT + inet6/filter/logaccept-final-19 -j ACCEPT + +Filter 230 {"flow-limit":{"count":30,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-223 + inet6/filter/FORWARD -j limit-223 + inet/filter/INPUT -j limit-223 + inet6/filter/INPUT -j limit-223 + inet/filter/OUTPUT -j limit-223 + inet6/filter/OUTPUT -j limit-223 + inet/filter/limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j RETURN + inet6/filter/limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j RETURN + inet/filter/limit-223 -j DROP + inet6/filter/limit-223 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 231 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-224 + inet6/filter/INPUT -i eth0 -j limit-224 + inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 + inet6/filter/limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 + inet/filter/logdrop-73 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-73 -m limit --limit 1/second -j LOG + inet/filter/logdrop-73 -j DROP + inet6/filter/logdrop-73 -j DROP + inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2427,35 +3469,35 @@ Filter 159 {"flow-limit":1,"in":"A","no-track":true,"out inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 160 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +Filter 232 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-153 - inet6/filter/INPUT -i eth0 -j limit-153 - inet/filter/limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 - inet6/filter/limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 - inet/filter/logdrop-50 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-50 -m limit --limit 1/second -j LOG - inet/filter/logdrop-50 -j DROP - inet6/filter/logdrop-50 -j DROP - inet/filter/limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-225 + inet6/filter/INPUT -i eth0 -j limit-225 + inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 + inet6/filter/limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 + inet/filter/logdrop-74 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-74 -m limit --limit 1/second -j LOG + inet/filter/logdrop-74 -j DROP + inet6/filter/logdrop-74 -j DROP + inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 161 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 233 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-154 - inet6/filter/INPUT -i eth0 -j limit-154 - inet/filter/limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 - inet6/filter/limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 - inet/filter/logdrop-51 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-51 -m limit --limit 1/second -j LOG - inet/filter/logdrop-51 -j DROP - inet6/filter/logdrop-51 -j DROP - inet/filter/limit-154 -m limit --limit 1/second -j LOG - inet6/filter/limit-154 -m limit --limit 1/second -j LOG - inet/filter/limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-226 + inet6/filter/INPUT -i eth0 -j limit-226 + inet/filter/limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 + inet6/filter/limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 + inet/filter/logdrop-75 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-75 -m limit --limit 1/second -j LOG + inet/filter/logdrop-75 -j DROP + inet6/filter/logdrop-75 -j DROP + inet/filter/limit-226 -m limit --limit 1/second -j LOG + inet6/filter/limit-226 -m limit --limit 1/second -j LOG + inet/filter/limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2463,33 +3505,303 @@ Filter 161 {"flow-limit":1,"in":"A","log":true,"no-track inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 162 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 234 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-155 - inet6/filter/INPUT -i eth0 -j limit-155 - inet/filter/limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 - inet6/filter/limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 - inet/filter/logdrop-52 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-52 -m limit --limit 1/second -j LOG - inet/filter/logdrop-52 -j DROP - inet6/filter/logdrop-52 -j DROP - inet/filter/limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-227 + inet6/filter/INPUT -i eth0 -j limit-227 + inet/filter/limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 + inet6/filter/limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 + inet/filter/logdrop-76 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-76 -m limit --limit 1/second -j LOG + inet/filter/logdrop-76 -j DROP + inet6/filter/logdrop-76 -j DROP + inet/filter/limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 163 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 235 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-228 + inet6/filter/INPUT -i eth0 -j limit-228 + inet/filter/limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 + inet6/filter/limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 + inet/filter/logdrop-77 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-77 -m limit --limit 1/second -j LOG + inet/filter/logdrop-77 -j DROP + inet6/filter/logdrop-77 -j DROP + inet/filter/limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 236 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-229 + inet6/filter/INPUT -i eth0 -j limit-229 + inet/filter/limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 + inet6/filter/limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 + inet/filter/logdrop-78 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-78 -m limit --limit 1/second -j LOG + inet/filter/logdrop-78 -j DROP + inet6/filter/logdrop-78 -j DROP + inet/filter/limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 237 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-230 + inet6/filter/INPUT -i eth0 -j limit-230 + inet/filter/limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 + inet6/filter/limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 + inet/filter/logdrop-79 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-79 -m limit --limit 1/second -j LOG + inet/filter/logdrop-79 -j DROP + inet6/filter/logdrop-79 -j DROP + inet/filter/limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 238 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-231 + inet6/filter/INPUT -i eth0 -j limit-231 + inet/filter/limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 + inet6/filter/limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 + inet/filter/logdrop-80 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-80 -m limit --limit 1/second -j LOG + inet/filter/logdrop-80 -j DROP + inet6/filter/logdrop-80 -j DROP + inet/filter/limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 239 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-232 + inet6/filter/INPUT -i eth0 -j limit-232 + inet/filter/limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 + inet6/filter/limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 + inet/filter/logdrop-81 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-81 -m limit --limit 1/second -j LOG + inet/filter/logdrop-81 -j DROP + inet6/filter/logdrop-81 -j DROP + inet/filter/limit-232 -m limit --limit 1/second -j LOG + inet6/filter/limit-232 -m limit --limit 1/second -j LOG + inet/filter/limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 240 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-233 + inet6/filter/INPUT -i eth0 -j limit-233 + inet/filter/limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 + inet6/filter/limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 + inet/filter/logdrop-82 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-82 -m limit --limit 1/second -j LOG + inet/filter/logdrop-82 -j DROP + inet6/filter/logdrop-82 -j DROP + inet/filter/limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 241 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-234 + inet6/filter/INPUT -i eth0 -j limit-234 + inet/filter/limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 + inet6/filter/limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 + inet/filter/logdrop-83 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-83 -m limit --limit 1/second -j LOG + inet/filter/logdrop-83 -j DROP + inet6/filter/logdrop-83 -j DROP + inet/filter/limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 242 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-235 + inet6/filter/INPUT -i eth0 -j limit-235 + inet/filter/limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 + inet6/filter/limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 + inet/filter/logdrop-84 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-84 -m limit --limit 1/second -j LOG + inet/filter/logdrop-84 -j DROP + inet6/filter/logdrop-84 -j DROP + inet/filter/limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 243 {"flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-236 + inet6/filter/INPUT -i eth0 -j limit-236 + inet/filter/limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-85 + inet6/filter/limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-85 + inet/filter/logdrop-85 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-85 -m limit --limit 1/second -j LOG + inet/filter/logdrop-85 -j DROP + inet6/filter/logdrop-85 -j DROP + inet/filter/limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 244 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-237 + inet6/filter/INPUT -i eth0 -j limit-237 + inet/filter/limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-86 + inet6/filter/limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-86 + inet/filter/logdrop-86 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-86 -m limit --limit 1/second -j LOG + inet/filter/logdrop-86 -j DROP + inet6/filter/logdrop-86 -j DROP + inet/filter/limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 245 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-238 + inet6/filter/INPUT -i eth0 -j limit-238 + inet/filter/limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-87 + inet6/filter/limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-87 + inet/filter/logdrop-87 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-87 -m limit --limit 1/second -j LOG + inet/filter/logdrop-87 -j DROP + inet6/filter/logdrop-87 -j DROP + inet/filter/limit-238 -m limit --limit 1/second -j LOG + inet6/filter/limit-238 -m limit --limit 1/second -j LOG + inet/filter/limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 246 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-239 + inet6/filter/INPUT -i eth0 -j limit-239 + inet/filter/limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-88 + inet6/filter/limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-88 + inet/filter/logdrop-88 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-88 -m limit --limit 1/second -j LOG + inet/filter/logdrop-88 -j DROP + inet6/filter/logdrop-88 -j DROP + inet/filter/limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 247 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-240 + inet6/filter/INPUT -i eth0 -j limit-240 + inet/filter/limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-89 + inet6/filter/limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-89 + inet/filter/logdrop-89 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-89 -m limit --limit 1/second -j LOG + inet/filter/logdrop-89 -j DROP + inet6/filter/logdrop-89 -j DROP + inet/filter/limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 248 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-241 + inet6/filter/INPUT -i eth0 -j limit-241 + inet/filter/limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-90 + inet6/filter/limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-90 + inet/filter/logdrop-90 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-90 -m limit --limit 1/second -j LOG + inet/filter/logdrop-90 -j DROP + inet6/filter/logdrop-90 -j DROP + inet/filter/limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 249 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-242 + inet6/filter/INPUT -i eth0 -j limit-242 + inet/filter/limit-242 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-91 + inet6/filter/limit-242 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-91 + inet/filter/logdrop-91 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-91 -m limit --limit 1/second -j LOG + inet/filter/logdrop-91 -j DROP + inet6/filter/logdrop-91 -j DROP + inet/filter/limit-242 -j ACCEPT + inet6/filter/limit-242 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 250 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-156 - inet6/filter/INPUT -i eth0 -j limit-156 - inet/filter/limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 - inet6/filter/limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 - inet/filter/logdrop-53 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-53 -m limit --limit 1/second -j LOG - inet/filter/logdrop-53 -j DROP - inet6/filter/logdrop-53 -j DROP - inet/filter/limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-92 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-92 + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 251 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-244 + inet6/filter/INPUT -i eth0 -j limit-244 + inet/filter/limit-244 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-93 + inet6/filter/limit-244 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-93 + inet/filter/logdrop-93 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-93 -m limit --limit 1/second -j LOG + inet/filter/logdrop-93 -j DROP + inet6/filter/logdrop-93 -j DROP + inet/filter/limit-244 -m limit --limit 1/second -j LOG + inet6/filter/limit-244 -m limit --limit 1/second -j LOG + inet/filter/limit-244 -j ACCEPT + inet6/filter/limit-244 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2497,33 +3809,225 @@ Filter 163 {"flow-limit":1,"in":"A","log":"none","no-tra inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 164 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 252 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-245 + inet6/filter/INPUT -i eth0 -j limit-245 + inet/filter/limit-245 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-94 + inet6/filter/limit-245 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-94 + inet/filter/logdrop-94 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-94 -m limit --limit 1/second -j LOG + inet/filter/logdrop-94 -j DROP + inet6/filter/logdrop-94 -j DROP + inet/filter/limit-245 -m limit --limit 1/second -j LOG + inet6/filter/limit-245 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 253 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-246 + inet6/filter/INPUT -i eth0 -j limit-246 + inet/filter/limit-246 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-95 + inet6/filter/limit-246 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-95 + inet/filter/logdrop-95 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-95 -m limit --limit 1/second -j LOG + inet/filter/logdrop-95 -j DROP + inet6/filter/logdrop-95 -j DROP + inet/filter/limit-246 -j ACCEPT + inet6/filter/limit-246 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 254 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-157 - inet6/filter/INPUT -i eth0 -j limit-157 - inet/filter/limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 - inet6/filter/limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 - inet/filter/logdrop-54 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-54 -m limit --limit 1/second -j LOG - inet/filter/logdrop-54 -j DROP - inet6/filter/logdrop-54 -j DROP - inet/filter/limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-96 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-96 + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 255 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-248 + inet6/filter/INPUT -i eth0 -j limit-248 + inet/filter/limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-97 + inet6/filter/limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-97 + inet/filter/logdrop-97 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-97 -m limit --limit 1/second -j LOG + inet/filter/logdrop-97 -j DROP + inet6/filter/logdrop-97 -j DROP + inet/filter/limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 256 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-249 + inet6/filter/INPUT -i eth0 -j limit-249 + inet/filter/limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-98 + inet6/filter/limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-98 + inet/filter/logdrop-98 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-98 -m limit --limit 1/second -j LOG + inet/filter/logdrop-98 -j DROP + inet6/filter/logdrop-98 -j DROP + inet/filter/limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 257 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-250 + inet6/filter/INPUT -i eth0 -j limit-250 + inet/filter/limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-99 + inet6/filter/limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-99 + inet/filter/logdrop-99 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-99 -m limit --limit 1/second -j LOG + inet/filter/logdrop-99 -j DROP + inet6/filter/logdrop-99 -j DROP + inet/filter/limit-250 -m limit --limit 1/second -j LOG + inet6/filter/limit-250 -m limit --limit 1/second -j LOG + inet/filter/limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 258 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-251 + inet6/filter/INPUT -i eth0 -j limit-251 + inet/filter/limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-100 + inet6/filter/limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-100 + inet/filter/logdrop-100 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-100 -m limit --limit 1/second -j LOG + inet/filter/logdrop-100 -j DROP + inet6/filter/logdrop-100 -j DROP + inet/filter/limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 259 {"flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-252 + inet6/filter/INPUT -i eth0 -j limit-252 + inet/filter/limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-101 + inet6/filter/limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-101 + inet/filter/logdrop-101 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-101 -m limit --limit 1/second -j LOG + inet/filter/logdrop-101 -j DROP + inet6/filter/logdrop-101 -j DROP + inet/filter/limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 260 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-253 + inet6/filter/INPUT -i eth0 -j limit-253 + inet/filter/limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-102 + inet6/filter/limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-102 + inet/filter/logdrop-102 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-102 -m limit --limit 1/second -j LOG + inet/filter/logdrop-102 -j DROP + inet6/filter/logdrop-102 -j DROP + inet/filter/limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 165 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +Filter 261 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-254 + inet6/filter/INPUT -i eth0 -j limit-254 + inet/filter/limit-254 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-103 + inet6/filter/limit-254 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-103 + inet/filter/logdrop-103 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-103 -m limit --limit 1/second -j LOG + inet/filter/logdrop-103 -j DROP + inet6/filter/logdrop-103 -j DROP + inet/filter/limit-254 -j ACCEPT + inet6/filter/limit-254 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 262 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-158 - inet6/filter/INPUT -i eth0 -j limit-158 - inet/filter/limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-55 - inet6/filter/limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-55 - inet/filter/logdrop-55 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-55 -m limit --limit 1/second -j LOG - inet/filter/logdrop-55 -j DROP - inet6/filter/logdrop-55 -j DROP - inet/filter/limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-104 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-104 + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 263 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-256 + inet6/filter/INPUT -i eth0 -j limit-256 + inet/filter/limit-256 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-105 + inet6/filter/limit-256 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-105 + inet/filter/logdrop-105 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-105 -m limit --limit 1/second -j LOG + inet/filter/logdrop-105 -j DROP + inet6/filter/logdrop-105 -j DROP + inet/filter/limit-256 -m limit --limit 1/second -j LOG + inet6/filter/limit-256 -m limit --limit 1/second -j LOG + inet/filter/limit-256 -j ACCEPT + inet6/filter/limit-256 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 264 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-257 + inet6/filter/INPUT -i eth0 -j limit-257 + inet/filter/limit-257 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-106 + inet6/filter/limit-257 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-106 + inet/filter/logdrop-106 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-106 -m limit --limit 1/second -j LOG + inet/filter/logdrop-106 -j DROP + inet6/filter/logdrop-106 -j DROP + inet/filter/limit-257 -m limit --limit 1/second -j LOG + inet6/filter/limit-257 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 265 {"flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-258 + inet6/filter/INPUT -i eth0 -j limit-258 + inet/filter/limit-258 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-107 + inet6/filter/limit-258 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-107 + inet/filter/logdrop-107 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-107 -m limit --limit 1/second -j LOG + inet/filter/logdrop-107 -j DROP + inet6/filter/logdrop-107 -j DROP + inet/filter/limit-258 -j ACCEPT + inet6/filter/limit-258 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2531,35 +4035,21 @@ Filter 165 {"flow-limit":{"count":1},"in":"A","no-track" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 166 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +Filter 266 {"action":"pass","flow-limit":{"addr":"dest","count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-159 - inet6/filter/INPUT -i eth0 -j limit-159 - inet/filter/limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-56 - inet6/filter/limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-56 - inet/filter/logdrop-56 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG - inet/filter/logdrop-56 -j DROP - inet6/filter/logdrop-56 -j DROP - inet/filter/limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-108 + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-108 inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 167 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 267 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-160 - inet6/filter/INPUT -i eth0 -j limit-160 - inet/filter/limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-57 - inet6/filter/limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-57 - inet/filter/logdrop-57 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-57 -m limit --limit 1/second -j LOG - inet/filter/logdrop-57 -j DROP - inet6/filter/logdrop-57 -j DROP - inet/filter/limit-160 -m limit --limit 1/second -j LOG - inet6/filter/limit-160 -m limit --limit 1/second -j LOG - inet/filter/limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-260 + inet6/filter/INPUT -i eth0 -j limit-260 + inet/filter/limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2567,33 +4057,27 @@ Filter 167 {"flow-limit":{"count":1},"in":"A","log":true inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 168 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 268 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-161 - inet6/filter/INPUT -i eth0 -j limit-161 - inet/filter/limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-58 - inet6/filter/limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-58 - inet/filter/logdrop-58 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-58 -m limit --limit 1/second -j LOG - inet/filter/logdrop-58 -j DROP - inet6/filter/logdrop-58 -j DROP - inet/filter/limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-261 + inet6/filter/INPUT -i eth0 -j limit-261 + inet/filter/limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 169 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 269 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-162 - inet6/filter/INPUT -i eth0 -j limit-162 - inet/filter/limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-59 - inet6/filter/limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-59 - inet/filter/logdrop-59 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-59 -m limit --limit 1/second -j LOG - inet/filter/logdrop-59 -j DROP - inet6/filter/logdrop-59 -j DROP - inet/filter/limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-262 + inet6/filter/INPUT -i eth0 -j limit-262 + inet/filter/limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-262 -m limit --limit 1/second -j LOG + inet6/filter/limit-262 -m limit --limit 1/second -j LOG + inet/filter/limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2601,33 +4085,25 @@ Filter 169 {"flow-limit":{"count":1},"in":"A","log":"non inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 170 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 270 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-163 - inet6/filter/INPUT -i eth0 -j limit-163 - inet/filter/limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-60 - inet6/filter/limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-60 - inet/filter/logdrop-60 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-60 -m limit --limit 1/second -j LOG - inet/filter/logdrop-60 -j DROP - inet6/filter/logdrop-60 -j DROP - inet/filter/limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-263 + inet6/filter/INPUT -i eth0 -j limit-263 + inet/filter/limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 171 {"flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 271 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-164 - inet6/filter/INPUT -i eth0 -j limit-164 - inet/filter/limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 - inet6/filter/limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 - inet/filter/logdrop-61 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-61 -m limit --limit 1/second -j LOG - inet/filter/logdrop-61 -j DROP - inet6/filter/logdrop-61 -j DROP - inet/filter/limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-264 + inet6/filter/INPUT -i eth0 -j limit-264 + inet/filter/limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2635,35 +4111,25 @@ Filter 171 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 172 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 272 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-165 - inet6/filter/INPUT -i eth0 -j limit-165 - inet/filter/limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 - inet6/filter/limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 - inet/filter/logdrop-62 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-62 -m limit --limit 1/second -j LOG - inet/filter/logdrop-62 -j DROP - inet6/filter/logdrop-62 -j DROP - inet/filter/limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-265 + inet6/filter/INPUT -i eth0 -j limit-265 + inet/filter/limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 173 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 273 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-166 - inet6/filter/INPUT -i eth0 -j limit-166 - inet/filter/limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 - inet6/filter/limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 - inet/filter/logdrop-63 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-63 -m limit --limit 1/second -j LOG - inet/filter/logdrop-63 -j DROP - inet6/filter/logdrop-63 -j DROP - inet/filter/limit-166 -m limit --limit 1/second -j LOG - inet6/filter/limit-166 -m limit --limit 1/second -j LOG - inet/filter/limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-266 + inet6/filter/INPUT -i eth0 -j limit-266 + inet/filter/limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2671,33 +4137,27 @@ Filter 173 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 174 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 274 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-167 - inet6/filter/INPUT -i eth0 -j limit-167 - inet/filter/limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 - inet6/filter/limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 - inet/filter/logdrop-64 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-64 -m limit --limit 1/second -j LOG - inet/filter/logdrop-64 -j DROP - inet6/filter/logdrop-64 -j DROP - inet/filter/limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-267 + inet6/filter/INPUT -i eth0 -j limit-267 + inet/filter/limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 175 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 275 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-168 - inet6/filter/INPUT -i eth0 -j limit-168 - inet/filter/limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 - inet6/filter/limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 - inet/filter/logdrop-65 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-65 -m limit --limit 1/second -j LOG - inet/filter/logdrop-65 -j DROP - inet6/filter/logdrop-65 -j DROP - inet/filter/limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-268 + inet6/filter/INPUT -i eth0 -j limit-268 + inet/filter/limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-268 -m limit --limit 1/second -j LOG + inet6/filter/limit-268 -m limit --limit 1/second -j LOG + inet/filter/limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2705,33 +4165,25 @@ Filter 175 {"flow-limit":{"count":1,"name":"foo"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 176 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 276 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-169 - inet6/filter/INPUT -i eth0 -j limit-169 - inet/filter/limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 - inet6/filter/limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 - inet/filter/logdrop-66 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-66 -m limit --limit 1/second -j LOG - inet/filter/logdrop-66 -j DROP - inet6/filter/logdrop-66 -j DROP - inet/filter/limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-269 + inet6/filter/INPUT -i eth0 -j limit-269 + inet/filter/limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 177 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 277 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-170 - inet6/filter/INPUT -i eth0 -j limit-170 - inet/filter/limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 - inet6/filter/limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 - inet/filter/logdrop-67 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-67 -m limit --limit 1/second -j LOG - inet/filter/logdrop-67 -j DROP - inet6/filter/logdrop-67 -j DROP - inet/filter/limit-170 -j ACCEPT - inet6/filter/limit-170 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-270 + inet6/filter/INPUT -i eth0 -j limit-270 + inet/filter/limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2739,27 +4191,25 @@ Filter 177 {"flow-limit":{"count":1,"name":"foo","update inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 178 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 278 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 + inet/filter/INPUT -i eth0 -j limit-271 + inet6/filter/INPUT -i eth0 -j limit-271 + inet/filter/limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 179 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 279 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-172 - inet6/filter/INPUT -i eth0 -j limit-172 - inet/filter/limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 - inet6/filter/limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 - inet/filter/logdrop-69 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-69 -m limit --limit 1/second -j LOG - inet/filter/logdrop-69 -j DROP - inet6/filter/logdrop-69 -j DROP - inet/filter/limit-172 -m limit --limit 1/second -j LOG - inet6/filter/limit-172 -m limit --limit 1/second -j LOG - inet/filter/limit-172 -j ACCEPT - inet6/filter/limit-172 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-272 + inet6/filter/INPUT -i eth0 -j limit-272 + inet/filter/limit-272 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-272 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-272 -j ACCEPT + inet6/filter/limit-272 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2767,33 +4217,23 @@ Filter 179 {"flow-limit":{"count":1,"name":"foo","update inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 180 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 280 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-173 - inet6/filter/INPUT -i eth0 -j limit-173 - inet/filter/limit-173 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 - inet6/filter/limit-173 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 - inet/filter/logdrop-70 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-70 -m limit --limit 1/second -j LOG - inet/filter/logdrop-70 -j DROP - inet6/filter/logdrop-70 -j DROP - inet/filter/limit-173 -m limit --limit 1/second -j LOG - inet6/filter/limit-173 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 181 {"flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 281 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-174 - inet6/filter/INPUT -i eth0 -j limit-174 - inet/filter/limit-174 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 - inet6/filter/limit-174 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 - inet/filter/logdrop-71 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-71 -m limit --limit 1/second -j LOG - inet/filter/logdrop-71 -j DROP - inet6/filter/logdrop-71 -j DROP - inet/filter/limit-174 -j ACCEPT - inet6/filter/limit-174 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-274 + inet6/filter/INPUT -i eth0 -j limit-274 + inet/filter/limit-274 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-274 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-274 -m limit --limit 1/second -j LOG + inet6/filter/limit-274 -m limit --limit 1/second -j LOG + inet/filter/limit-274 -j ACCEPT + inet6/filter/limit-274 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2801,21 +4241,25 @@ Filter 181 {"flow-limit":{"count":1,"name":"foo","update inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 182 {"action":"pass","flow-limit":{"count":1,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 282 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 + inet/filter/INPUT -i eth0 -j limit-275 + inet6/filter/INPUT -i eth0 -j limit-275 + inet/filter/limit-275 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-275 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-275 -m limit --limit 1/second -j LOG + inet6/filter/limit-275 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 183 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 283 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-176 - inet6/filter/INPUT -i eth0 -j limit-176 - inet/filter/limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-276 + inet6/filter/INPUT -i eth0 -j limit-276 + inet/filter/limit-276 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-276 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-276 -j ACCEPT + inet6/filter/limit-276 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2823,27 +4267,21 @@ Filter 183 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 184 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 284 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-177 - inet6/filter/INPUT -i eth0 -j limit-177 - inet/filter/limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 185 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 285 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-178 - inet6/filter/INPUT -i eth0 -j limit-178 - inet/filter/limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-178 -m limit --limit 1/second -j LOG - inet6/filter/limit-178 -m limit --limit 1/second -j LOG - inet/filter/limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-278 + inet6/filter/INPUT -i eth0 -j limit-278 + inet/filter/limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2851,25 +4289,27 @@ Filter 185 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 186 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 286 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-179 - inet6/filter/INPUT -i eth0 -j limit-179 - inet/filter/limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-279 + inet6/filter/INPUT -i eth0 -j limit-279 + inet/filter/limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 187 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 287 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-180 - inet6/filter/INPUT -i eth0 -j limit-180 - inet/filter/limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-280 + inet6/filter/INPUT -i eth0 -j limit-280 + inet/filter/limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-280 -m limit --limit 1/second -j LOG + inet6/filter/limit-280 -m limit --limit 1/second -j LOG + inet/filter/limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2877,25 +4317,25 @@ Filter 187 {"flow-limit":{"count":1,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 188 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 288 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-181 - inet6/filter/INPUT -i eth0 -j limit-181 - inet/filter/limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-281 + inet6/filter/INPUT -i eth0 -j limit-281 + inet/filter/limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 189 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 289 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-182 - inet6/filter/INPUT -i eth0 -j limit-182 - inet/filter/limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-282 + inet6/filter/INPUT -i eth0 -j limit-282 + inet/filter/limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2903,27 +4343,25 @@ Filter 189 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 190 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 290 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-183 - inet6/filter/INPUT -i eth0 -j limit-183 - inet/filter/limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-283 + inet6/filter/INPUT -i eth0 -j limit-283 + inet/filter/limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 191 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 291 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-184 - inet6/filter/INPUT -i eth0 -j limit-184 - inet/filter/limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-184 -m limit --limit 1/second -j LOG - inet6/filter/limit-184 -m limit --limit 1/second -j LOG - inet/filter/limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-284 + inet6/filter/INPUT -i eth0 -j limit-284 + inet/filter/limit-284 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-284 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-284 -j ACCEPT + inet6/filter/limit-284 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2931,25 +4369,23 @@ Filter 191 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 192 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 292 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-185 - inet6/filter/INPUT -i eth0 -j limit-185 - inet/filter/limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 193 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 293 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-186 - inet6/filter/INPUT -i eth0 -j limit-186 - inet/filter/limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-286 + inet6/filter/INPUT -i eth0 -j limit-286 + inet/filter/limit-286 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-286 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-286 -m limit --limit 1/second -j LOG + inet6/filter/limit-286 -m limit --limit 1/second -j LOG + inet/filter/limit-286 -j ACCEPT + inet6/filter/limit-286 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2957,25 +4393,25 @@ Filter 193 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 194 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 294 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-187 - inet6/filter/INPUT -i eth0 -j limit-187 - inet/filter/limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-287 + inet6/filter/INPUT -i eth0 -j limit-287 + inet/filter/limit-287 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-287 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-287 -m limit --limit 1/second -j LOG + inet6/filter/limit-287 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 195 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 295 {"flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-188 - inet6/filter/INPUT -i eth0 -j limit-188 - inet/filter/limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-188 -j ACCEPT - inet6/filter/limit-188 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-288 + inet6/filter/INPUT -i eth0 -j limit-288 + inet/filter/limit-288 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-288 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-288 -j ACCEPT + inet6/filter/limit-288 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -2983,23 +4419,21 @@ Filter 195 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 196 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 296 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 197 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 297 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-190 - inet6/filter/INPUT -i eth0 -j limit-190 - inet/filter/limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-190 -m limit --limit 1/second -j LOG - inet6/filter/limit-190 -m limit --limit 1/second -j LOG - inet/filter/limit-190 -j ACCEPT - inet6/filter/limit-190 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-290 + inet6/filter/INPUT -i eth0 -j limit-290 + inet/filter/limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3007,25 +4441,27 @@ Filter 197 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 198 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 298 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-191 - inet6/filter/INPUT -i eth0 -j limit-191 - inet/filter/limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-191 -m limit --limit 1/second -j LOG - inet6/filter/limit-191 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-291 + inet6/filter/INPUT -i eth0 -j limit-291 + inet/filter/limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 199 {"flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 299 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-192 - inet6/filter/INPUT -i eth0 -j limit-192 - inet/filter/limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-192 -j ACCEPT - inet6/filter/limit-192 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-292 + inet6/filter/INPUT -i eth0 -j limit-292 + inet/filter/limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-292 -m limit --limit 1/second -j LOG + inet6/filter/limit-292 -m limit --limit 1/second -j LOG + inet/filter/limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3033,21 +4469,25 @@ Filter 199 {"flow-limit":{"count":1,"log":false,"name":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 200 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 300 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/INPUT -i eth0 -j limit-293 + inet6/filter/INPUT -i eth0 -j limit-293 + inet/filter/limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 201 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 301 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-194 - inet6/filter/INPUT -i eth0 -j limit-194 - inet/filter/limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-294 + inet6/filter/INPUT -i eth0 -j limit-294 + inet/filter/limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3055,27 +4495,25 @@ Filter 201 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 202 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 302 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-195 - inet6/filter/INPUT -i eth0 -j limit-195 - inet/filter/limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-295 + inet6/filter/INPUT -i eth0 -j limit-295 + inet/filter/limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 203 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 303 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-196 - inet6/filter/INPUT -i eth0 -j limit-196 - inet/filter/limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-196 -m limit --limit 1/second -j LOG - inet6/filter/limit-196 -m limit --limit 1/second -j LOG - inet/filter/limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-296 + inet6/filter/INPUT -i eth0 -j limit-296 + inet/filter/limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3083,25 +4521,27 @@ Filter 203 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 204 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 304 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-197 - inet6/filter/INPUT -i eth0 -j limit-197 - inet/filter/limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-297 + inet6/filter/INPUT -i eth0 -j limit-297 + inet/filter/limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 205 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 305 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-198 - inet6/filter/INPUT -i eth0 -j limit-198 - inet/filter/limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-298 + inet6/filter/INPUT -i eth0 -j limit-298 + inet/filter/limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-298 -m limit --limit 1/second -j LOG + inet6/filter/limit-298 -m limit --limit 1/second -j LOG + inet/filter/limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3109,25 +4549,25 @@ Filter 205 {"flow-limit":{"count":1,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 206 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 306 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-199 - inet6/filter/INPUT -i eth0 -j limit-199 - inet/filter/limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-299 + inet6/filter/INPUT -i eth0 -j limit-299 + inet/filter/limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 207 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 307 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-200 - inet6/filter/INPUT -i eth0 -j limit-200 - inet/filter/limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-300 + inet6/filter/INPUT -i eth0 -j limit-300 + inet/filter/limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3135,27 +4575,25 @@ Filter 207 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 208 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +Filter 308 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-201 - inet6/filter/INPUT -i eth0 -j limit-201 - inet/filter/limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-301 + inet6/filter/INPUT -i eth0 -j limit-301 + inet/filter/limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 209 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 309 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-202 - inet6/filter/INPUT -i eth0 -j limit-202 - inet/filter/limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-202 -m limit --limit 1/second -j LOG - inet6/filter/limit-202 -m limit --limit 1/second -j LOG - inet/filter/limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-302 + inet6/filter/INPUT -i eth0 -j limit-302 + inet/filter/limit-302 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-302 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-302 -j ACCEPT + inet6/filter/limit-302 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3163,25 +4601,23 @@ Filter 209 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 210 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 310 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-203 - inet6/filter/INPUT -i eth0 -j limit-203 - inet/filter/limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 211 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 311 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-204 - inet6/filter/INPUT -i eth0 -j limit-204 - inet/filter/limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-304 + inet6/filter/INPUT -i eth0 -j limit-304 + inet/filter/limit-304 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-304 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-304 -m limit --limit 1/second -j LOG + inet6/filter/limit-304 -m limit --limit 1/second -j LOG + inet/filter/limit-304 -j ACCEPT + inet6/filter/limit-304 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3189,25 +4625,25 @@ Filter 211 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 212 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 312 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-205 - inet6/filter/INPUT -i eth0 -j limit-205 - inet/filter/limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-305 + inet6/filter/INPUT -i eth0 -j limit-305 + inet/filter/limit-305 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-305 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-305 -m limit --limit 1/second -j LOG + inet6/filter/limit-305 -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 213 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 313 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-206 - inet6/filter/INPUT -i eth0 -j limit-206 - inet/filter/limit-206 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-206 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-206 -j ACCEPT - inet6/filter/limit-206 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-306 + inet6/filter/INPUT -i eth0 -j limit-306 + inet/filter/limit-306 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-306 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-306 -j ACCEPT + inet6/filter/limit-306 -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3215,23 +4651,21 @@ Filter 213 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 214 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +Filter 314 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 215 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 315 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-208 - inet6/filter/INPUT -i eth0 -j limit-208 - inet/filter/limit-208 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-208 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-208 -m limit --limit 1/second -j LOG - inet6/filter/limit-208 -m limit --limit 1/second -j LOG - inet/filter/limit-208 -j ACCEPT - inet6/filter/limit-208 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-308 + inet6/filter/INPUT -i eth0 -j limit-308 + inet/filter/limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3239,25 +4673,27 @@ Filter 215 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 216 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 316 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-209 - inet6/filter/INPUT -i eth0 -j limit-209 - inet/filter/limit-209 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-209 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-209 -m limit --limit 1/second -j LOG - inet6/filter/limit-209 -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-309 + inet6/filter/INPUT -i eth0 -j limit-309 + inet/filter/limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 217 {"flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 317 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-210 - inet6/filter/INPUT -i eth0 -j limit-210 - inet/filter/limit-210 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-210 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-210 -j ACCEPT - inet6/filter/limit-210 -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-310 + inet6/filter/INPUT -i eth0 -j limit-310 + inet/filter/limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-310 -m limit --limit 1/second -j LOG + inet6/filter/limit-310 -m limit --limit 1/second -j LOG + inet/filter/limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3265,23 +4701,25 @@ Filter 217 {"flow-limit":{"count":1,"log":"none","name": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 218 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 318 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP - inet6/filter/INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/INPUT -i eth0 -j limit-311 + inet6/filter/INPUT -i eth0 -j limit-311 + inet/filter/limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 219 {"flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +Filter 319 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-212 - inet6/filter/INPUT -i eth0 -j limit-212 - inet/filter/limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j ACCEPT - inet6/filter/limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j ACCEPT - inet/filter/limit-212 -m limit --limit 1/second -j LOG - inet6/filter/limit-212 -m limit --limit 1/second -j LOG - inet/filter/limit-212 -j DROP - inet6/filter/limit-212 -j DROP + inet/filter/INPUT -i eth0 -j limit-312 + inet6/filter/INPUT -i eth0 -j limit-312 + inet/filter/limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3289,33 +4727,133 @@ Filter 219 {"flow-limit":30,"in":"A","no-track":true,"ou inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 220 {"action":"pass","flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +Filter 320 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-213 - inet6/filter/INPUT -i eth0 -j limit-213 - inet/filter/limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN - inet6/filter/limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN - inet/filter/limit-213 -m limit --limit 1/second -j LOG - inet6/filter/limit-213 -m limit --limit 1/second -j LOG - inet/filter/limit-213 -j DROP - inet6/filter/limit-213 -j DROP + inet/filter/INPUT -i eth0 -j limit-313 + inet6/filter/INPUT -i eth0 -j limit-313 + inet/filter/limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 321 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-314 + inet6/filter/INPUT -i eth0 -j limit-314 + inet/filter/limit-314 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-314 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-314 -j ACCEPT + inet6/filter/limit-314 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 322 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 323 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-316 + inet6/filter/INPUT -i eth0 -j limit-316 + inet/filter/limit-316 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-316 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-316 -m limit --limit 1/second -j LOG + inet6/filter/limit-316 -m limit --limit 1/second -j LOG + inet/filter/limit-316 -j ACCEPT + inet6/filter/limit-316 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 324 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-317 + inet6/filter/INPUT -i eth0 -j limit-317 + inet/filter/limit-317 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-317 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-317 -m limit --limit 1/second -j LOG + inet6/filter/limit-317 -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 325 {"flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-318 + inet6/filter/INPUT -i eth0 -j limit-318 + inet/filter/limit-318 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-318 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-318 -j ACCEPT + inet6/filter/limit-318 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 326 {"action":"pass","flow-limit":{"addr":"dest","count":1,"log":"none","name":"foo","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP + inet6/filter/INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 221 {"flow-limit":30,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 327 {"flow-limit":30,"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-214 - inet6/filter/INPUT -i eth0 -j limit-214 - inet/filter/limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j logaccept-4 - inet6/filter/limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j logaccept-4 + inet/filter/INPUT -i eth0 -j limit-320 + inet6/filter/INPUT -i eth0 -j limit-320 + inet/filter/limit-320 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-320 -j ACCEPT + inet6/filter/limit-320 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-320 -j ACCEPT + inet/filter/limit-320 -m limit --limit 1/second -j LOG + inet6/filter/limit-320 -m limit --limit 1/second -j LOG + inet/filter/limit-320 -j DROP + inet6/filter/limit-320 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 328 {"action":"pass","flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-321 + inet6/filter/INPUT -i eth0 -j limit-321 + inet/filter/limit-321 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-321 -j RETURN + inet6/filter/limit-321 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-321 -j RETURN + inet/filter/limit-321 -m limit --limit 1/second -j LOG + inet6/filter/limit-321 -m limit --limit 1/second -j LOG + inet/filter/limit-321 -j DROP + inet6/filter/limit-321 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 329 {"flow-limit":30,"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-322 + inet6/filter/INPUT -i eth0 -j limit-322 + inet/filter/limit-322 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-322 -j logaccept-4 + inet6/filter/limit-322 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-322 -j logaccept-4 inet/filter/logaccept-4 -m limit --limit 1/second -j LOG inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG inet/filter/logaccept-4 -j ACCEPT inet6/filter/logaccept-4 -j ACCEPT - inet/filter/limit-214 -m limit --limit 1/second -j LOG - inet6/filter/limit-214 -m limit --limit 1/second -j LOG - inet/filter/limit-214 -j DROP - inet6/filter/limit-214 -j DROP + inet/filter/limit-322 -m limit --limit 1/second -j LOG + inet6/filter/limit-322 -m limit --limit 1/second -j LOG + inet/filter/limit-322 -j DROP + inet6/filter/limit-322 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3323,16 +4861,16 @@ Filter 221 {"flow-limit":30,"in":"A","log":true,"no-trac inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 222 {"flow-limit":30,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 330 {"flow-limit":30,"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-215 - inet6/filter/INPUT -i eth0 -j limit-215 - inet/filter/limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j ACCEPT - inet6/filter/limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j ACCEPT - inet/filter/limit-215 -m limit --limit 1/second -j LOG - inet6/filter/limit-215 -m limit --limit 1/second -j LOG - inet/filter/limit-215 -j DROP - inet6/filter/limit-215 -j DROP + inet/filter/INPUT -i eth0 -j limit-323 + inet6/filter/INPUT -i eth0 -j limit-323 + inet/filter/limit-323 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-323 -j ACCEPT + inet6/filter/limit-323 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-323 -j ACCEPT + inet/filter/limit-323 -m limit --limit 1/second -j LOG + inet6/filter/limit-323 -m limit --limit 1/second -j LOG + inet/filter/limit-323 -j DROP + inet6/filter/limit-323 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3340,16 +4878,16 @@ Filter 222 {"flow-limit":30,"in":"A","log":"none","no-tr inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 223 {"flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} +Filter 331 {"flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-216 - inet6/filter/INPUT -i eth0 -j limit-216 - inet/filter/limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j ACCEPT - inet6/filter/limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j ACCEPT - inet/filter/limit-216 -m limit --limit 1/second -j LOG - inet6/filter/limit-216 -m limit --limit 1/second -j LOG - inet/filter/limit-216 -j DROP - inet6/filter/limit-216 -j DROP + inet/filter/INPUT -i eth0 -j limit-324 + inet6/filter/INPUT -i eth0 -j limit-324 + inet/filter/limit-324 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-324 -j ACCEPT + inet6/filter/limit-324 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-324 -j ACCEPT + inet/filter/limit-324 -m limit --limit 1/second -j LOG + inet6/filter/limit-324 -m limit --limit 1/second -j LOG + inet/filter/limit-324 -j DROP + inet6/filter/limit-324 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3357,33 +4895,33 @@ Filter 223 {"flow-limit":{"count":30},"in":"A","no-track inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 224 {"action":"pass","flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} +Filter 332 {"action":"pass","flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-217 - inet6/filter/INPUT -i eth0 -j limit-217 - inet/filter/limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN - inet6/filter/limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN - inet/filter/limit-217 -m limit --limit 1/second -j LOG - inet6/filter/limit-217 -m limit --limit 1/second -j LOG - inet/filter/limit-217 -j DROP - inet6/filter/limit-217 -j DROP + inet/filter/INPUT -i eth0 -j limit-325 + inet6/filter/INPUT -i eth0 -j limit-325 + inet/filter/limit-325 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-325 -j RETURN + inet6/filter/limit-325 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-325 -j RETURN + inet/filter/limit-325 -m limit --limit 1/second -j LOG + inet6/filter/limit-325 -m limit --limit 1/second -j LOG + inet/filter/limit-325 -j DROP + inet6/filter/limit-325 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 225 {"flow-limit":{"count":30},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 333 {"flow-limit":{"count":30},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-218 - inet6/filter/INPUT -i eth0 -j limit-218 - inet/filter/limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j logaccept-5 - inet6/filter/limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j logaccept-5 + inet/filter/INPUT -i eth0 -j limit-326 + inet6/filter/INPUT -i eth0 -j limit-326 + inet/filter/limit-326 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-326 -j logaccept-5 + inet6/filter/limit-326 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-326 -j logaccept-5 inet/filter/logaccept-5 -m limit --limit 1/second -j LOG inet6/filter/logaccept-5 -m limit --limit 1/second -j LOG inet/filter/logaccept-5 -j ACCEPT inet6/filter/logaccept-5 -j ACCEPT - inet/filter/limit-218 -m limit --limit 1/second -j LOG - inet6/filter/limit-218 -m limit --limit 1/second -j LOG - inet/filter/limit-218 -j DROP - inet6/filter/limit-218 -j DROP + inet/filter/limit-326 -m limit --limit 1/second -j LOG + inet6/filter/limit-326 -m limit --limit 1/second -j LOG + inet/filter/limit-326 -j DROP + inet6/filter/limit-326 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3391,16 +4929,16 @@ Filter 225 {"flow-limit":{"count":30},"in":"A","log":tru inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 226 {"flow-limit":{"count":30},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 334 {"flow-limit":{"count":30},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-219 - inet6/filter/INPUT -i eth0 -j limit-219 - inet/filter/limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j ACCEPT - inet6/filter/limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j ACCEPT - inet/filter/limit-219 -m limit --limit 1/second -j LOG - inet6/filter/limit-219 -m limit --limit 1/second -j LOG - inet/filter/limit-219 -j DROP - inet6/filter/limit-219 -j DROP + inet/filter/INPUT -i eth0 -j limit-327 + inet6/filter/INPUT -i eth0 -j limit-327 + inet/filter/limit-327 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-327 -j ACCEPT + inet6/filter/limit-327 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-327 -j ACCEPT + inet/filter/limit-327 -m limit --limit 1/second -j LOG + inet6/filter/limit-327 -m limit --limit 1/second -j LOG + inet/filter/limit-327 -j DROP + inet6/filter/limit-327 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3408,14 +4946,14 @@ Filter 226 {"flow-limit":{"count":30},"in":"A","log":"no inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 227 {"flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 335 {"flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-220 - inet6/filter/INPUT -i eth0 -j limit-220 - inet/filter/limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j ACCEPT - inet6/filter/limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j ACCEPT - inet/filter/limit-220 -j DROP - inet6/filter/limit-220 -j DROP + inet/filter/INPUT -i eth0 -j limit-328 + inet6/filter/INPUT -i eth0 -j limit-328 + inet/filter/limit-328 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-328 -j ACCEPT + inet6/filter/limit-328 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-328 -j ACCEPT + inet/filter/limit-328 -j DROP + inet6/filter/limit-328 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3423,29 +4961,29 @@ Filter 227 {"flow-limit":{"count":30,"log":false},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 228 {"action":"pass","flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 336 {"action":"pass","flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-221 - inet6/filter/INPUT -i eth0 -j limit-221 - inet/filter/limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN - inet6/filter/limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN - inet/filter/limit-221 -j DROP - inet6/filter/limit-221 -j DROP + inet/filter/INPUT -i eth0 -j limit-329 + inet6/filter/INPUT -i eth0 -j limit-329 + inet/filter/limit-329 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-329 -j RETURN + inet6/filter/limit-329 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-329 -j RETURN + inet/filter/limit-329 -j DROP + inet6/filter/limit-329 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 229 {"flow-limit":{"count":30,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 337 {"flow-limit":{"count":30,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-222 - inet6/filter/INPUT -i eth0 -j limit-222 - inet/filter/limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j logaccept-6 - inet6/filter/limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j logaccept-6 + inet/filter/INPUT -i eth0 -j limit-330 + inet6/filter/INPUT -i eth0 -j limit-330 + inet/filter/limit-330 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-330 -j logaccept-6 + inet6/filter/limit-330 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-330 -j logaccept-6 inet/filter/logaccept-6 -m limit --limit 1/second -j LOG inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG inet/filter/logaccept-6 -j ACCEPT inet6/filter/logaccept-6 -j ACCEPT - inet/filter/limit-222 -j DROP - inet6/filter/limit-222 -j DROP + inet/filter/limit-330 -j DROP + inet6/filter/limit-330 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3453,14 +4991,14 @@ Filter 229 {"flow-limit":{"count":30,"log":false},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 230 {"flow-limit":{"count":30,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 338 {"flow-limit":{"count":30,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-223 - inet6/filter/INPUT -i eth0 -j limit-223 - inet/filter/limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j ACCEPT - inet6/filter/limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j ACCEPT - inet/filter/limit-223 -j DROP - inet6/filter/limit-223 -j DROP + inet/filter/INPUT -i eth0 -j limit-331 + inet6/filter/INPUT -i eth0 -j limit-331 + inet/filter/limit-331 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-331 -j ACCEPT + inet6/filter/limit-331 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-331 -j ACCEPT + inet/filter/limit-331 -j DROP + inet6/filter/limit-331 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3468,14 +5006,14 @@ Filter 230 {"flow-limit":{"count":30,"log":false},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 231 {"flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 339 {"flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-224 - inet6/filter/INPUT -i eth0 -j limit-224 - inet/filter/limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-224 -j ACCEPT - inet6/filter/limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-224 -j ACCEPT - inet/filter/limit-224 -j DROP - inet6/filter/limit-224 -j DROP + inet/filter/INPUT -i eth0 -j limit-332 + inet6/filter/INPUT -i eth0 -j limit-332 + inet/filter/limit-332 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-332 -j ACCEPT + inet6/filter/limit-332 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-332 -j ACCEPT + inet/filter/limit-332 -j DROP + inet6/filter/limit-332 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3483,29 +5021,29 @@ Filter 231 {"flow-limit":{"count":30,"log":"none"},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 232 {"action":"pass","flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 340 {"action":"pass","flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-225 - inet6/filter/INPUT -i eth0 -j limit-225 - inet/filter/limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-225 -j RETURN - inet6/filter/limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-225 -j RETURN - inet/filter/limit-225 -j DROP - inet6/filter/limit-225 -j DROP + inet/filter/INPUT -i eth0 -j limit-333 + inet6/filter/INPUT -i eth0 -j limit-333 + inet/filter/limit-333 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-333 -j RETURN + inet6/filter/limit-333 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-333 -j RETURN + inet/filter/limit-333 -j DROP + inet6/filter/limit-333 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 233 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 341 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-226 - inet6/filter/INPUT -i eth0 -j limit-226 - inet/filter/limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-226 -j logaccept-7 - inet6/filter/limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-226 -j logaccept-7 + inet/filter/INPUT -i eth0 -j limit-334 + inet6/filter/INPUT -i eth0 -j limit-334 + inet/filter/limit-334 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-334 -j logaccept-7 + inet6/filter/limit-334 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-334 -j logaccept-7 inet/filter/logaccept-7 -m limit --limit 1/second -j LOG inet6/filter/logaccept-7 -m limit --limit 1/second -j LOG inet/filter/logaccept-7 -j ACCEPT inet6/filter/logaccept-7 -j ACCEPT - inet/filter/limit-226 -j DROP - inet6/filter/limit-226 -j DROP + inet/filter/limit-334 -j DROP + inet6/filter/limit-334 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3513,14 +5051,14 @@ Filter 233 {"flow-limit":{"count":30,"log":"none"},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 234 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 342 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-227 - inet6/filter/INPUT -i eth0 -j limit-227 - inet/filter/limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-227 -j ACCEPT - inet6/filter/limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-227 -j ACCEPT - inet/filter/limit-227 -j DROP - inet6/filter/limit-227 -j DROP + inet/filter/INPUT -i eth0 -j limit-335 + inet6/filter/INPUT -i eth0 -j limit-335 + inet/filter/limit-335 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-335 -j ACCEPT + inet6/filter/limit-335 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-335 -j ACCEPT + inet/filter/limit-335 -j DROP + inet6/filter/limit-335 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -3528,7 +5066,7 @@ Filter 234 {"flow-limit":{"count":30,"log":"none"},"in": inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 235 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} +Filter 343 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -3537,7 +5075,7 @@ Filter 235 {"update-limit":{"addr":"src","measure":"conn inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 236 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} +Filter 344 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set @@ -3546,7 +5084,7 @@ Filter 236 {"update-limit":{"addr":"dest","measure":"con inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 237 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} +Filter 345 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -3555,7 +5093,7 @@ Filter 237 {"update-limit":{"addr":"src","measure":"flow inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 238 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} +Filter 346 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set @@ -3564,7 +5102,7 @@ Filter 238 {"update-limit":{"addr":"dest","measure":"flo inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 239 {} +Filter 347 {} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -3573,20 +5111,20 @@ Filter 239 {} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 240 {"action":"drop"} +Filter 348 {"action":"drop"} (log) - inet/filter/FORWARD -j logdrop-73 - inet6/filter/FORWARD -j logdrop-73 - inet/filter/INPUT -j logdrop-73 - inet6/filter/INPUT -j logdrop-73 - inet/filter/OUTPUT -j logdrop-73 - inet6/filter/OUTPUT -j logdrop-73 - inet/filter/logdrop-73 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-73 -m limit --limit 1/second -j LOG - inet/filter/logdrop-73 -j DROP - inet6/filter/logdrop-73 -j DROP - -Filter 241 {"action":"pass"} + inet/filter/FORWARD -j logdrop-109 + inet6/filter/FORWARD -j logdrop-109 + inet/filter/INPUT -j logdrop-109 + inet6/filter/INPUT -j logdrop-109 + inet/filter/OUTPUT -j logdrop-109 + inet6/filter/OUTPUT -j logdrop-109 + inet/filter/logdrop-109 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-109 -m limit --limit 1/second -j LOG + inet/filter/logdrop-109 -j DROP + inet6/filter/logdrop-109 -j DROP + +Filter 349 {"action":"pass"} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -3595,7 +5133,7 @@ Filter 241 {"action":"pass"} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 242 {"log":false} +Filter 350 {"log":false} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -3604,7 +5142,7 @@ Filter 242 {"log":false} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 243 {"action":"drop","log":false} +Filter 351 {"action":"drop","log":false} (log) inet/filter/FORWARD -j DROP inet6/filter/FORWARD -j DROP @@ -3613,7 +5151,7 @@ Filter 243 {"action":"drop","log":false} inet/filter/OUTPUT -j DROP inet6/filter/OUTPUT -j DROP -Filter 244 {"action":"pass","log":false} +Filter 352 {"action":"pass","log":false} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -3622,7 +5160,7 @@ Filter 244 {"action":"pass","log":false} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 245 {"log":true} +Filter 353 {"log":true} (log) inet/filter/FORWARD -j logaccept-8 inet6/filter/FORWARD -j logaccept-8 @@ -3635,20 +5173,20 @@ Filter 245 {"log":true} inet/filter/logaccept-8 -j ACCEPT inet6/filter/logaccept-8 -j ACCEPT -Filter 246 {"action":"drop","log":true} +Filter 354 {"action":"drop","log":true} (log) - inet/filter/FORWARD -j logdrop-74 - inet6/filter/FORWARD -j logdrop-74 - inet/filter/INPUT -j logdrop-74 - inet6/filter/INPUT -j logdrop-74 - inet/filter/OUTPUT -j logdrop-74 - inet6/filter/OUTPUT -j logdrop-74 - inet/filter/logdrop-74 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-74 -m limit --limit 1/second -j LOG - inet/filter/logdrop-74 -j DROP - inet6/filter/logdrop-74 -j DROP - -Filter 247 {"action":"pass","log":true} + inet/filter/FORWARD -j logdrop-110 + inet6/filter/FORWARD -j logdrop-110 + inet/filter/INPUT -j logdrop-110 + inet6/filter/INPUT -j logdrop-110 + inet/filter/OUTPUT -j logdrop-110 + inet6/filter/OUTPUT -j logdrop-110 + inet/filter/logdrop-110 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-110 -m limit --limit 1/second -j LOG + inet/filter/logdrop-110 -j DROP + inet6/filter/logdrop-110 -j DROP + +Filter 355 {"action":"pass","log":true} (log) inet/filter/FORWARD -j logpass-0 inet6/filter/FORWARD -j logpass-0 @@ -3659,7 +5197,7 @@ Filter 247 {"action":"pass","log":true} inet/filter/logpass-0 -m limit --limit 1/second -j LOG inet6/filter/logpass-0 -m limit --limit 1/second -j LOG -Filter 248 {"log":"none"} +Filter 356 {"log":"none"} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -3668,7 +5206,7 @@ Filter 248 {"log":"none"} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 249 {"action":"drop","log":"none"} +Filter 357 {"action":"drop","log":"none"} (log) inet/filter/FORWARD -j DROP inet6/filter/FORWARD -j DROP @@ -3677,7 +5215,7 @@ Filter 249 {"action":"drop","log":"none"} inet/filter/OUTPUT -j DROP inet6/filter/OUTPUT -j DROP -Filter 250 {"action":"pass","log":"none"} +Filter 358 {"action":"pass","log":"none"} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -3686,7 +5224,7 @@ Filter 250 {"action":"pass","log":"none"} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 251 {"in":"_fw","no-track":true,"service":"http"} +Filter 359 {"in":"_fw","no-track":true,"service":"http"} (no-track) inet/filter/OUTPUT -p tcp --dport 80 -j ACCEPT inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT @@ -3697,7 +5235,7 @@ Filter 251 {"in":"_fw","no-track":true,"service":"http"} inet/filter/INPUT -p tcp --sport 80 -j ACCEPT inet6/filter/INPUT -p tcp --sport 80 -j ACCEPT -Filter 252 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} +Filter 360 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} (no-track) inet/filter/FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT @@ -3720,7 +5258,7 @@ Filter 252 {"dest":"172.17.0.0\/16","no-track":true,"ser inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT -Filter 253 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} +Filter 361 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} (no-track) inet/filter/FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT inet/filter/INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT @@ -3733,7 +5271,7 @@ Filter 253 {"dest":"172.18.0.0\/16","no-track":true,"ser inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT -Filter 254 {"no-track":true,"out":"_fw","service":"ipsec"} +Filter 362 {"no-track":true,"out":"_fw","service":"ipsec"} (no-track) inet/filter/INPUT -p esp -j ACCEPT inet6/filter/INPUT -p esp -j ACCEPT @@ -3752,7 +5290,7 @@ Filter 254 {"no-track":true,"out":"_fw","service":"ipsec inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT inet6/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT -Filter 255 {"in":["_fw","A"]} +Filter 363 {"in":["_fw","A"]} (zone) inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT @@ -3761,12 +5299,12 @@ Filter 255 {"in":["_fw","A"]} inet/filter/INPUT -i eth0 -j ACCEPT inet6/filter/INPUT -i eth0 -j ACCEPT -Filter 256 {"in":"B","out":"C"} +Filter 364 {"in":"B","out":"C"} (zone) inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT -Filter 257 {"out":["_fw","B"]} +Filter 365 {"out":["_fw","B"]} (zone) inet/filter/INPUT -j ACCEPT inet6/filter/INPUT -j ACCEPT @@ -3775,7 +5313,7 @@ Filter 257 {"out":["_fw","B"]} inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT -Filter 258 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} +Filter 366 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} (zone) inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT @@ -4191,9 +5729,11 @@ hash:net family inet :limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] +:limit-171 - [0:0] :limit-172 - [0:0] :limit-173 - [0:0] :limit-174 - [0:0] +:limit-175 - [0:0] :limit-176 - [0:0] :limit-177 - [0:0] :limit-178 - [0:0] @@ -4208,9 +5748,11 @@ hash:net family inet :limit-186 - [0:0] :limit-187 - [0:0] :limit-188 - [0:0] +:limit-189 - [0:0] :limit-190 - [0:0] :limit-191 - [0:0] :limit-192 - [0:0] +:limit-193 - [0:0] :limit-194 - [0:0] :limit-195 - [0:0] :limit-196 - [0:0] @@ -4226,10 +5768,12 @@ hash:net family inet :limit-204 - [0:0] :limit-205 - [0:0] :limit-206 - [0:0] +:limit-207 - [0:0] :limit-208 - [0:0] :limit-209 - [0:0] :limit-21 - [0:0] :limit-210 - [0:0] +:limit-211 - [0:0] :limit-212 - [0:0] :limit-213 - [0:0] :limit-214 - [0:0] @@ -4247,24 +5791,120 @@ hash:net family inet :limit-225 - [0:0] :limit-226 - [0:0] :limit-227 - [0:0] +:limit-228 - [0:0] +:limit-229 - [0:0] +:limit-230 - [0:0] +:limit-231 - [0:0] +:limit-232 - [0:0] +:limit-233 - [0:0] +:limit-234 - [0:0] +:limit-235 - [0:0] +:limit-236 - [0:0] +:limit-237 - [0:0] +:limit-238 - [0:0] +:limit-239 - [0:0] :limit-24 - [0:0] +:limit-240 - [0:0] +:limit-241 - [0:0] +:limit-242 - [0:0] +:limit-244 - [0:0] +:limit-245 - [0:0] +:limit-246 - [0:0] +:limit-248 - [0:0] +:limit-249 - [0:0] :limit-25 - [0:0] +:limit-250 - [0:0] +:limit-251 - [0:0] +:limit-252 - [0:0] +:limit-253 - [0:0] +:limit-254 - [0:0] +:limit-256 - [0:0] +:limit-257 - [0:0] +:limit-258 - [0:0] :limit-26 - [0:0] +:limit-260 - [0:0] +:limit-261 - [0:0] +:limit-262 - [0:0] +:limit-263 - [0:0] +:limit-264 - [0:0] +:limit-265 - [0:0] +:limit-266 - [0:0] +:limit-267 - [0:0] +:limit-268 - [0:0] +:limit-269 - [0:0] :limit-27 - [0:0] +:limit-270 - [0:0] +:limit-271 - [0:0] +:limit-272 - [0:0] +:limit-274 - [0:0] +:limit-275 - [0:0] +:limit-276 - [0:0] +:limit-278 - [0:0] +:limit-279 - [0:0] :limit-28 - [0:0] +:limit-280 - [0:0] +:limit-281 - [0:0] +:limit-282 - [0:0] +:limit-283 - [0:0] +:limit-284 - [0:0] +:limit-286 - [0:0] +:limit-287 - [0:0] +:limit-288 - [0:0] :limit-29 - [0:0] +:limit-290 - [0:0] +:limit-291 - [0:0] +:limit-292 - [0:0] +:limit-293 - [0:0] +:limit-294 - [0:0] +:limit-295 - [0:0] +:limit-296 - [0:0] +:limit-297 - [0:0] +:limit-298 - [0:0] +:limit-299 - [0:0] :limit-3 - [0:0] :limit-30 - [0:0] -:limit-31 - [0:0] +:limit-300 - [0:0] +:limit-301 - [0:0] +:limit-302 - [0:0] +:limit-304 - [0:0] +:limit-305 - [0:0] +:limit-306 - [0:0] +:limit-308 - [0:0] +:limit-309 - [0:0] +:limit-310 - [0:0] +:limit-311 - [0:0] +:limit-312 - [0:0] +:limit-313 - [0:0] +:limit-314 - [0:0] +:limit-316 - [0:0] +:limit-317 - [0:0] +:limit-318 - [0:0] :limit-32 - [0:0] +:limit-320 - [0:0] +:limit-321 - [0:0] +:limit-322 - [0:0] +:limit-323 - [0:0] +:limit-324 - [0:0] +:limit-325 - [0:0] +:limit-326 - [0:0] +:limit-327 - [0:0] +:limit-328 - [0:0] +:limit-329 - [0:0] :limit-33 - [0:0] +:limit-330 - [0:0] +:limit-331 - [0:0] +:limit-332 - [0:0] +:limit-333 - [0:0] +:limit-334 - [0:0] +:limit-335 - [0:0] :limit-34 - [0:0] -:limit-35 - [0:0] :limit-36 - [0:0] +:limit-37 - [0:0] :limit-38 - [0:0] :limit-39 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] +:limit-41 - [0:0] :limit-42 - [0:0] :limit-43 - [0:0] :limit-44 - [0:0] @@ -4272,23 +5912,21 @@ hash:net family inet :limit-46 - [0:0] :limit-47 - [0:0] :limit-48 - [0:0] -:limit-49 - [0:0] :limit-5 - [0:0] :limit-50 - [0:0] :limit-51 - [0:0] :limit-52 - [0:0] -:limit-53 - [0:0] :limit-54 - [0:0] +:limit-55 - [0:0] :limit-56 - [0:0] :limit-57 - [0:0] :limit-58 - [0:0] +:limit-59 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] -:limit-61 - [0:0] :limit-62 - [0:0] :limit-63 - [0:0] :limit-64 - [0:0] -:limit-65 - [0:0] :limit-66 - [0:0] :limit-67 - [0:0] :limit-68 - [0:0] @@ -4303,12 +5941,10 @@ hash:net family inet :limit-76 - [0:0] :limit-77 - [0:0] :limit-78 - [0:0] -:limit-79 - [0:0] :limit-8 - [0:0] :limit-80 - [0:0] :limit-81 - [0:0] :limit-82 - [0:0] -:limit-83 - [0:0] :limit-84 - [0:0] :limit-85 - [0:0] :limit-86 - [0:0] @@ -4317,11 +5953,9 @@ hash:net family inet :limit-89 - [0:0] :limit-9 - [0:0] :limit-90 - [0:0] -:limit-91 - [0:0] :limit-92 - [0:0] :limit-93 - [0:0] :limit-94 - [0:0] -:limit-95 - [0:0] :limit-96 - [0:0] :limit-97 - [0:0] :limit-98 - [0:0] @@ -4341,6 +5975,12 @@ hash:net family inet :logaccept-final-11 - [0:0] :logaccept-final-12 - [0:0] :logaccept-final-13 - [0:0] +:logaccept-final-14 - [0:0] +:logaccept-final-15 - [0:0] +:logaccept-final-16 - [0:0] +:logaccept-final-17 - [0:0] +:logaccept-final-18 - [0:0] +:logaccept-final-19 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] @@ -4352,7 +5992,16 @@ hash:net family inet :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] +:logdrop-100 - [0:0] +:logdrop-101 - [0:0] +:logdrop-102 - [0:0] +:logdrop-103 - [0:0] +:logdrop-105 - [0:0] +:logdrop-106 - [0:0] +:logdrop-107 - [0:0] +:logdrop-109 - [0:0] :logdrop-11 - [0:0] +:logdrop-110 - [0:0] :logdrop-12 - [0:0] :logdrop-13 - [0:0] :logdrop-14 - [0:0] @@ -4373,11 +6022,9 @@ hash:net family inet :logdrop-3 - [0:0] :logdrop-30 - [0:0] :logdrop-31 - [0:0] -:logdrop-32 - [0:0] :logdrop-33 - [0:0] :logdrop-34 - [0:0] :logdrop-35 - [0:0] -:logdrop-36 - [0:0] :logdrop-37 - [0:0] :logdrop-38 - [0:0] :logdrop-39 - [0:0] @@ -4412,20 +6059,117 @@ hash:net family inet :logdrop-65 - [0:0] :logdrop-66 - [0:0] :logdrop-67 - [0:0] +:logdrop-68 - [0:0] :logdrop-69 - [0:0] :logdrop-7 - [0:0] :logdrop-70 - [0:0] :logdrop-71 - [0:0] +:logdrop-72 - [0:0] :logdrop-73 - [0:0] :logdrop-74 - [0:0] +:logdrop-75 - [0:0] +:logdrop-76 - [0:0] +:logdrop-77 - [0:0] +:logdrop-78 - [0:0] +:logdrop-79 - [0:0] :logdrop-8 - [0:0] +:logdrop-80 - [0:0] +:logdrop-81 - [0:0] +:logdrop-82 - [0:0] +:logdrop-83 - [0:0] +:logdrop-84 - [0:0] +:logdrop-85 - [0:0] +:logdrop-86 - [0:0] +:logdrop-87 - [0:0] +:logdrop-88 - [0:0] +:logdrop-89 - [0:0] :logdrop-9 - [0:0] +:logdrop-90 - [0:0] +:logdrop-91 - [0:0] +:logdrop-93 - [0:0] +:logdrop-94 - [0:0] +:logdrop-95 - [0:0] +:logdrop-97 - [0:0] +:logdrop-98 - [0:0] +:logdrop-99 - [0:0] :logpass-0 - [0:0] :logreject-0 - [0:0] :logtarpit-0 - [0:0] :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-223 +-A FORWARD -j limit-222 +-A FORWARD -j limit-221 +-A FORWARD -j limit-220 +-A FORWARD -j limit-219 +-A FORWARD -j limit-218 +-A FORWARD -j limit-217 +-A FORWARD -j limit-216 +-A FORWARD -j limit-215 +-A FORWARD -j limit-214 +-A FORWARD -j limit-213 +-A FORWARD -j limit-212 +-A FORWARD -j limit-211 +-A FORWARD -j limit-210 +-A FORWARD -j limit-209 +-A FORWARD -j limit-208 +-A FORWARD -j limit-207 +-A FORWARD -j limit-206 +-A FORWARD -j limit-205 +-A FORWARD -j limit-204 +-A FORWARD -j limit-203 +-A FORWARD -j limit-202 +-A FORWARD -j limit-201 +-A FORWARD -j limit-200 +-A FORWARD -j limit-199 +-A FORWARD -j limit-198 +-A FORWARD -j limit-197 +-A FORWARD -j limit-196 +-A FORWARD -j limit-195 +-A FORWARD -j limit-194 +-A FORWARD -j limit-193 +-A FORWARD -j limit-192 +-A FORWARD -j limit-191 +-A FORWARD -j limit-190 +-A FORWARD -j limit-189 +-A FORWARD -j limit-188 +-A FORWARD -j limit-187 +-A FORWARD -j limit-186 +-A FORWARD -j limit-185 +-A FORWARD -j limit-184 +-A FORWARD -j limit-183 +-A FORWARD -j limit-182 +-A FORWARD -j limit-181 +-A FORWARD -j limit-180 +-A FORWARD -j limit-179 +-A FORWARD -j limit-178 +-A FORWARD -j limit-177 +-A FORWARD -j limit-176 +-A FORWARD -j limit-175 +-A FORWARD -j limit-174 +-A FORWARD -j limit-173 +-A FORWARD -j limit-172 +-A FORWARD -j limit-171 +-A FORWARD -j limit-170 +-A FORWARD -j limit-169 +-A FORWARD -j limit-168 +-A FORWARD -j limit-167 +-A FORWARD -j limit-166 +-A FORWARD -j limit-165 +-A FORWARD -j limit-164 +-A FORWARD -j limit-163 +-A FORWARD -j limit-162 +-A FORWARD -j limit-161 +-A FORWARD -j limit-160 +-A FORWARD -j limit-159 +-A FORWARD -j limit-158 +-A FORWARD -j limit-157 +-A FORWARD -j limit-156 +-A FORWARD -j limit-155 +-A FORWARD -j limit-154 +-A FORWARD -j limit-153 +-A FORWARD -j limit-152 -A FORWARD -j limit-151 -A FORWARD -j limit-150 -A FORWARD -j limit-149 @@ -4466,42 +6210,6 @@ hash:net family inet -A FORWARD -j limit-114 -A FORWARD -j limit-113 -A FORWARD -j limit-112 --A FORWARD -j limit-111 --A FORWARD -j limit-110 --A FORWARD -j limit-109 --A FORWARD -j limit-108 --A FORWARD -j limit-107 --A FORWARD -j limit-106 --A FORWARD -j limit-105 --A FORWARD -j limit-104 --A FORWARD -j limit-103 --A FORWARD -j limit-102 --A FORWARD -j limit-101 --A FORWARD -j limit-100 --A FORWARD -j limit-99 --A FORWARD -j limit-98 --A FORWARD -j limit-97 --A FORWARD -j limit-96 --A FORWARD -j limit-95 --A FORWARD -j limit-94 --A FORWARD -j limit-93 --A FORWARD -j limit-92 --A FORWARD -j limit-91 --A FORWARD -j limit-90 --A FORWARD -j limit-89 --A FORWARD -j limit-88 --A FORWARD -j limit-87 --A FORWARD -j limit-86 --A FORWARD -j limit-85 --A FORWARD -j limit-84 --A FORWARD -j limit-83 --A FORWARD -j limit-82 --A FORWARD -j limit-81 --A FORWARD -j limit-80 --A FORWARD -j limit-79 --A FORWARD -j limit-78 --A FORWARD -j limit-77 --A FORWARD -j limit-76 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -4540,17 +6248,17 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 --A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 --A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 @@ -4558,23 +6266,23 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-46 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-47 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-48 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-49 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-50 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-51 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 -A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-58 --A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-59 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-60 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-61 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-62 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-63 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-64 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-65 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-66 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-67 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-68 @@ -4585,6 +6293,42 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-73 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-74 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-75 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-76 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-77 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-78 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-80 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-81 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-82 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-84 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-85 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-86 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-87 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-88 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-89 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-90 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-92 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-93 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-94 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-96 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-97 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-98 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-99 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-100 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-101 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-102 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-103 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-104 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-105 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-106 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-107 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-108 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-109 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-110 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-111 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -4627,16 +6371,34 @@ hash:net family inet -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-13 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-14 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-15 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-16 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-17 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-18 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-19 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-73 +-A FORWARD -j logdrop-109 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-74 +-A FORWARD -j logdrop-110 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -4699,6 +6461,78 @@ hash:net family inet -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-223 +-A INPUT -j limit-222 +-A INPUT -j limit-221 +-A INPUT -j limit-220 +-A INPUT -j limit-219 +-A INPUT -j limit-218 +-A INPUT -j limit-217 +-A INPUT -j limit-216 +-A INPUT -j limit-215 +-A INPUT -j limit-214 +-A INPUT -j limit-213 +-A INPUT -j limit-212 +-A INPUT -j limit-211 +-A INPUT -j limit-210 +-A INPUT -j limit-209 +-A INPUT -j limit-208 +-A INPUT -j limit-207 +-A INPUT -j limit-206 +-A INPUT -j limit-205 +-A INPUT -j limit-204 +-A INPUT -j limit-203 +-A INPUT -j limit-202 +-A INPUT -j limit-201 +-A INPUT -j limit-200 +-A INPUT -j limit-199 +-A INPUT -j limit-198 +-A INPUT -j limit-197 +-A INPUT -j limit-196 +-A INPUT -j limit-195 +-A INPUT -j limit-194 +-A INPUT -j limit-193 +-A INPUT -j limit-192 +-A INPUT -j limit-191 +-A INPUT -j limit-190 +-A INPUT -j limit-189 +-A INPUT -j limit-188 +-A INPUT -j limit-187 +-A INPUT -j limit-186 +-A INPUT -j limit-185 +-A INPUT -j limit-184 +-A INPUT -j limit-183 +-A INPUT -j limit-182 +-A INPUT -j limit-181 +-A INPUT -j limit-180 +-A INPUT -j limit-179 +-A INPUT -j limit-178 +-A INPUT -j limit-177 +-A INPUT -j limit-176 +-A INPUT -j limit-175 +-A INPUT -j limit-174 +-A INPUT -j limit-173 +-A INPUT -j limit-172 +-A INPUT -j limit-171 +-A INPUT -j limit-170 +-A INPUT -j limit-169 +-A INPUT -j limit-168 +-A INPUT -j limit-167 +-A INPUT -j limit-166 +-A INPUT -j limit-165 +-A INPUT -j limit-164 +-A INPUT -j limit-163 +-A INPUT -j limit-162 +-A INPUT -j limit-161 +-A INPUT -j limit-160 +-A INPUT -j limit-159 +-A INPUT -j limit-158 +-A INPUT -j limit-157 +-A INPUT -j limit-156 +-A INPUT -j limit-155 +-A INPUT -j limit-154 +-A INPUT -j limit-153 +-A INPUT -j limit-152 -A INPUT -j limit-151 -A INPUT -j limit-150 -A INPUT -j limit-149 @@ -4739,42 +6573,6 @@ hash:net family inet -A INPUT -j limit-114 -A INPUT -j limit-113 -A INPUT -j limit-112 --A INPUT -j limit-111 --A INPUT -j limit-110 --A INPUT -j limit-109 --A INPUT -j limit-108 --A INPUT -j limit-107 --A INPUT -j limit-106 --A INPUT -j limit-105 --A INPUT -j limit-104 --A INPUT -j limit-103 --A INPUT -j limit-102 --A INPUT -j limit-101 --A INPUT -j limit-100 --A INPUT -j limit-99 --A INPUT -j limit-98 --A INPUT -j limit-97 --A INPUT -j limit-96 --A INPUT -j limit-95 --A INPUT -j limit-94 --A INPUT -j limit-93 --A INPUT -j limit-92 --A INPUT -j limit-91 --A INPUT -j limit-90 --A INPUT -j limit-89 --A INPUT -j limit-88 --A INPUT -j limit-87 --A INPUT -j limit-86 --A INPUT -j limit-85 --A INPUT -j limit-84 --A INPUT -j limit-83 --A INPUT -j limit-82 --A INPUT -j limit-81 --A INPUT -j limit-80 --A INPUT -j limit-79 --A INPUT -j limit-78 --A INPUT -j limit-77 --A INPUT -j limit-76 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -4825,92 +6623,146 @@ hash:net family inet -A INPUT -j ACCEPT -A INPUT -j logaccept-final-13 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-152 --A INPUT -i eth0 -j limit-153 --A INPUT -i eth0 -j limit-154 --A INPUT -i eth0 -j limit-155 --A INPUT -i eth0 -j limit-156 --A INPUT -i eth0 -j limit-157 --A INPUT -i eth0 -j limit-158 --A INPUT -i eth0 -j limit-159 --A INPUT -i eth0 -j limit-160 --A INPUT -i eth0 -j limit-161 --A INPUT -i eth0 -j limit-162 --A INPUT -i eth0 -j limit-163 --A INPUT -i eth0 -j limit-164 --A INPUT -i eth0 -j limit-165 --A INPUT -i eth0 -j limit-166 --A INPUT -i eth0 -j limit-167 --A INPUT -i eth0 -j limit-168 --A INPUT -i eth0 -j limit-169 --A INPUT -i eth0 -j limit-170 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 --A INPUT -i eth0 -j limit-172 --A INPUT -i eth0 -j limit-173 --A INPUT -i eth0 -j limit-174 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 --A INPUT -i eth0 -j limit-176 --A INPUT -i eth0 -j limit-177 --A INPUT -i eth0 -j limit-178 --A INPUT -i eth0 -j limit-179 --A INPUT -i eth0 -j limit-180 --A INPUT -i eth0 -j limit-181 --A INPUT -i eth0 -j limit-182 --A INPUT -i eth0 -j limit-183 --A INPUT -i eth0 -j limit-184 --A INPUT -i eth0 -j limit-185 --A INPUT -i eth0 -j limit-186 --A INPUT -i eth0 -j limit-187 --A INPUT -i eth0 -j limit-188 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-190 --A INPUT -i eth0 -j limit-191 --A INPUT -i eth0 -j limit-192 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-194 --A INPUT -i eth0 -j limit-195 --A INPUT -i eth0 -j limit-196 --A INPUT -i eth0 -j limit-197 --A INPUT -i eth0 -j limit-198 --A INPUT -i eth0 -j limit-199 --A INPUT -i eth0 -j limit-200 --A INPUT -i eth0 -j limit-201 --A INPUT -i eth0 -j limit-202 --A INPUT -i eth0 -j limit-203 --A INPUT -i eth0 -j limit-204 --A INPUT -i eth0 -j limit-205 --A INPUT -i eth0 -j limit-206 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-208 --A INPUT -i eth0 -j limit-209 --A INPUT -i eth0 -j limit-210 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-212 --A INPUT -i eth0 -j limit-213 --A INPUT -i eth0 -j limit-214 --A INPUT -i eth0 -j limit-215 --A INPUT -i eth0 -j limit-216 --A INPUT -i eth0 -j limit-217 --A INPUT -i eth0 -j limit-218 --A INPUT -i eth0 -j limit-219 --A INPUT -i eth0 -j limit-220 --A INPUT -i eth0 -j limit-221 --A INPUT -i eth0 -j limit-222 --A INPUT -i eth0 -j limit-223 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-14 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-15 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-16 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-17 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-18 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-19 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-224 -A INPUT -i eth0 -j limit-225 -A INPUT -i eth0 -j limit-226 -A INPUT -i eth0 -j limit-227 +-A INPUT -i eth0 -j limit-228 +-A INPUT -i eth0 -j limit-229 +-A INPUT -i eth0 -j limit-230 +-A INPUT -i eth0 -j limit-231 +-A INPUT -i eth0 -j limit-232 +-A INPUT -i eth0 -j limit-233 +-A INPUT -i eth0 -j limit-234 +-A INPUT -i eth0 -j limit-235 +-A INPUT -i eth0 -j limit-236 +-A INPUT -i eth0 -j limit-237 +-A INPUT -i eth0 -j limit-238 +-A INPUT -i eth0 -j limit-239 +-A INPUT -i eth0 -j limit-240 +-A INPUT -i eth0 -j limit-241 +-A INPUT -i eth0 -j limit-242 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-92 +-A INPUT -i eth0 -j limit-244 +-A INPUT -i eth0 -j limit-245 +-A INPUT -i eth0 -j limit-246 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-96 +-A INPUT -i eth0 -j limit-248 +-A INPUT -i eth0 -j limit-249 +-A INPUT -i eth0 -j limit-250 +-A INPUT -i eth0 -j limit-251 +-A INPUT -i eth0 -j limit-252 +-A INPUT -i eth0 -j limit-253 +-A INPUT -i eth0 -j limit-254 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-104 +-A INPUT -i eth0 -j limit-256 +-A INPUT -i eth0 -j limit-257 +-A INPUT -i eth0 -j limit-258 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-108 +-A INPUT -i eth0 -j limit-260 +-A INPUT -i eth0 -j limit-261 +-A INPUT -i eth0 -j limit-262 +-A INPUT -i eth0 -j limit-263 +-A INPUT -i eth0 -j limit-264 +-A INPUT -i eth0 -j limit-265 +-A INPUT -i eth0 -j limit-266 +-A INPUT -i eth0 -j limit-267 +-A INPUT -i eth0 -j limit-268 +-A INPUT -i eth0 -j limit-269 +-A INPUT -i eth0 -j limit-270 +-A INPUT -i eth0 -j limit-271 +-A INPUT -i eth0 -j limit-272 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-274 +-A INPUT -i eth0 -j limit-275 +-A INPUT -i eth0 -j limit-276 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-278 +-A INPUT -i eth0 -j limit-279 +-A INPUT -i eth0 -j limit-280 +-A INPUT -i eth0 -j limit-281 +-A INPUT -i eth0 -j limit-282 +-A INPUT -i eth0 -j limit-283 +-A INPUT -i eth0 -j limit-284 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-286 +-A INPUT -i eth0 -j limit-287 +-A INPUT -i eth0 -j limit-288 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-290 +-A INPUT -i eth0 -j limit-291 +-A INPUT -i eth0 -j limit-292 +-A INPUT -i eth0 -j limit-293 +-A INPUT -i eth0 -j limit-294 +-A INPUT -i eth0 -j limit-295 +-A INPUT -i eth0 -j limit-296 +-A INPUT -i eth0 -j limit-297 +-A INPUT -i eth0 -j limit-298 +-A INPUT -i eth0 -j limit-299 +-A INPUT -i eth0 -j limit-300 +-A INPUT -i eth0 -j limit-301 +-A INPUT -i eth0 -j limit-302 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-304 +-A INPUT -i eth0 -j limit-305 +-A INPUT -i eth0 -j limit-306 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-308 +-A INPUT -i eth0 -j limit-309 +-A INPUT -i eth0 -j limit-310 +-A INPUT -i eth0 -j limit-311 +-A INPUT -i eth0 -j limit-312 +-A INPUT -i eth0 -j limit-313 +-A INPUT -i eth0 -j limit-314 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-316 +-A INPUT -i eth0 -j limit-317 +-A INPUT -i eth0 -j limit-318 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-320 +-A INPUT -i eth0 -j limit-321 +-A INPUT -i eth0 -j limit-322 +-A INPUT -i eth0 -j limit-323 +-A INPUT -i eth0 -j limit-324 +-A INPUT -i eth0 -j limit-325 +-A INPUT -i eth0 -j limit-326 +-A INPUT -i eth0 -j limit-327 +-A INPUT -i eth0 -j limit-328 +-A INPUT -i eth0 -j limit-329 +-A INPUT -i eth0 -j limit-330 +-A INPUT -i eth0 -j limit-331 +-A INPUT -i eth0 -j limit-332 +-A INPUT -i eth0 -j limit-333 +-A INPUT -i eth0 -j limit-334 +-A INPUT -i eth0 -j limit-335 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-73 +-A INPUT -j logdrop-109 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-74 +-A INPUT -j logdrop-110 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -4929,6 +6781,78 @@ hash:net family inet -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-223 +-A OUTPUT -j limit-222 +-A OUTPUT -j limit-221 +-A OUTPUT -j limit-220 +-A OUTPUT -j limit-219 +-A OUTPUT -j limit-218 +-A OUTPUT -j limit-217 +-A OUTPUT -j limit-216 +-A OUTPUT -j limit-215 +-A OUTPUT -j limit-214 +-A OUTPUT -j limit-213 +-A OUTPUT -j limit-212 +-A OUTPUT -j limit-211 +-A OUTPUT -j limit-210 +-A OUTPUT -j limit-209 +-A OUTPUT -j limit-208 +-A OUTPUT -j limit-207 +-A OUTPUT -j limit-206 +-A OUTPUT -j limit-205 +-A OUTPUT -j limit-204 +-A OUTPUT -j limit-203 +-A OUTPUT -j limit-202 +-A OUTPUT -j limit-201 +-A OUTPUT -j limit-200 +-A OUTPUT -j limit-199 +-A OUTPUT -j limit-198 +-A OUTPUT -j limit-197 +-A OUTPUT -j limit-196 +-A OUTPUT -j limit-195 +-A OUTPUT -j limit-194 +-A OUTPUT -j limit-193 +-A OUTPUT -j limit-192 +-A OUTPUT -j limit-191 +-A OUTPUT -j limit-190 +-A OUTPUT -j limit-189 +-A OUTPUT -j limit-188 +-A OUTPUT -j limit-187 +-A OUTPUT -j limit-186 +-A OUTPUT -j limit-185 +-A OUTPUT -j limit-184 +-A OUTPUT -j limit-183 +-A OUTPUT -j limit-182 +-A OUTPUT -j limit-181 +-A OUTPUT -j limit-180 +-A OUTPUT -j limit-179 +-A OUTPUT -j limit-178 +-A OUTPUT -j limit-177 +-A OUTPUT -j limit-176 +-A OUTPUT -j limit-175 +-A OUTPUT -j limit-174 +-A OUTPUT -j limit-173 +-A OUTPUT -j limit-172 +-A OUTPUT -j limit-171 +-A OUTPUT -j limit-170 +-A OUTPUT -j limit-169 +-A OUTPUT -j limit-168 +-A OUTPUT -j limit-167 +-A OUTPUT -j limit-166 +-A OUTPUT -j limit-165 +-A OUTPUT -j limit-164 +-A OUTPUT -j limit-163 +-A OUTPUT -j limit-162 +-A OUTPUT -j limit-161 +-A OUTPUT -j limit-160 +-A OUTPUT -j limit-159 +-A OUTPUT -j limit-158 +-A OUTPUT -j limit-157 +-A OUTPUT -j limit-156 +-A OUTPUT -j limit-155 +-A OUTPUT -j limit-154 +-A OUTPUT -j limit-153 +-A OUTPUT -j limit-152 -A OUTPUT -j limit-151 -A OUTPUT -j limit-150 -A OUTPUT -j limit-149 @@ -4969,42 +6893,6 @@ hash:net family inet -A OUTPUT -j limit-114 -A OUTPUT -j limit-113 -A OUTPUT -j limit-112 --A OUTPUT -j limit-111 --A OUTPUT -j limit-110 --A OUTPUT -j limit-109 --A OUTPUT -j limit-108 --A OUTPUT -j limit-107 --A OUTPUT -j limit-106 --A OUTPUT -j limit-105 --A OUTPUT -j limit-104 --A OUTPUT -j limit-103 --A OUTPUT -j limit-102 --A OUTPUT -j limit-101 --A OUTPUT -j limit-100 --A OUTPUT -j limit-99 --A OUTPUT -j limit-98 --A OUTPUT -j limit-97 --A OUTPUT -j limit-96 --A OUTPUT -j limit-95 --A OUTPUT -j limit-94 --A OUTPUT -j limit-93 --A OUTPUT -j limit-92 --A OUTPUT -j limit-91 --A OUTPUT -j limit-90 --A OUTPUT -j limit-89 --A OUTPUT -j limit-88 --A OUTPUT -j limit-87 --A OUTPUT -j limit-86 --A OUTPUT -j limit-85 --A OUTPUT -j limit-84 --A OUTPUT -j limit-83 --A OUTPUT -j limit-82 --A OUTPUT -j limit-81 --A OUTPUT -j limit-80 --A OUTPUT -j limit-79 --A OUTPUT -j limit-78 --A OUTPUT -j limit-77 --A OUTPUT -j limit-76 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -5044,17 +6932,17 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 --A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 --A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 @@ -5062,23 +6950,23 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-46 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-47 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-48 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-49 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-50 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-51 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 -A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-58 --A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-59 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-60 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-61 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-62 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-63 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-64 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-65 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-66 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-67 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-68 @@ -5089,6 +6977,42 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-73 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-74 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-75 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-76 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-77 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-78 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-80 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-81 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-82 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-84 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-85 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-86 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-87 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-88 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-89 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-90 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-92 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-93 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-94 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-96 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-97 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-98 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-99 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-100 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-101 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-102 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-103 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-104 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-105 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-106 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-107 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-108 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-109 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-110 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-111 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -5131,6 +7055,42 @@ hash:net family inet -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-13 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-14 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-15 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-16 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-17 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-18 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-19 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -5176,13 +7136,13 @@ hash:net family inet -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-73 +-A OUTPUT -j logdrop-109 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-74 +-A OUTPUT -j logdrop-110 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -5208,461 +7168,650 @@ hash:net family inet -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set --A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set --A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set --A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --set --A limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --set --A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j ACCEPT +-A limit-100 -m limit --limit 1/second -j LOG +-A limit-100 -j DROP +-A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN +-A limit-101 -m limit --limit 1/second -j LOG +-A limit-101 -j DROP +-A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j logaccept-1 +-A limit-102 -m limit --limit 1/second -j LOG +-A limit-102 -j DROP +-A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j ACCEPT +-A limit-103 -m limit --limit 1/second -j LOG +-A limit-103 -j DROP +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT +-A limit-104 -j DROP +-A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN +-A limit-105 -j DROP +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-2 +-A limit-106 -j DROP +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -j DROP +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT +-A limit-108 -j DROP +-A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN +-A limit-109 -j DROP -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set --A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-113 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-114 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-115 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-115 -m limit --limit 1/second -j LOG --A limit-116 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-117 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-3 +-A limit-110 -j DROP +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT +-A limit-111 -j DROP +-A limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --set +-A limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --set +-A limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --set +-A limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set +-A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 -A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 -A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 -A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 -A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 -A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set --A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 -A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set --A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 -A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 -A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 -A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 -A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 -A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 -A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-55 +-A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-56 +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-57 +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-58 -A limit-133 -m limit --limit 1/second -j LOG --A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-136 -j RETURN --A limit-136 -m limit --limit 1/second -j LOG --A limit-136 -j DROP --A limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-137 -j RETURN --A limit-137 -m limit --limit 1/second -j LOG --A limit-137 -j DROP --A limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-138 -j RETURN --A limit-138 -m limit --limit 1/second -j LOG --A limit-138 -j DROP --A limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-139 -j RETURN --A limit-139 -m limit --limit 1/second -j LOG --A limit-139 -j DROP +-A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-59 +-A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-60 +-A limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 +-A limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 +-A limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 +-A limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 +-A limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-140 -j RETURN --A limit-140 -m limit --limit 1/second -j LOG --A limit-140 -j DROP --A limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-141 -j RETURN --A limit-141 -m limit --limit 1/second -j LOG --A limit-141 -j DROP --A limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-142 -j RETURN --A limit-142 -m limit --limit 1/second -j LOG --A limit-142 -j DROP --A limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-143 -j RETURN --A limit-143 -m limit --limit 1/second -j LOG --A limit-143 -j DROP --A limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-144 -j RETURN --A limit-144 -j DROP --A limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-145 -j RETURN --A limit-145 -j DROP --A limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-146 -j RETURN --A limit-146 -j DROP --A limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-147 -j RETURN --A limit-147 -j DROP --A limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-148 -j RETURN --A limit-148 -j DROP --A limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-149 -j RETURN --A limit-149 -j DROP +-A limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 +-A limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 +-A limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-142 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-143 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 +-A limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-145 -m limit --limit 1/second -j LOG +-A limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 +-A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set +-A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-150 -j RETURN --A limit-150 -j DROP --A limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-151 -j RETURN --A limit-151 -j DROP --A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set +-A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set +-A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set --A limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-154 -m limit --limit 1/second -j LOG --A limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set --A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-55 --A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-56 --A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set +-A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-57 --A limit-160 -m limit --limit 1/second -j LOG --A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-58 --A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-59 --A limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-60 --A limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --set --A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 --A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 --A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 --A limit-166 -m limit --limit 1/second -j LOG --A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 --A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 --A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 --A limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-160 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-161 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-163 -m limit --limit 1/second -j LOG +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 --A limit-170 -j ACCEPT --A limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 --A limit-172 -m limit --limit 1/second -j LOG --A limit-172 -j ACCEPT --A limit-173 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 --A limit-173 -m limit --limit 1/second -j LOG --A limit-174 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 --A limit-174 -j ACCEPT --A limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --set +-A limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-172 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-173 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-175 -m limit --limit 1/second -j LOG +-A limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-178 -m limit --limit 1/second -j LOG --A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set -A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set -A limit-18 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19 -A limit-18 -j ACCEPT -A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set -A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set --A limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --set +-A limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --set -A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-184 -m limit --limit 1/second -j LOG --A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-188 -j ACCEPT +-A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-190 -m limit --limit 1/second -j LOG --A limit-190 -j ACCEPT -A limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-191 -m limit --limit 1/second -j LOG -A limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-192 -j ACCEPT --A limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --set --A limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-196 -m limit --limit 1/second -j LOG --A limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --set +-A limit-193 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-193 -m limit --limit 1/second -j LOG +-A limit-194 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-195 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-20 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG -A limit-20 -j ACCEPT --A limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-202 -m limit --limit 1/second -j LOG --A limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-206 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-206 -j ACCEPT --A limit-208 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-202 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-203 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-204 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m limit --limit 1/second -j LOG +-A limit-206 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-207 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j RETURN -A limit-208 -m limit --limit 1/second -j LOG --A limit-208 -j ACCEPT --A limit-209 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -j DROP +-A limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j RETURN -A limit-209 -m limit --limit 1/second -j LOG +-A limit-209 -j DROP -A limit-21 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22 -A limit-21 -m limit --limit 1/second -j LOG --A limit-210 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-210 -j ACCEPT --A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j ACCEPT +-A limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j RETURN +-A limit-210 -m limit --limit 1/second -j LOG +-A limit-210 -j DROP +-A limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN +-A limit-211 -m limit --limit 1/second -j LOG +-A limit-211 -j DROP +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j RETURN -A limit-212 -m limit --limit 1/second -j LOG -A limit-212 -j DROP -A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN -A limit-213 -m limit --limit 1/second -j LOG -A limit-213 -j DROP --A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j logaccept-4 +-A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j RETURN -A limit-214 -m limit --limit 1/second -j LOG -A limit-214 -j DROP --A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j ACCEPT +-A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j RETURN -A limit-215 -m limit --limit 1/second -j LOG -A limit-215 -j DROP --A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j ACCEPT --A limit-216 -m limit --limit 1/second -j LOG +-A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j RETURN -A limit-216 -j DROP -A limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN --A limit-217 -m limit --limit 1/second -j LOG -A limit-217 -j DROP --A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j logaccept-5 --A limit-218 -m limit --limit 1/second -j LOG +-A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j RETURN -A limit-218 -j DROP --A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j ACCEPT --A limit-219 -m limit --limit 1/second -j LOG +-A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j RETURN -A limit-219 -j DROP -A limit-22 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23 -A limit-22 -j ACCEPT --A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j ACCEPT +-A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j RETURN -A limit-220 -j DROP -A limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN -A limit-221 -j DROP --A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j logaccept-6 +-A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j RETURN -A limit-222 -j DROP --A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j ACCEPT +-A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j RETURN -A limit-223 -j DROP --A limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-224 -j ACCEPT --A limit-224 -j DROP --A limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-225 -j RETURN --A limit-225 -j DROP --A limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-226 -j logaccept-7 --A limit-226 -j DROP --A limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-227 -j ACCEPT --A limit-227 -j DROP --A limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --set --A limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 +-A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set +-A limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 +-A limit-226 -m limit --limit 1/second -j LOG +-A limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 +-A limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 +-A limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 +-A limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --set +-A limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 +-A limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 +-A limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --set +-A limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 +-A limit-232 -m limit --limit 1/second -j LOG +-A limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 +-A limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 +-A limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 +-A limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --set +-A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-85 +-A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-86 +-A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-87 +-A limit-238 -m limit --limit 1/second -j LOG +-A limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-88 +-A limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-89 +-A limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-90 +-A limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-242 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-91 +-A limit-242 -j ACCEPT +-A limit-244 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-93 +-A limit-244 -m limit --limit 1/second -j LOG +-A limit-244 -j ACCEPT +-A limit-245 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-94 +-A limit-245 -m limit --limit 1/second -j LOG +-A limit-246 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-95 +-A limit-246 -j ACCEPT +-A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-97 +-A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-98 +-A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-99 +-A limit-250 -m limit --limit 1/second -j LOG +-A limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-100 +-A limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-101 +-A limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-102 +-A limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-254 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-103 +-A limit-254 -j ACCEPT +-A limit-256 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-105 +-A limit-256 -m limit --limit 1/second -j LOG +-A limit-256 -j ACCEPT +-A limit-257 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-106 +-A limit-257 -m limit --limit 1/second -j LOG +-A limit-258 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-107 +-A limit-258 -j ACCEPT +-A limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --set +-A limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --set +-A limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-262 -m limit --limit 1/second -j LOG +-A limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --set +-A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m limit --limit 1/second -j LOG +-A limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-272 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-272 -j ACCEPT +-A limit-274 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-274 -m limit --limit 1/second -j LOG +-A limit-274 -j ACCEPT +-A limit-275 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-275 -m limit --limit 1/second -j LOG +-A limit-276 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-276 -j ACCEPT +-A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-280 -m limit --limit 1/second -j LOG +-A limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-284 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-284 -j ACCEPT +-A limit-286 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-286 -m limit --limit 1/second -j LOG +-A limit-286 -j ACCEPT +-A limit-287 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-287 -m limit --limit 1/second -j LOG +-A limit-288 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-288 -j ACCEPT +-A limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --set +-A limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-292 -m limit --limit 1/second -j LOG +-A limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --set +-A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m limit --limit 1/second -j LOG +-A limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-30 -j ACCEPT +-A limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-302 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-302 -j ACCEPT +-A limit-304 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-304 -m limit --limit 1/second -j LOG +-A limit-304 -j ACCEPT +-A limit-305 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-305 -m limit --limit 1/second -j LOG +-A limit-306 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-306 -j ACCEPT +-A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-310 -m limit --limit 1/second -j LOG +-A limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-314 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-314 -j ACCEPT +-A limit-316 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-316 -m limit --limit 1/second -j LOG +-A limit-316 -j ACCEPT +-A limit-317 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-317 -m limit --limit 1/second -j LOG +-A limit-318 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-318 -j ACCEPT +-A limit-32 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-33 -A limit-32 -m limit --limit 1/second -j LOG --A limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-36 -j ACCEPT --A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-32 -j ACCEPT +-A limit-320 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-320 -j ACCEPT +-A limit-320 -m limit --limit 1/second -j LOG +-A limit-320 -j DROP +-A limit-321 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-321 -j RETURN +-A limit-321 -m limit --limit 1/second -j LOG +-A limit-321 -j DROP +-A limit-322 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-322 -j logaccept-4 +-A limit-322 -m limit --limit 1/second -j LOG +-A limit-322 -j DROP +-A limit-323 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-323 -j ACCEPT +-A limit-323 -m limit --limit 1/second -j LOG +-A limit-323 -j DROP +-A limit-324 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-324 -j ACCEPT +-A limit-324 -m limit --limit 1/second -j LOG +-A limit-324 -j DROP +-A limit-325 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-325 -j RETURN +-A limit-325 -m limit --limit 1/second -j LOG +-A limit-325 -j DROP +-A limit-326 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-326 -j logaccept-5 +-A limit-326 -m limit --limit 1/second -j LOG +-A limit-326 -j DROP +-A limit-327 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-327 -j ACCEPT +-A limit-327 -m limit --limit 1/second -j LOG +-A limit-327 -j DROP +-A limit-328 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-328 -j ACCEPT +-A limit-328 -j DROP +-A limit-329 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-329 -j RETURN +-A limit-329 -j DROP +-A limit-33 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-33 -m limit --limit 1/second -j LOG +-A limit-330 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-330 -j logaccept-6 +-A limit-330 -j DROP +-A limit-331 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-331 -j ACCEPT +-A limit-331 -j DROP +-A limit-332 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-332 -j ACCEPT +-A limit-332 -j DROP +-A limit-333 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-333 -j RETURN +-A limit-333 -j DROP +-A limit-334 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-334 -j logaccept-7 +-A limit-334 -j DROP +-A limit-335 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-335 -j ACCEPT +-A limit-335 -j DROP +-A limit-34 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-34 -j ACCEPT +-A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --set +-A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG --A limit-38 -j ACCEPT --A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-39 -m limit --limit 1/second -j LOG +-A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-40 -j ACCEPT --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set +-A limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set --A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-48 -j ACCEPT -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set --A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-50 -m limit --limit 1/second -j LOG --A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-54 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-54 -j ACCEPT --A limit-56 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-50 -j ACCEPT +-A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-51 -m limit --limit 1/second -j LOG +-A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-52 -j ACCEPT +-A limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-56 -m limit --limit 1/second -j LOG --A limit-56 -j ACCEPT --A limit-57 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-57 -m limit --limit 1/second -j LOG --A limit-58 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-58 -j ACCEPT +-A limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-60 -j ACCEPT --A limit-60 -m limit --limit 1/second -j LOG --A limit-60 -j DROP --A limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-61 -j RETURN --A limit-61 -m limit --limit 1/second -j LOG --A limit-61 -j DROP --A limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-62 -j logaccept-0 +-A limit-60 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-60 -j ACCEPT +-A limit-62 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-62 -m limit --limit 1/second -j LOG --A limit-62 -j DROP --A limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-63 -j ACCEPT +-A limit-62 -j ACCEPT +-A limit-63 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-63 -m limit --limit 1/second -j LOG --A limit-63 -j DROP --A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j ACCEPT --A limit-64 -m limit --limit 1/second -j LOG --A limit-64 -j DROP --A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN --A limit-65 -m limit --limit 1/second -j LOG --A limit-65 -j DROP --A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j logaccept-1 --A limit-66 -m limit --limit 1/second -j LOG --A limit-66 -j DROP --A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j ACCEPT --A limit-67 -m limit --limit 1/second -j LOG --A limit-67 -j DROP --A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j ACCEPT --A limit-68 -j DROP --A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN --A limit-69 -j DROP +-A limit-64 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-64 -j ACCEPT +-A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set +-A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-68 -m limit --limit 1/second -j LOG +-A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set --A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j logaccept-2 --A limit-70 -j DROP --A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j ACCEPT --A limit-71 -j DROP --A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j ACCEPT --A limit-72 -j DROP --A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN --A limit-73 -j DROP --A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j logaccept-3 --A limit-74 -j DROP --A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j ACCEPT --A limit-75 -j DROP --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set --A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set --A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --set +-A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-74 -m limit --limit 1/second -j LOG +-A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-76 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-76 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-77 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-78 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-78 -j ACCEPT -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set --A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set --A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set --A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set --A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set --A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set --A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set --A limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-80 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m limit --limit 1/second -j LOG +-A limit-80 -j ACCEPT +-A limit-81 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-81 -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-82 -j ACCEPT +-A limit-84 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-84 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-85 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-85 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-86 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-86 -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-87 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-87 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-88 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-88 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-89 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-89 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-43 --A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-44 --A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-45 --A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-90 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-90 -j ACCEPT +-A limit-92 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-92 -m limit --limit 1/second -j LOG +-A limit-92 -j ACCEPT +-A limit-93 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-93 -m limit --limit 1/second -j LOG +-A limit-94 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-94 -j ACCEPT +-A limit-96 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-96 -j ACCEPT +-A limit-96 -m limit --limit 1/second -j LOG +-A limit-96 -j DROP +-A limit-97 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-97 -j RETURN -A limit-97 -m limit --limit 1/second -j LOG --A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-47 --A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-48 +-A limit-97 -j DROP +-A limit-98 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-98 -j logaccept-0 +-A limit-98 -m limit --limit 1/second -j LOG +-A limit-98 -j DROP +-A limit-99 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-99 -j ACCEPT +-A limit-99 -m limit --limit 1/second -j LOG +-A limit-99 -j DROP -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -5693,6 +7842,18 @@ hash:net family inet -A logaccept-final-12 -j ACCEPT -A logaccept-final-13 -m limit --limit 1/second -j LOG -A logaccept-final-13 -j ACCEPT +-A logaccept-final-14 -m limit --limit 1/second -j LOG +-A logaccept-final-14 -j ACCEPT +-A logaccept-final-15 -m limit --limit 1/second -j LOG +-A logaccept-final-15 -j ACCEPT +-A logaccept-final-16 -m limit --limit 1/second -j LOG +-A logaccept-final-16 -j ACCEPT +-A logaccept-final-17 -m limit --limit 1/second -j LOG +-A logaccept-final-17 -j ACCEPT +-A logaccept-final-18 -m limit --limit 1/second -j LOG +-A logaccept-final-18 -j ACCEPT +-A logaccept-final-19 -m limit --limit 1/second -j LOG +-A logaccept-final-19 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -5715,8 +7876,26 @@ hash:net family inet -A logdrop-1 -j DROP -A logdrop-10 -m limit --limit 1/second -j LOG -A logdrop-10 -j DROP +-A logdrop-100 -m limit --limit 1/second -j LOG +-A logdrop-100 -j DROP +-A logdrop-101 -m limit --limit 1/second -j LOG +-A logdrop-101 -j DROP +-A logdrop-102 -m limit --limit 1/second -j LOG +-A logdrop-102 -j DROP +-A logdrop-103 -m limit --limit 1/second -j LOG +-A logdrop-103 -j DROP +-A logdrop-105 -m limit --limit 1/second -j LOG +-A logdrop-105 -j DROP +-A logdrop-106 -m limit --limit 1/second -j LOG +-A logdrop-106 -j DROP +-A logdrop-107 -m limit --limit 1/second -j LOG +-A logdrop-107 -j DROP +-A logdrop-109 -m limit --limit 1/second -j LOG +-A logdrop-109 -j DROP -A logdrop-11 -m limit --limit 1/second -j LOG -A logdrop-11 -j DROP +-A logdrop-110 -m limit --limit 1/second -j LOG +-A logdrop-110 -j DROP -A logdrop-12 -m limit --limit 1/second -j LOG -A logdrop-12 -j DROP -A logdrop-13 -m limit --limit 1/second -j LOG @@ -5757,16 +7936,12 @@ hash:net family inet -A logdrop-30 -j DROP -A logdrop-31 -m limit --limit 1/second -j LOG -A logdrop-31 -j DROP --A logdrop-32 -m limit --limit 1/second -j LOG --A logdrop-32 -j DROP -A logdrop-33 -m limit --limit 1/second -j LOG -A logdrop-33 -j DROP -A logdrop-34 -m limit --limit 1/second -j LOG -A logdrop-34 -j DROP -A logdrop-35 -m limit --limit 1/second -j LOG -A logdrop-35 -j DROP --A logdrop-36 -m limit --limit 1/second -j LOG --A logdrop-36 -j DROP -A logdrop-37 -m limit --limit 1/second -j LOG -A logdrop-37 -j DROP -A logdrop-38 -m limit --limit 1/second -j LOG @@ -5835,6 +8010,8 @@ hash:net family inet -A logdrop-66 -j DROP -A logdrop-67 -m limit --limit 1/second -j LOG -A logdrop-67 -j DROP +-A logdrop-68 -m limit --limit 1/second -j LOG +-A logdrop-68 -j DROP -A logdrop-69 -m limit --limit 1/second -j LOG -A logdrop-69 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG @@ -5843,14 +8020,62 @@ hash:net family inet -A logdrop-70 -j DROP -A logdrop-71 -m limit --limit 1/second -j LOG -A logdrop-71 -j DROP +-A logdrop-72 -m limit --limit 1/second -j LOG +-A logdrop-72 -j DROP -A logdrop-73 -m limit --limit 1/second -j LOG -A logdrop-73 -j DROP -A logdrop-74 -m limit --limit 1/second -j LOG -A logdrop-74 -j DROP +-A logdrop-75 -m limit --limit 1/second -j LOG +-A logdrop-75 -j DROP +-A logdrop-76 -m limit --limit 1/second -j LOG +-A logdrop-76 -j DROP +-A logdrop-77 -m limit --limit 1/second -j LOG +-A logdrop-77 -j DROP +-A logdrop-78 -m limit --limit 1/second -j LOG +-A logdrop-78 -j DROP +-A logdrop-79 -m limit --limit 1/second -j LOG +-A logdrop-79 -j DROP -A logdrop-8 -m limit --limit 1/second -j LOG -A logdrop-8 -j DROP +-A logdrop-80 -m limit --limit 1/second -j LOG +-A logdrop-80 -j DROP +-A logdrop-81 -m limit --limit 1/second -j LOG +-A logdrop-81 -j DROP +-A logdrop-82 -m limit --limit 1/second -j LOG +-A logdrop-82 -j DROP +-A logdrop-83 -m limit --limit 1/second -j LOG +-A logdrop-83 -j DROP +-A logdrop-84 -m limit --limit 1/second -j LOG +-A logdrop-84 -j DROP +-A logdrop-85 -m limit --limit 1/second -j LOG +-A logdrop-85 -j DROP +-A logdrop-86 -m limit --limit 1/second -j LOG +-A logdrop-86 -j DROP +-A logdrop-87 -m limit --limit 1/second -j LOG +-A logdrop-87 -j DROP +-A logdrop-88 -m limit --limit 1/second -j LOG +-A logdrop-88 -j DROP +-A logdrop-89 -m limit --limit 1/second -j LOG +-A logdrop-89 -j DROP -A logdrop-9 -m limit --limit 1/second -j LOG -A logdrop-9 -j DROP +-A logdrop-90 -m limit --limit 1/second -j LOG +-A logdrop-90 -j DROP +-A logdrop-91 -m limit --limit 1/second -j LOG +-A logdrop-91 -j DROP +-A logdrop-93 -m limit --limit 1/second -j LOG +-A logdrop-93 -j DROP +-A logdrop-94 -m limit --limit 1/second -j LOG +-A logdrop-94 -j DROP +-A logdrop-95 -m limit --limit 1/second -j LOG +-A logdrop-95 -j DROP +-A logdrop-97 -m limit --limit 1/second -j LOG +-A logdrop-97 -j DROP +-A logdrop-98 -m limit --limit 1/second -j LOG +-A logdrop-98 -j DROP +-A logdrop-99 -m limit --limit 1/second -j LOG +-A logdrop-99 -j DROP -A logpass-0 -m limit --limit 1/second -j LOG -A logreject-0 -m limit --limit 1/second -j LOG -A logreject-0 -j REJECT @@ -5932,6 +8157,24 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -6019,6 +8262,42 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -6120,9 +8399,11 @@ COMMIT :limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] +:limit-171 - [0:0] :limit-172 - [0:0] :limit-173 - [0:0] :limit-174 - [0:0] +:limit-175 - [0:0] :limit-176 - [0:0] :limit-177 - [0:0] :limit-178 - [0:0] @@ -6137,9 +8418,11 @@ COMMIT :limit-186 - [0:0] :limit-187 - [0:0] :limit-188 - [0:0] +:limit-189 - [0:0] :limit-190 - [0:0] :limit-191 - [0:0] :limit-192 - [0:0] +:limit-193 - [0:0] :limit-194 - [0:0] :limit-195 - [0:0] :limit-196 - [0:0] @@ -6155,10 +8438,12 @@ COMMIT :limit-204 - [0:0] :limit-205 - [0:0] :limit-206 - [0:0] +:limit-207 - [0:0] :limit-208 - [0:0] :limit-209 - [0:0] :limit-21 - [0:0] :limit-210 - [0:0] +:limit-211 - [0:0] :limit-212 - [0:0] :limit-213 - [0:0] :limit-214 - [0:0] @@ -6176,24 +8461,120 @@ COMMIT :limit-225 - [0:0] :limit-226 - [0:0] :limit-227 - [0:0] +:limit-228 - [0:0] +:limit-229 - [0:0] +:limit-230 - [0:0] +:limit-231 - [0:0] +:limit-232 - [0:0] +:limit-233 - [0:0] +:limit-234 - [0:0] +:limit-235 - [0:0] +:limit-236 - [0:0] +:limit-237 - [0:0] +:limit-238 - [0:0] +:limit-239 - [0:0] :limit-24 - [0:0] +:limit-240 - [0:0] +:limit-241 - [0:0] +:limit-242 - [0:0] +:limit-244 - [0:0] +:limit-245 - [0:0] +:limit-246 - [0:0] +:limit-248 - [0:0] +:limit-249 - [0:0] :limit-25 - [0:0] +:limit-250 - [0:0] +:limit-251 - [0:0] +:limit-252 - [0:0] +:limit-253 - [0:0] +:limit-254 - [0:0] +:limit-256 - [0:0] +:limit-257 - [0:0] +:limit-258 - [0:0] :limit-26 - [0:0] +:limit-260 - [0:0] +:limit-261 - [0:0] +:limit-262 - [0:0] +:limit-263 - [0:0] +:limit-264 - [0:0] +:limit-265 - [0:0] +:limit-266 - [0:0] +:limit-267 - [0:0] +:limit-268 - [0:0] +:limit-269 - [0:0] :limit-27 - [0:0] +:limit-270 - [0:0] +:limit-271 - [0:0] +:limit-272 - [0:0] +:limit-274 - [0:0] +:limit-275 - [0:0] +:limit-276 - [0:0] +:limit-278 - [0:0] +:limit-279 - [0:0] :limit-28 - [0:0] +:limit-280 - [0:0] +:limit-281 - [0:0] +:limit-282 - [0:0] +:limit-283 - [0:0] +:limit-284 - [0:0] +:limit-286 - [0:0] +:limit-287 - [0:0] +:limit-288 - [0:0] :limit-29 - [0:0] +:limit-290 - [0:0] +:limit-291 - [0:0] +:limit-292 - [0:0] +:limit-293 - [0:0] +:limit-294 - [0:0] +:limit-295 - [0:0] +:limit-296 - [0:0] +:limit-297 - [0:0] +:limit-298 - [0:0] +:limit-299 - [0:0] :limit-3 - [0:0] :limit-30 - [0:0] -:limit-31 - [0:0] +:limit-300 - [0:0] +:limit-301 - [0:0] +:limit-302 - [0:0] +:limit-304 - [0:0] +:limit-305 - [0:0] +:limit-306 - [0:0] +:limit-308 - [0:0] +:limit-309 - [0:0] +:limit-310 - [0:0] +:limit-311 - [0:0] +:limit-312 - [0:0] +:limit-313 - [0:0] +:limit-314 - [0:0] +:limit-316 - [0:0] +:limit-317 - [0:0] +:limit-318 - [0:0] :limit-32 - [0:0] +:limit-320 - [0:0] +:limit-321 - [0:0] +:limit-322 - [0:0] +:limit-323 - [0:0] +:limit-324 - [0:0] +:limit-325 - [0:0] +:limit-326 - [0:0] +:limit-327 - [0:0] +:limit-328 - [0:0] +:limit-329 - [0:0] :limit-33 - [0:0] +:limit-330 - [0:0] +:limit-331 - [0:0] +:limit-332 - [0:0] +:limit-333 - [0:0] +:limit-334 - [0:0] +:limit-335 - [0:0] :limit-34 - [0:0] -:limit-35 - [0:0] :limit-36 - [0:0] +:limit-37 - [0:0] :limit-38 - [0:0] :limit-39 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] +:limit-41 - [0:0] :limit-42 - [0:0] :limit-43 - [0:0] :limit-44 - [0:0] @@ -6201,23 +8582,21 @@ COMMIT :limit-46 - [0:0] :limit-47 - [0:0] :limit-48 - [0:0] -:limit-49 - [0:0] :limit-5 - [0:0] :limit-50 - [0:0] :limit-51 - [0:0] :limit-52 - [0:0] -:limit-53 - [0:0] :limit-54 - [0:0] +:limit-55 - [0:0] :limit-56 - [0:0] :limit-57 - [0:0] :limit-58 - [0:0] +:limit-59 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] -:limit-61 - [0:0] :limit-62 - [0:0] :limit-63 - [0:0] :limit-64 - [0:0] -:limit-65 - [0:0] :limit-66 - [0:0] :limit-67 - [0:0] :limit-68 - [0:0] @@ -6232,12 +8611,10 @@ COMMIT :limit-76 - [0:0] :limit-77 - [0:0] :limit-78 - [0:0] -:limit-79 - [0:0] :limit-8 - [0:0] :limit-80 - [0:0] :limit-81 - [0:0] :limit-82 - [0:0] -:limit-83 - [0:0] :limit-84 - [0:0] :limit-85 - [0:0] :limit-86 - [0:0] @@ -6246,11 +8623,9 @@ COMMIT :limit-89 - [0:0] :limit-9 - [0:0] :limit-90 - [0:0] -:limit-91 - [0:0] :limit-92 - [0:0] :limit-93 - [0:0] :limit-94 - [0:0] -:limit-95 - [0:0] :limit-96 - [0:0] :limit-97 - [0:0] :limit-98 - [0:0] @@ -6270,6 +8645,12 @@ COMMIT :logaccept-final-11 - [0:0] :logaccept-final-12 - [0:0] :logaccept-final-13 - [0:0] +:logaccept-final-14 - [0:0] +:logaccept-final-15 - [0:0] +:logaccept-final-16 - [0:0] +:logaccept-final-17 - [0:0] +:logaccept-final-18 - [0:0] +:logaccept-final-19 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] @@ -6281,7 +8662,16 @@ COMMIT :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] +:logdrop-100 - [0:0] +:logdrop-101 - [0:0] +:logdrop-102 - [0:0] +:logdrop-103 - [0:0] +:logdrop-105 - [0:0] +:logdrop-106 - [0:0] +:logdrop-107 - [0:0] +:logdrop-109 - [0:0] :logdrop-11 - [0:0] +:logdrop-110 - [0:0] :logdrop-12 - [0:0] :logdrop-13 - [0:0] :logdrop-14 - [0:0] @@ -6302,11 +8692,9 @@ COMMIT :logdrop-3 - [0:0] :logdrop-30 - [0:0] :logdrop-31 - [0:0] -:logdrop-32 - [0:0] :logdrop-33 - [0:0] :logdrop-34 - [0:0] :logdrop-35 - [0:0] -:logdrop-36 - [0:0] :logdrop-37 - [0:0] :logdrop-38 - [0:0] :logdrop-39 - [0:0] @@ -6341,20 +8729,117 @@ COMMIT :logdrop-65 - [0:0] :logdrop-66 - [0:0] :logdrop-67 - [0:0] +:logdrop-68 - [0:0] :logdrop-69 - [0:0] :logdrop-7 - [0:0] :logdrop-70 - [0:0] :logdrop-71 - [0:0] +:logdrop-72 - [0:0] :logdrop-73 - [0:0] :logdrop-74 - [0:0] +:logdrop-75 - [0:0] +:logdrop-76 - [0:0] +:logdrop-77 - [0:0] +:logdrop-78 - [0:0] +:logdrop-79 - [0:0] :logdrop-8 - [0:0] +:logdrop-80 - [0:0] +:logdrop-81 - [0:0] +:logdrop-82 - [0:0] +:logdrop-83 - [0:0] +:logdrop-84 - [0:0] +:logdrop-85 - [0:0] +:logdrop-86 - [0:0] +:logdrop-87 - [0:0] +:logdrop-88 - [0:0] +:logdrop-89 - [0:0] :logdrop-9 - [0:0] +:logdrop-90 - [0:0] +:logdrop-91 - [0:0] +:logdrop-93 - [0:0] +:logdrop-94 - [0:0] +:logdrop-95 - [0:0] +:logdrop-97 - [0:0] +:logdrop-98 - [0:0] +:logdrop-99 - [0:0] :logpass-0 - [0:0] :logreject-0 - [0:0] :logtarpit-0 - [0:0] :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-223 +-A FORWARD -j limit-222 +-A FORWARD -j limit-221 +-A FORWARD -j limit-220 +-A FORWARD -j limit-219 +-A FORWARD -j limit-218 +-A FORWARD -j limit-217 +-A FORWARD -j limit-216 +-A FORWARD -j limit-215 +-A FORWARD -j limit-214 +-A FORWARD -j limit-213 +-A FORWARD -j limit-212 +-A FORWARD -j limit-211 +-A FORWARD -j limit-210 +-A FORWARD -j limit-209 +-A FORWARD -j limit-208 +-A FORWARD -j limit-207 +-A FORWARD -j limit-206 +-A FORWARD -j limit-205 +-A FORWARD -j limit-204 +-A FORWARD -j limit-203 +-A FORWARD -j limit-202 +-A FORWARD -j limit-201 +-A FORWARD -j limit-200 +-A FORWARD -j limit-199 +-A FORWARD -j limit-198 +-A FORWARD -j limit-197 +-A FORWARD -j limit-196 +-A FORWARD -j limit-195 +-A FORWARD -j limit-194 +-A FORWARD -j limit-193 +-A FORWARD -j limit-192 +-A FORWARD -j limit-191 +-A FORWARD -j limit-190 +-A FORWARD -j limit-189 +-A FORWARD -j limit-188 +-A FORWARD -j limit-187 +-A FORWARD -j limit-186 +-A FORWARD -j limit-185 +-A FORWARD -j limit-184 +-A FORWARD -j limit-183 +-A FORWARD -j limit-182 +-A FORWARD -j limit-181 +-A FORWARD -j limit-180 +-A FORWARD -j limit-179 +-A FORWARD -j limit-178 +-A FORWARD -j limit-177 +-A FORWARD -j limit-176 +-A FORWARD -j limit-175 +-A FORWARD -j limit-174 +-A FORWARD -j limit-173 +-A FORWARD -j limit-172 +-A FORWARD -j limit-171 +-A FORWARD -j limit-170 +-A FORWARD -j limit-169 +-A FORWARD -j limit-168 +-A FORWARD -j limit-167 +-A FORWARD -j limit-166 +-A FORWARD -j limit-165 +-A FORWARD -j limit-164 +-A FORWARD -j limit-163 +-A FORWARD -j limit-162 +-A FORWARD -j limit-161 +-A FORWARD -j limit-160 +-A FORWARD -j limit-159 +-A FORWARD -j limit-158 +-A FORWARD -j limit-157 +-A FORWARD -j limit-156 +-A FORWARD -j limit-155 +-A FORWARD -j limit-154 +-A FORWARD -j limit-153 +-A FORWARD -j limit-152 -A FORWARD -j limit-151 -A FORWARD -j limit-150 -A FORWARD -j limit-149 @@ -6395,42 +8880,6 @@ COMMIT -A FORWARD -j limit-114 -A FORWARD -j limit-113 -A FORWARD -j limit-112 --A FORWARD -j limit-111 --A FORWARD -j limit-110 --A FORWARD -j limit-109 --A FORWARD -j limit-108 --A FORWARD -j limit-107 --A FORWARD -j limit-106 --A FORWARD -j limit-105 --A FORWARD -j limit-104 --A FORWARD -j limit-103 --A FORWARD -j limit-102 --A FORWARD -j limit-101 --A FORWARD -j limit-100 --A FORWARD -j limit-99 --A FORWARD -j limit-98 --A FORWARD -j limit-97 --A FORWARD -j limit-96 --A FORWARD -j limit-95 --A FORWARD -j limit-94 --A FORWARD -j limit-93 --A FORWARD -j limit-92 --A FORWARD -j limit-91 --A FORWARD -j limit-90 --A FORWARD -j limit-89 --A FORWARD -j limit-88 --A FORWARD -j limit-87 --A FORWARD -j limit-86 --A FORWARD -j limit-85 --A FORWARD -j limit-84 --A FORWARD -j limit-83 --A FORWARD -j limit-82 --A FORWARD -j limit-81 --A FORWARD -j limit-80 --A FORWARD -j limit-79 --A FORWARD -j limit-78 --A FORWARD -j limit-77 --A FORWARD -j limit-76 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -6469,17 +8918,17 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-28 -A FORWARD -o eth1 -d fc00::/7 -j limit-29 -A FORWARD -o eth1 -d fc00::/7 -j limit-30 --A FORWARD -o eth1 -d fc00::/7 -j limit-31 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -A FORWARD -o eth1 -d fc00::/7 -j limit-32 -A FORWARD -o eth1 -d fc00::/7 -j limit-33 -A FORWARD -o eth1 -d fc00::/7 -j limit-34 --A FORWARD -o eth1 -d fc00::/7 -j limit-35 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -A FORWARD -o eth1 -d fc00::/7 -j limit-36 --A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-37 -A FORWARD -o eth1 -d fc00::/7 -j limit-38 -A FORWARD -o eth1 -d fc00::/7 -j limit-39 -A FORWARD -o eth1 -d fc00::/7 -j limit-40 --A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-41 -A FORWARD -o eth1 -d fc00::/7 -j limit-42 -A FORWARD -o eth1 -d fc00::/7 -j limit-43 -A FORWARD -o eth1 -d fc00::/7 -j limit-44 @@ -6487,23 +8936,23 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-46 -A FORWARD -o eth1 -d fc00::/7 -j limit-47 -A FORWARD -o eth1 -d fc00::/7 -j limit-48 --A FORWARD -o eth1 -d fc00::/7 -j limit-49 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-50 -A FORWARD -o eth1 -d fc00::/7 -j limit-51 -A FORWARD -o eth1 -d fc00::/7 -j limit-52 --A FORWARD -o eth1 -d fc00::/7 -j limit-53 --A FORWARD -o eth1 -d fc00::/7 -j limit-54 -A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-54 +-A FORWARD -o eth1 -d fc00::/7 -j limit-55 -A FORWARD -o eth1 -d fc00::/7 -j limit-56 -A FORWARD -o eth1 -d fc00::/7 -j limit-57 -A FORWARD -o eth1 -d fc00::/7 -j limit-58 --A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-59 -A FORWARD -o eth1 -d fc00::/7 -j limit-60 --A FORWARD -o eth1 -d fc00::/7 -j limit-61 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-62 -A FORWARD -o eth1 -d fc00::/7 -j limit-63 -A FORWARD -o eth1 -d fc00::/7 -j limit-64 --A FORWARD -o eth1 -d fc00::/7 -j limit-65 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-66 -A FORWARD -o eth1 -d fc00::/7 -j limit-67 -A FORWARD -o eth1 -d fc00::/7 -j limit-68 @@ -6514,6 +8963,42 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-73 -A FORWARD -o eth1 -d fc00::/7 -j limit-74 -A FORWARD -o eth1 -d fc00::/7 -j limit-75 +-A FORWARD -o eth1 -d fc00::/7 -j limit-76 +-A FORWARD -o eth1 -d fc00::/7 -j limit-77 +-A FORWARD -o eth1 -d fc00::/7 -j limit-78 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-80 +-A FORWARD -o eth1 -d fc00::/7 -j limit-81 +-A FORWARD -o eth1 -d fc00::/7 -j limit-82 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-84 +-A FORWARD -o eth1 -d fc00::/7 -j limit-85 +-A FORWARD -o eth1 -d fc00::/7 -j limit-86 +-A FORWARD -o eth1 -d fc00::/7 -j limit-87 +-A FORWARD -o eth1 -d fc00::/7 -j limit-88 +-A FORWARD -o eth1 -d fc00::/7 -j limit-89 +-A FORWARD -o eth1 -d fc00::/7 -j limit-90 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-92 +-A FORWARD -o eth1 -d fc00::/7 -j limit-93 +-A FORWARD -o eth1 -d fc00::/7 -j limit-94 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-96 +-A FORWARD -o eth1 -d fc00::/7 -j limit-97 +-A FORWARD -o eth1 -d fc00::/7 -j limit-98 +-A FORWARD -o eth1 -d fc00::/7 -j limit-99 +-A FORWARD -o eth1 -d fc00::/7 -j limit-100 +-A FORWARD -o eth1 -d fc00::/7 -j limit-101 +-A FORWARD -o eth1 -d fc00::/7 -j limit-102 +-A FORWARD -o eth1 -d fc00::/7 -j limit-103 +-A FORWARD -o eth1 -d fc00::/7 -j limit-104 +-A FORWARD -o eth1 -d fc00::/7 -j limit-105 +-A FORWARD -o eth1 -d fc00::/7 -j limit-106 +-A FORWARD -o eth1 -d fc00::/7 -j limit-107 +-A FORWARD -o eth1 -d fc00::/7 -j limit-108 +-A FORWARD -o eth1 -d fc00::/7 -j limit-109 +-A FORWARD -o eth1 -d fc00::/7 -j limit-110 +-A FORWARD -o eth1 -d fc00::/7 -j limit-111 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -6556,16 +9041,34 @@ COMMIT -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-13 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-14 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-15 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-16 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-17 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-18 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-19 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-73 +-A FORWARD -j logdrop-109 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-74 +-A FORWARD -j logdrop-110 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -6598,6 +9101,78 @@ COMMIT -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-223 +-A INPUT -j limit-222 +-A INPUT -j limit-221 +-A INPUT -j limit-220 +-A INPUT -j limit-219 +-A INPUT -j limit-218 +-A INPUT -j limit-217 +-A INPUT -j limit-216 +-A INPUT -j limit-215 +-A INPUT -j limit-214 +-A INPUT -j limit-213 +-A INPUT -j limit-212 +-A INPUT -j limit-211 +-A INPUT -j limit-210 +-A INPUT -j limit-209 +-A INPUT -j limit-208 +-A INPUT -j limit-207 +-A INPUT -j limit-206 +-A INPUT -j limit-205 +-A INPUT -j limit-204 +-A INPUT -j limit-203 +-A INPUT -j limit-202 +-A INPUT -j limit-201 +-A INPUT -j limit-200 +-A INPUT -j limit-199 +-A INPUT -j limit-198 +-A INPUT -j limit-197 +-A INPUT -j limit-196 +-A INPUT -j limit-195 +-A INPUT -j limit-194 +-A INPUT -j limit-193 +-A INPUT -j limit-192 +-A INPUT -j limit-191 +-A INPUT -j limit-190 +-A INPUT -j limit-189 +-A INPUT -j limit-188 +-A INPUT -j limit-187 +-A INPUT -j limit-186 +-A INPUT -j limit-185 +-A INPUT -j limit-184 +-A INPUT -j limit-183 +-A INPUT -j limit-182 +-A INPUT -j limit-181 +-A INPUT -j limit-180 +-A INPUT -j limit-179 +-A INPUT -j limit-178 +-A INPUT -j limit-177 +-A INPUT -j limit-176 +-A INPUT -j limit-175 +-A INPUT -j limit-174 +-A INPUT -j limit-173 +-A INPUT -j limit-172 +-A INPUT -j limit-171 +-A INPUT -j limit-170 +-A INPUT -j limit-169 +-A INPUT -j limit-168 +-A INPUT -j limit-167 +-A INPUT -j limit-166 +-A INPUT -j limit-165 +-A INPUT -j limit-164 +-A INPUT -j limit-163 +-A INPUT -j limit-162 +-A INPUT -j limit-161 +-A INPUT -j limit-160 +-A INPUT -j limit-159 +-A INPUT -j limit-158 +-A INPUT -j limit-157 +-A INPUT -j limit-156 +-A INPUT -j limit-155 +-A INPUT -j limit-154 +-A INPUT -j limit-153 +-A INPUT -j limit-152 -A INPUT -j limit-151 -A INPUT -j limit-150 -A INPUT -j limit-149 @@ -6638,42 +9213,6 @@ COMMIT -A INPUT -j limit-114 -A INPUT -j limit-113 -A INPUT -j limit-112 --A INPUT -j limit-111 --A INPUT -j limit-110 --A INPUT -j limit-109 --A INPUT -j limit-108 --A INPUT -j limit-107 --A INPUT -j limit-106 --A INPUT -j limit-105 --A INPUT -j limit-104 --A INPUT -j limit-103 --A INPUT -j limit-102 --A INPUT -j limit-101 --A INPUT -j limit-100 --A INPUT -j limit-99 --A INPUT -j limit-98 --A INPUT -j limit-97 --A INPUT -j limit-96 --A INPUT -j limit-95 --A INPUT -j limit-94 --A INPUT -j limit-93 --A INPUT -j limit-92 --A INPUT -j limit-91 --A INPUT -j limit-90 --A INPUT -j limit-89 --A INPUT -j limit-88 --A INPUT -j limit-87 --A INPUT -j limit-86 --A INPUT -j limit-85 --A INPUT -j limit-84 --A INPUT -j limit-83 --A INPUT -j limit-82 --A INPUT -j limit-81 --A INPUT -j limit-80 --A INPUT -j limit-79 --A INPUT -j limit-78 --A INPUT -j limit-77 --A INPUT -j limit-76 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -6724,92 +9263,146 @@ COMMIT -A INPUT -j ACCEPT -A INPUT -j logaccept-final-13 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-152 --A INPUT -i eth0 -j limit-153 --A INPUT -i eth0 -j limit-154 --A INPUT -i eth0 -j limit-155 --A INPUT -i eth0 -j limit-156 --A INPUT -i eth0 -j limit-157 --A INPUT -i eth0 -j limit-158 --A INPUT -i eth0 -j limit-159 --A INPUT -i eth0 -j limit-160 --A INPUT -i eth0 -j limit-161 --A INPUT -i eth0 -j limit-162 --A INPUT -i eth0 -j limit-163 --A INPUT -i eth0 -j limit-164 --A INPUT -i eth0 -j limit-165 --A INPUT -i eth0 -j limit-166 --A INPUT -i eth0 -j limit-167 --A INPUT -i eth0 -j limit-168 --A INPUT -i eth0 -j limit-169 --A INPUT -i eth0 -j limit-170 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 --A INPUT -i eth0 -j limit-172 --A INPUT -i eth0 -j limit-173 --A INPUT -i eth0 -j limit-174 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 --A INPUT -i eth0 -j limit-176 --A INPUT -i eth0 -j limit-177 --A INPUT -i eth0 -j limit-178 --A INPUT -i eth0 -j limit-179 --A INPUT -i eth0 -j limit-180 --A INPUT -i eth0 -j limit-181 --A INPUT -i eth0 -j limit-182 --A INPUT -i eth0 -j limit-183 --A INPUT -i eth0 -j limit-184 --A INPUT -i eth0 -j limit-185 --A INPUT -i eth0 -j limit-186 --A INPUT -i eth0 -j limit-187 --A INPUT -i eth0 -j limit-188 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-190 --A INPUT -i eth0 -j limit-191 --A INPUT -i eth0 -j limit-192 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-194 --A INPUT -i eth0 -j limit-195 --A INPUT -i eth0 -j limit-196 --A INPUT -i eth0 -j limit-197 --A INPUT -i eth0 -j limit-198 --A INPUT -i eth0 -j limit-199 --A INPUT -i eth0 -j limit-200 --A INPUT -i eth0 -j limit-201 --A INPUT -i eth0 -j limit-202 --A INPUT -i eth0 -j limit-203 --A INPUT -i eth0 -j limit-204 --A INPUT -i eth0 -j limit-205 --A INPUT -i eth0 -j limit-206 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-208 --A INPUT -i eth0 -j limit-209 --A INPUT -i eth0 -j limit-210 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-212 --A INPUT -i eth0 -j limit-213 --A INPUT -i eth0 -j limit-214 --A INPUT -i eth0 -j limit-215 --A INPUT -i eth0 -j limit-216 --A INPUT -i eth0 -j limit-217 --A INPUT -i eth0 -j limit-218 --A INPUT -i eth0 -j limit-219 --A INPUT -i eth0 -j limit-220 --A INPUT -i eth0 -j limit-221 --A INPUT -i eth0 -j limit-222 --A INPUT -i eth0 -j limit-223 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-14 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-15 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-16 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-17 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-18 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-19 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-224 -A INPUT -i eth0 -j limit-225 -A INPUT -i eth0 -j limit-226 -A INPUT -i eth0 -j limit-227 +-A INPUT -i eth0 -j limit-228 +-A INPUT -i eth0 -j limit-229 +-A INPUT -i eth0 -j limit-230 +-A INPUT -i eth0 -j limit-231 +-A INPUT -i eth0 -j limit-232 +-A INPUT -i eth0 -j limit-233 +-A INPUT -i eth0 -j limit-234 +-A INPUT -i eth0 -j limit-235 +-A INPUT -i eth0 -j limit-236 +-A INPUT -i eth0 -j limit-237 +-A INPUT -i eth0 -j limit-238 +-A INPUT -i eth0 -j limit-239 +-A INPUT -i eth0 -j limit-240 +-A INPUT -i eth0 -j limit-241 +-A INPUT -i eth0 -j limit-242 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-92 +-A INPUT -i eth0 -j limit-244 +-A INPUT -i eth0 -j limit-245 +-A INPUT -i eth0 -j limit-246 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-96 +-A INPUT -i eth0 -j limit-248 +-A INPUT -i eth0 -j limit-249 +-A INPUT -i eth0 -j limit-250 +-A INPUT -i eth0 -j limit-251 +-A INPUT -i eth0 -j limit-252 +-A INPUT -i eth0 -j limit-253 +-A INPUT -i eth0 -j limit-254 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-104 +-A INPUT -i eth0 -j limit-256 +-A INPUT -i eth0 -j limit-257 +-A INPUT -i eth0 -j limit-258 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-108 +-A INPUT -i eth0 -j limit-260 +-A INPUT -i eth0 -j limit-261 +-A INPUT -i eth0 -j limit-262 +-A INPUT -i eth0 -j limit-263 +-A INPUT -i eth0 -j limit-264 +-A INPUT -i eth0 -j limit-265 +-A INPUT -i eth0 -j limit-266 +-A INPUT -i eth0 -j limit-267 +-A INPUT -i eth0 -j limit-268 +-A INPUT -i eth0 -j limit-269 +-A INPUT -i eth0 -j limit-270 +-A INPUT -i eth0 -j limit-271 +-A INPUT -i eth0 -j limit-272 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-274 +-A INPUT -i eth0 -j limit-275 +-A INPUT -i eth0 -j limit-276 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-278 +-A INPUT -i eth0 -j limit-279 +-A INPUT -i eth0 -j limit-280 +-A INPUT -i eth0 -j limit-281 +-A INPUT -i eth0 -j limit-282 +-A INPUT -i eth0 -j limit-283 +-A INPUT -i eth0 -j limit-284 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-286 +-A INPUT -i eth0 -j limit-287 +-A INPUT -i eth0 -j limit-288 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-290 +-A INPUT -i eth0 -j limit-291 +-A INPUT -i eth0 -j limit-292 +-A INPUT -i eth0 -j limit-293 +-A INPUT -i eth0 -j limit-294 +-A INPUT -i eth0 -j limit-295 +-A INPUT -i eth0 -j limit-296 +-A INPUT -i eth0 -j limit-297 +-A INPUT -i eth0 -j limit-298 +-A INPUT -i eth0 -j limit-299 +-A INPUT -i eth0 -j limit-300 +-A INPUT -i eth0 -j limit-301 +-A INPUT -i eth0 -j limit-302 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-304 +-A INPUT -i eth0 -j limit-305 +-A INPUT -i eth0 -j limit-306 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-308 +-A INPUT -i eth0 -j limit-309 +-A INPUT -i eth0 -j limit-310 +-A INPUT -i eth0 -j limit-311 +-A INPUT -i eth0 -j limit-312 +-A INPUT -i eth0 -j limit-313 +-A INPUT -i eth0 -j limit-314 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-316 +-A INPUT -i eth0 -j limit-317 +-A INPUT -i eth0 -j limit-318 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-320 +-A INPUT -i eth0 -j limit-321 +-A INPUT -i eth0 -j limit-322 +-A INPUT -i eth0 -j limit-323 +-A INPUT -i eth0 -j limit-324 +-A INPUT -i eth0 -j limit-325 +-A INPUT -i eth0 -j limit-326 +-A INPUT -i eth0 -j limit-327 +-A INPUT -i eth0 -j limit-328 +-A INPUT -i eth0 -j limit-329 +-A INPUT -i eth0 -j limit-330 +-A INPUT -i eth0 -j limit-331 +-A INPUT -i eth0 -j limit-332 +-A INPUT -i eth0 -j limit-333 +-A INPUT -i eth0 -j limit-334 +-A INPUT -i eth0 -j limit-335 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-73 +-A INPUT -j logdrop-109 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-74 +-A INPUT -j logdrop-110 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -6822,6 +9415,78 @@ COMMIT -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-223 +-A OUTPUT -j limit-222 +-A OUTPUT -j limit-221 +-A OUTPUT -j limit-220 +-A OUTPUT -j limit-219 +-A OUTPUT -j limit-218 +-A OUTPUT -j limit-217 +-A OUTPUT -j limit-216 +-A OUTPUT -j limit-215 +-A OUTPUT -j limit-214 +-A OUTPUT -j limit-213 +-A OUTPUT -j limit-212 +-A OUTPUT -j limit-211 +-A OUTPUT -j limit-210 +-A OUTPUT -j limit-209 +-A OUTPUT -j limit-208 +-A OUTPUT -j limit-207 +-A OUTPUT -j limit-206 +-A OUTPUT -j limit-205 +-A OUTPUT -j limit-204 +-A OUTPUT -j limit-203 +-A OUTPUT -j limit-202 +-A OUTPUT -j limit-201 +-A OUTPUT -j limit-200 +-A OUTPUT -j limit-199 +-A OUTPUT -j limit-198 +-A OUTPUT -j limit-197 +-A OUTPUT -j limit-196 +-A OUTPUT -j limit-195 +-A OUTPUT -j limit-194 +-A OUTPUT -j limit-193 +-A OUTPUT -j limit-192 +-A OUTPUT -j limit-191 +-A OUTPUT -j limit-190 +-A OUTPUT -j limit-189 +-A OUTPUT -j limit-188 +-A OUTPUT -j limit-187 +-A OUTPUT -j limit-186 +-A OUTPUT -j limit-185 +-A OUTPUT -j limit-184 +-A OUTPUT -j limit-183 +-A OUTPUT -j limit-182 +-A OUTPUT -j limit-181 +-A OUTPUT -j limit-180 +-A OUTPUT -j limit-179 +-A OUTPUT -j limit-178 +-A OUTPUT -j limit-177 +-A OUTPUT -j limit-176 +-A OUTPUT -j limit-175 +-A OUTPUT -j limit-174 +-A OUTPUT -j limit-173 +-A OUTPUT -j limit-172 +-A OUTPUT -j limit-171 +-A OUTPUT -j limit-170 +-A OUTPUT -j limit-169 +-A OUTPUT -j limit-168 +-A OUTPUT -j limit-167 +-A OUTPUT -j limit-166 +-A OUTPUT -j limit-165 +-A OUTPUT -j limit-164 +-A OUTPUT -j limit-163 +-A OUTPUT -j limit-162 +-A OUTPUT -j limit-161 +-A OUTPUT -j limit-160 +-A OUTPUT -j limit-159 +-A OUTPUT -j limit-158 +-A OUTPUT -j limit-157 +-A OUTPUT -j limit-156 +-A OUTPUT -j limit-155 +-A OUTPUT -j limit-154 +-A OUTPUT -j limit-153 +-A OUTPUT -j limit-152 -A OUTPUT -j limit-151 -A OUTPUT -j limit-150 -A OUTPUT -j limit-149 @@ -6862,42 +9527,6 @@ COMMIT -A OUTPUT -j limit-114 -A OUTPUT -j limit-113 -A OUTPUT -j limit-112 --A OUTPUT -j limit-111 --A OUTPUT -j limit-110 --A OUTPUT -j limit-109 --A OUTPUT -j limit-108 --A OUTPUT -j limit-107 --A OUTPUT -j limit-106 --A OUTPUT -j limit-105 --A OUTPUT -j limit-104 --A OUTPUT -j limit-103 --A OUTPUT -j limit-102 --A OUTPUT -j limit-101 --A OUTPUT -j limit-100 --A OUTPUT -j limit-99 --A OUTPUT -j limit-98 --A OUTPUT -j limit-97 --A OUTPUT -j limit-96 --A OUTPUT -j limit-95 --A OUTPUT -j limit-94 --A OUTPUT -j limit-93 --A OUTPUT -j limit-92 --A OUTPUT -j limit-91 --A OUTPUT -j limit-90 --A OUTPUT -j limit-89 --A OUTPUT -j limit-88 --A OUTPUT -j limit-87 --A OUTPUT -j limit-86 --A OUTPUT -j limit-85 --A OUTPUT -j limit-84 --A OUTPUT -j limit-83 --A OUTPUT -j limit-82 --A OUTPUT -j limit-81 --A OUTPUT -j limit-80 --A OUTPUT -j limit-79 --A OUTPUT -j limit-78 --A OUTPUT -j limit-77 --A OUTPUT -j limit-76 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -6937,17 +9566,17 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-28 -A OUTPUT -o eth1 -d fc00::/7 -j limit-29 -A OUTPUT -o eth1 -d fc00::/7 -j limit-30 --A OUTPUT -o eth1 -d fc00::/7 -j limit-31 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -A OUTPUT -o eth1 -d fc00::/7 -j limit-32 -A OUTPUT -o eth1 -d fc00::/7 -j limit-33 -A OUTPUT -o eth1 -d fc00::/7 -j limit-34 --A OUTPUT -o eth1 -d fc00::/7 -j limit-35 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -A OUTPUT -o eth1 -d fc00::/7 -j limit-36 --A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-37 -A OUTPUT -o eth1 -d fc00::/7 -j limit-38 -A OUTPUT -o eth1 -d fc00::/7 -j limit-39 -A OUTPUT -o eth1 -d fc00::/7 -j limit-40 --A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-41 -A OUTPUT -o eth1 -d fc00::/7 -j limit-42 -A OUTPUT -o eth1 -d fc00::/7 -j limit-43 -A OUTPUT -o eth1 -d fc00::/7 -j limit-44 @@ -6955,23 +9584,23 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-46 -A OUTPUT -o eth1 -d fc00::/7 -j limit-47 -A OUTPUT -o eth1 -d fc00::/7 -j limit-48 --A OUTPUT -o eth1 -d fc00::/7 -j limit-49 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-50 -A OUTPUT -o eth1 -d fc00::/7 -j limit-51 -A OUTPUT -o eth1 -d fc00::/7 -j limit-52 --A OUTPUT -o eth1 -d fc00::/7 -j limit-53 --A OUTPUT -o eth1 -d fc00::/7 -j limit-54 -A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-54 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-55 -A OUTPUT -o eth1 -d fc00::/7 -j limit-56 -A OUTPUT -o eth1 -d fc00::/7 -j limit-57 -A OUTPUT -o eth1 -d fc00::/7 -j limit-58 --A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-59 -A OUTPUT -o eth1 -d fc00::/7 -j limit-60 --A OUTPUT -o eth1 -d fc00::/7 -j limit-61 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-62 -A OUTPUT -o eth1 -d fc00::/7 -j limit-63 -A OUTPUT -o eth1 -d fc00::/7 -j limit-64 --A OUTPUT -o eth1 -d fc00::/7 -j limit-65 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-66 -A OUTPUT -o eth1 -d fc00::/7 -j limit-67 -A OUTPUT -o eth1 -d fc00::/7 -j limit-68 @@ -6982,6 +9611,42 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-73 -A OUTPUT -o eth1 -d fc00::/7 -j limit-74 -A OUTPUT -o eth1 -d fc00::/7 -j limit-75 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-76 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-77 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-78 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-80 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-81 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-82 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-84 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-85 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-86 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-87 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-88 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-89 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-90 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-92 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-93 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-94 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-96 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-97 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-98 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-99 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-100 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-101 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-102 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-103 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-104 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-105 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-106 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-107 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-108 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-109 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-110 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-111 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -7024,6 +9689,42 @@ COMMIT -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-13 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-14 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-15 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-16 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-17 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-18 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-19 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -7069,13 +9770,13 @@ COMMIT -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-73 +-A OUTPUT -j logdrop-109 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-74 +-A OUTPUT -j logdrop-110 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -7096,461 +9797,650 @@ COMMIT -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j ACCEPT +-A limit-100 -m limit --limit 1/second -j LOG +-A limit-100 -j DROP +-A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN +-A limit-101 -m limit --limit 1/second -j LOG +-A limit-101 -j DROP +-A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j logaccept-1 +-A limit-102 -m limit --limit 1/second -j LOG +-A limit-102 -j DROP +-A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j ACCEPT +-A limit-103 -m limit --limit 1/second -j LOG +-A limit-103 -j DROP +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT +-A limit-104 -j DROP +-A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN +-A limit-105 -j DROP +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-2 +-A limit-106 -j DROP +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -j DROP +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT +-A limit-108 -j DROP +-A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN +-A limit-109 -j DROP -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-113 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-114 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-115 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-115 -m limit --limit 1/second -j LOG --A limit-116 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-117 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-3 +-A limit-110 -j DROP +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT +-A limit-111 -j DROP +-A limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 -A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 -A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 -A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 -A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 -A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 -A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 -A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 -A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 -A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 -A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 -A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 -A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-55 +-A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-56 +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-57 +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-58 -A limit-133 -m limit --limit 1/second -j LOG --A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-136 -j RETURN --A limit-136 -m limit --limit 1/second -j LOG --A limit-136 -j DROP --A limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-137 -j RETURN --A limit-137 -m limit --limit 1/second -j LOG --A limit-137 -j DROP --A limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-138 -j RETURN --A limit-138 -m limit --limit 1/second -j LOG --A limit-138 -j DROP --A limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-139 -j RETURN --A limit-139 -m limit --limit 1/second -j LOG --A limit-139 -j DROP +-A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-59 +-A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-60 +-A limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 +-A limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 +-A limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 +-A limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 +-A limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-140 -j RETURN --A limit-140 -m limit --limit 1/second -j LOG --A limit-140 -j DROP --A limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-141 -j RETURN --A limit-141 -m limit --limit 1/second -j LOG --A limit-141 -j DROP --A limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-142 -j RETURN --A limit-142 -m limit --limit 1/second -j LOG --A limit-142 -j DROP --A limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-143 -j RETURN --A limit-143 -m limit --limit 1/second -j LOG --A limit-143 -j DROP --A limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-144 -j RETURN --A limit-144 -j DROP --A limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-145 -j RETURN --A limit-145 -j DROP --A limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-146 -j RETURN --A limit-146 -j DROP --A limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-147 -j RETURN --A limit-147 -j DROP --A limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-148 -j RETURN --A limit-148 -j DROP --A limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-149 -j RETURN --A limit-149 -j DROP +-A limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 +-A limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 +-A limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-142 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-143 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 +-A limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-145 -m limit --limit 1/second -j LOG +-A limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 +-A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-150 -j RETURN --A limit-150 -j DROP --A limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-151 -j RETURN --A limit-151 -j DROP --A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-154 -m limit --limit 1/second -j LOG --A limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-55 --A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-56 --A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-57 --A limit-160 -m limit --limit 1/second -j LOG --A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-58 --A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-59 --A limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-60 --A limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 --A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 --A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 --A limit-166 -m limit --limit 1/second -j LOG --A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 --A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 --A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 --A limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-160 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-161 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-163 -m limit --limit 1/second -j LOG +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 --A limit-170 -j ACCEPT --A limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 --A limit-172 -m limit --limit 1/second -j LOG --A limit-172 -j ACCEPT --A limit-173 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 --A limit-173 -m limit --limit 1/second -j LOG --A limit-174 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 --A limit-174 -j ACCEPT --A limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-172 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-173 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-175 -m limit --limit 1/second -j LOG +-A limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-178 -m limit --limit 1/second -j LOG --A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-18 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19 -A limit-18 -j ACCEPT -A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-184 -m limit --limit 1/second -j LOG --A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-188 -j ACCEPT +-A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-190 -m limit --limit 1/second -j LOG --A limit-190 -j ACCEPT -A limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-191 -m limit --limit 1/second -j LOG -A limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-192 -j ACCEPT --A limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-196 -m limit --limit 1/second -j LOG --A limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-193 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-193 -m limit --limit 1/second -j LOG +-A limit-194 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-195 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-20 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG -A limit-20 -j ACCEPT --A limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-202 -m limit --limit 1/second -j LOG --A limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-206 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-206 -j ACCEPT --A limit-208 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-202 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-203 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-204 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m limit --limit 1/second -j LOG +-A limit-206 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-207 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j RETURN -A limit-208 -m limit --limit 1/second -j LOG --A limit-208 -j ACCEPT --A limit-209 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -j DROP +-A limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j RETURN -A limit-209 -m limit --limit 1/second -j LOG +-A limit-209 -j DROP -A limit-21 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22 -A limit-21 -m limit --limit 1/second -j LOG --A limit-210 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-210 -j ACCEPT --A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j ACCEPT +-A limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j RETURN +-A limit-210 -m limit --limit 1/second -j LOG +-A limit-210 -j DROP +-A limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN +-A limit-211 -m limit --limit 1/second -j LOG +-A limit-211 -j DROP +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j RETURN -A limit-212 -m limit --limit 1/second -j LOG -A limit-212 -j DROP -A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN -A limit-213 -m limit --limit 1/second -j LOG -A limit-213 -j DROP --A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j logaccept-4 +-A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j RETURN -A limit-214 -m limit --limit 1/second -j LOG -A limit-214 -j DROP --A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j ACCEPT +-A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j RETURN -A limit-215 -m limit --limit 1/second -j LOG -A limit-215 -j DROP --A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j ACCEPT --A limit-216 -m limit --limit 1/second -j LOG +-A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j RETURN -A limit-216 -j DROP -A limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN --A limit-217 -m limit --limit 1/second -j LOG -A limit-217 -j DROP --A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j logaccept-5 --A limit-218 -m limit --limit 1/second -j LOG +-A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j RETURN -A limit-218 -j DROP --A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j ACCEPT --A limit-219 -m limit --limit 1/second -j LOG +-A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j RETURN -A limit-219 -j DROP -A limit-22 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23 -A limit-22 -j ACCEPT --A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j ACCEPT +-A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j RETURN -A limit-220 -j DROP -A limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN -A limit-221 -j DROP --A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j logaccept-6 +-A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j RETURN -A limit-222 -j DROP --A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j ACCEPT +-A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j RETURN -A limit-223 -j DROP --A limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-224 -j ACCEPT --A limit-224 -j DROP --A limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-225 -j RETURN --A limit-225 -j DROP --A limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-226 -j logaccept-7 --A limit-226 -j DROP --A limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-227 -j ACCEPT --A limit-227 -j DROP --A limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 +-A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 +-A limit-226 -m limit --limit 1/second -j LOG +-A limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 +-A limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 +-A limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 +-A limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 +-A limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 +-A limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 +-A limit-232 -m limit --limit 1/second -j LOG +-A limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 +-A limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 +-A limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 +-A limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-85 +-A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-86 +-A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-87 +-A limit-238 -m limit --limit 1/second -j LOG +-A limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-88 +-A limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-89 +-A limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-90 +-A limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-242 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-91 +-A limit-242 -j ACCEPT +-A limit-244 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-93 +-A limit-244 -m limit --limit 1/second -j LOG +-A limit-244 -j ACCEPT +-A limit-245 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-94 +-A limit-245 -m limit --limit 1/second -j LOG +-A limit-246 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-95 +-A limit-246 -j ACCEPT +-A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-97 +-A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-98 +-A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-99 +-A limit-250 -m limit --limit 1/second -j LOG +-A limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-100 +-A limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-101 +-A limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-102 +-A limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-254 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-103 +-A limit-254 -j ACCEPT +-A limit-256 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-105 +-A limit-256 -m limit --limit 1/second -j LOG +-A limit-256 -j ACCEPT +-A limit-257 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-106 +-A limit-257 -m limit --limit 1/second -j LOG +-A limit-258 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-107 +-A limit-258 -j ACCEPT +-A limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-262 -m limit --limit 1/second -j LOG +-A limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m limit --limit 1/second -j LOG +-A limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-272 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-272 -j ACCEPT +-A limit-274 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-274 -m limit --limit 1/second -j LOG +-A limit-274 -j ACCEPT +-A limit-275 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-275 -m limit --limit 1/second -j LOG +-A limit-276 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-276 -j ACCEPT +-A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-280 -m limit --limit 1/second -j LOG +-A limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-284 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-284 -j ACCEPT +-A limit-286 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-286 -m limit --limit 1/second -j LOG +-A limit-286 -j ACCEPT +-A limit-287 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-287 -m limit --limit 1/second -j LOG +-A limit-288 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-288 -j ACCEPT +-A limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-292 -m limit --limit 1/second -j LOG +-A limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m limit --limit 1/second -j LOG +-A limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-30 -j ACCEPT +-A limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-302 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-302 -j ACCEPT +-A limit-304 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-304 -m limit --limit 1/second -j LOG +-A limit-304 -j ACCEPT +-A limit-305 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-305 -m limit --limit 1/second -j LOG +-A limit-306 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-306 -j ACCEPT +-A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-310 -m limit --limit 1/second -j LOG +-A limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-314 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-314 -j ACCEPT +-A limit-316 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-316 -m limit --limit 1/second -j LOG +-A limit-316 -j ACCEPT +-A limit-317 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-317 -m limit --limit 1/second -j LOG +-A limit-318 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-318 -j ACCEPT +-A limit-32 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-33 -A limit-32 -m limit --limit 1/second -j LOG --A limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-36 -j ACCEPT --A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-32 -j ACCEPT +-A limit-320 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-320 -j ACCEPT +-A limit-320 -m limit --limit 1/second -j LOG +-A limit-320 -j DROP +-A limit-321 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-321 -j RETURN +-A limit-321 -m limit --limit 1/second -j LOG +-A limit-321 -j DROP +-A limit-322 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-322 -j logaccept-4 +-A limit-322 -m limit --limit 1/second -j LOG +-A limit-322 -j DROP +-A limit-323 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-323 -j ACCEPT +-A limit-323 -m limit --limit 1/second -j LOG +-A limit-323 -j DROP +-A limit-324 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-324 -j ACCEPT +-A limit-324 -m limit --limit 1/second -j LOG +-A limit-324 -j DROP +-A limit-325 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-325 -j RETURN +-A limit-325 -m limit --limit 1/second -j LOG +-A limit-325 -j DROP +-A limit-326 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-326 -j logaccept-5 +-A limit-326 -m limit --limit 1/second -j LOG +-A limit-326 -j DROP +-A limit-327 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-327 -j ACCEPT +-A limit-327 -m limit --limit 1/second -j LOG +-A limit-327 -j DROP +-A limit-328 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-328 -j ACCEPT +-A limit-328 -j DROP +-A limit-329 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-329 -j RETURN +-A limit-329 -j DROP +-A limit-33 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-33 -m limit --limit 1/second -j LOG +-A limit-330 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-330 -j logaccept-6 +-A limit-330 -j DROP +-A limit-331 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-331 -j ACCEPT +-A limit-331 -j DROP +-A limit-332 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-332 -j ACCEPT +-A limit-332 -j DROP +-A limit-333 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-333 -j RETURN +-A limit-333 -j DROP +-A limit-334 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-334 -j logaccept-7 +-A limit-334 -j DROP +-A limit-335 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-335 -j ACCEPT +-A limit-335 -j DROP +-A limit-34 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-34 -j ACCEPT +-A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG --A limit-38 -j ACCEPT --A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-39 -m limit --limit 1/second -j LOG +-A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-40 -j ACCEPT --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-48 -j ACCEPT -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-50 -m limit --limit 1/second -j LOG --A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-54 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-54 -j ACCEPT --A limit-56 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-50 -j ACCEPT +-A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-51 -m limit --limit 1/second -j LOG +-A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-52 -j ACCEPT +-A limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-56 -m limit --limit 1/second -j LOG --A limit-56 -j ACCEPT --A limit-57 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-57 -m limit --limit 1/second -j LOG --A limit-58 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-58 -j ACCEPT +-A limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-60 -j ACCEPT --A limit-60 -m limit --limit 1/second -j LOG --A limit-60 -j DROP --A limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-61 -j RETURN --A limit-61 -m limit --limit 1/second -j LOG --A limit-61 -j DROP --A limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-62 -j logaccept-0 +-A limit-60 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-60 -j ACCEPT +-A limit-62 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-62 -m limit --limit 1/second -j LOG --A limit-62 -j DROP --A limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-63 -j ACCEPT +-A limit-62 -j ACCEPT +-A limit-63 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-63 -m limit --limit 1/second -j LOG --A limit-63 -j DROP --A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j ACCEPT --A limit-64 -m limit --limit 1/second -j LOG --A limit-64 -j DROP --A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN --A limit-65 -m limit --limit 1/second -j LOG --A limit-65 -j DROP --A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j logaccept-1 --A limit-66 -m limit --limit 1/second -j LOG --A limit-66 -j DROP --A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j ACCEPT --A limit-67 -m limit --limit 1/second -j LOG --A limit-67 -j DROP --A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j ACCEPT --A limit-68 -j DROP --A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN --A limit-69 -j DROP +-A limit-64 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-64 -j ACCEPT +-A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-68 -m limit --limit 1/second -j LOG +-A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j logaccept-2 --A limit-70 -j DROP --A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j ACCEPT --A limit-71 -j DROP --A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j ACCEPT --A limit-72 -j DROP --A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN --A limit-73 -j DROP --A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j logaccept-3 --A limit-74 -j DROP --A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j ACCEPT --A limit-75 -j DROP --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-74 -m limit --limit 1/second -j LOG +-A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-76 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-76 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-77 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-78 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-78 -j ACCEPT -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-80 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m limit --limit 1/second -j LOG +-A limit-80 -j ACCEPT +-A limit-81 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-81 -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-82 -j ACCEPT +-A limit-84 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-84 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-85 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-85 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-86 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-86 -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-87 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-87 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-88 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-88 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-89 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-89 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-43 --A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-44 --A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-45 --A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-90 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-90 -j ACCEPT +-A limit-92 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-92 -m limit --limit 1/second -j LOG +-A limit-92 -j ACCEPT +-A limit-93 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-93 -m limit --limit 1/second -j LOG +-A limit-94 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-94 -j ACCEPT +-A limit-96 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-96 -j ACCEPT +-A limit-96 -m limit --limit 1/second -j LOG +-A limit-96 -j DROP +-A limit-97 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-97 -j RETURN -A limit-97 -m limit --limit 1/second -j LOG --A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-47 --A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-48 +-A limit-97 -j DROP +-A limit-98 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-98 -j logaccept-0 +-A limit-98 -m limit --limit 1/second -j LOG +-A limit-98 -j DROP +-A limit-99 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-99 -j ACCEPT +-A limit-99 -m limit --limit 1/second -j LOG +-A limit-99 -j DROP -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -7581,6 +10471,18 @@ COMMIT -A logaccept-final-12 -j ACCEPT -A logaccept-final-13 -m limit --limit 1/second -j LOG -A logaccept-final-13 -j ACCEPT +-A logaccept-final-14 -m limit --limit 1/second -j LOG +-A logaccept-final-14 -j ACCEPT +-A logaccept-final-15 -m limit --limit 1/second -j LOG +-A logaccept-final-15 -j ACCEPT +-A logaccept-final-16 -m limit --limit 1/second -j LOG +-A logaccept-final-16 -j ACCEPT +-A logaccept-final-17 -m limit --limit 1/second -j LOG +-A logaccept-final-17 -j ACCEPT +-A logaccept-final-18 -m limit --limit 1/second -j LOG +-A logaccept-final-18 -j ACCEPT +-A logaccept-final-19 -m limit --limit 1/second -j LOG +-A logaccept-final-19 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -7603,8 +10505,26 @@ COMMIT -A logdrop-1 -j DROP -A logdrop-10 -m limit --limit 1/second -j LOG -A logdrop-10 -j DROP +-A logdrop-100 -m limit --limit 1/second -j LOG +-A logdrop-100 -j DROP +-A logdrop-101 -m limit --limit 1/second -j LOG +-A logdrop-101 -j DROP +-A logdrop-102 -m limit --limit 1/second -j LOG +-A logdrop-102 -j DROP +-A logdrop-103 -m limit --limit 1/second -j LOG +-A logdrop-103 -j DROP +-A logdrop-105 -m limit --limit 1/second -j LOG +-A logdrop-105 -j DROP +-A logdrop-106 -m limit --limit 1/second -j LOG +-A logdrop-106 -j DROP +-A logdrop-107 -m limit --limit 1/second -j LOG +-A logdrop-107 -j DROP +-A logdrop-109 -m limit --limit 1/second -j LOG +-A logdrop-109 -j DROP -A logdrop-11 -m limit --limit 1/second -j LOG -A logdrop-11 -j DROP +-A logdrop-110 -m limit --limit 1/second -j LOG +-A logdrop-110 -j DROP -A logdrop-12 -m limit --limit 1/second -j LOG -A logdrop-12 -j DROP -A logdrop-13 -m limit --limit 1/second -j LOG @@ -7645,16 +10565,12 @@ COMMIT -A logdrop-30 -j DROP -A logdrop-31 -m limit --limit 1/second -j LOG -A logdrop-31 -j DROP --A logdrop-32 -m limit --limit 1/second -j LOG --A logdrop-32 -j DROP -A logdrop-33 -m limit --limit 1/second -j LOG -A logdrop-33 -j DROP -A logdrop-34 -m limit --limit 1/second -j LOG -A logdrop-34 -j DROP -A logdrop-35 -m limit --limit 1/second -j LOG -A logdrop-35 -j DROP --A logdrop-36 -m limit --limit 1/second -j LOG --A logdrop-36 -j DROP -A logdrop-37 -m limit --limit 1/second -j LOG -A logdrop-37 -j DROP -A logdrop-38 -m limit --limit 1/second -j LOG @@ -7723,6 +10639,8 @@ COMMIT -A logdrop-66 -j DROP -A logdrop-67 -m limit --limit 1/second -j LOG -A logdrop-67 -j DROP +-A logdrop-68 -m limit --limit 1/second -j LOG +-A logdrop-68 -j DROP -A logdrop-69 -m limit --limit 1/second -j LOG -A logdrop-69 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG @@ -7731,14 +10649,62 @@ COMMIT -A logdrop-70 -j DROP -A logdrop-71 -m limit --limit 1/second -j LOG -A logdrop-71 -j DROP +-A logdrop-72 -m limit --limit 1/second -j LOG +-A logdrop-72 -j DROP -A logdrop-73 -m limit --limit 1/second -j LOG -A logdrop-73 -j DROP -A logdrop-74 -m limit --limit 1/second -j LOG -A logdrop-74 -j DROP +-A logdrop-75 -m limit --limit 1/second -j LOG +-A logdrop-75 -j DROP +-A logdrop-76 -m limit --limit 1/second -j LOG +-A logdrop-76 -j DROP +-A logdrop-77 -m limit --limit 1/second -j LOG +-A logdrop-77 -j DROP +-A logdrop-78 -m limit --limit 1/second -j LOG +-A logdrop-78 -j DROP +-A logdrop-79 -m limit --limit 1/second -j LOG +-A logdrop-79 -j DROP -A logdrop-8 -m limit --limit 1/second -j LOG -A logdrop-8 -j DROP +-A logdrop-80 -m limit --limit 1/second -j LOG +-A logdrop-80 -j DROP +-A logdrop-81 -m limit --limit 1/second -j LOG +-A logdrop-81 -j DROP +-A logdrop-82 -m limit --limit 1/second -j LOG +-A logdrop-82 -j DROP +-A logdrop-83 -m limit --limit 1/second -j LOG +-A logdrop-83 -j DROP +-A logdrop-84 -m limit --limit 1/second -j LOG +-A logdrop-84 -j DROP +-A logdrop-85 -m limit --limit 1/second -j LOG +-A logdrop-85 -j DROP +-A logdrop-86 -m limit --limit 1/second -j LOG +-A logdrop-86 -j DROP +-A logdrop-87 -m limit --limit 1/second -j LOG +-A logdrop-87 -j DROP +-A logdrop-88 -m limit --limit 1/second -j LOG +-A logdrop-88 -j DROP +-A logdrop-89 -m limit --limit 1/second -j LOG +-A logdrop-89 -j DROP -A logdrop-9 -m limit --limit 1/second -j LOG -A logdrop-9 -j DROP +-A logdrop-90 -m limit --limit 1/second -j LOG +-A logdrop-90 -j DROP +-A logdrop-91 -m limit --limit 1/second -j LOG +-A logdrop-91 -j DROP +-A logdrop-93 -m limit --limit 1/second -j LOG +-A logdrop-93 -j DROP +-A logdrop-94 -m limit --limit 1/second -j LOG +-A logdrop-94 -j DROP +-A logdrop-95 -m limit --limit 1/second -j LOG +-A logdrop-95 -j DROP +-A logdrop-97 -m limit --limit 1/second -j LOG +-A logdrop-97 -j DROP +-A logdrop-98 -m limit --limit 1/second -j LOG +-A logdrop-98 -j DROP +-A logdrop-99 -m limit --limit 1/second -j LOG +-A logdrop-99 -j DROP -A logpass-0 -m limit --limit 1/second -j LOG -A logreject-0 -m limit --limit 1/second -j LOG -A logreject-0 -j REJECT @@ -7803,6 +10769,24 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -7884,6 +10868,42 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack diff --git a/test/output/rules-save b/test/output/rules-save index 32d9e20..f812d7f 100644 --- a/test/output/rules-save +++ b/test/output/rules-save @@ -85,9 +85,11 @@ :limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] +:limit-171 - [0:0] :limit-172 - [0:0] :limit-173 - [0:0] :limit-174 - [0:0] +:limit-175 - [0:0] :limit-176 - [0:0] :limit-177 - [0:0] :limit-178 - [0:0] @@ -102,9 +104,11 @@ :limit-186 - [0:0] :limit-187 - [0:0] :limit-188 - [0:0] +:limit-189 - [0:0] :limit-190 - [0:0] :limit-191 - [0:0] :limit-192 - [0:0] +:limit-193 - [0:0] :limit-194 - [0:0] :limit-195 - [0:0] :limit-196 - [0:0] @@ -120,10 +124,12 @@ :limit-204 - [0:0] :limit-205 - [0:0] :limit-206 - [0:0] +:limit-207 - [0:0] :limit-208 - [0:0] :limit-209 - [0:0] :limit-21 - [0:0] :limit-210 - [0:0] +:limit-211 - [0:0] :limit-212 - [0:0] :limit-213 - [0:0] :limit-214 - [0:0] @@ -141,24 +147,120 @@ :limit-225 - [0:0] :limit-226 - [0:0] :limit-227 - [0:0] +:limit-228 - [0:0] +:limit-229 - [0:0] +:limit-230 - [0:0] +:limit-231 - [0:0] +:limit-232 - [0:0] +:limit-233 - [0:0] +:limit-234 - [0:0] +:limit-235 - [0:0] +:limit-236 - [0:0] +:limit-237 - [0:0] +:limit-238 - [0:0] +:limit-239 - [0:0] :limit-24 - [0:0] +:limit-240 - [0:0] +:limit-241 - [0:0] +:limit-242 - [0:0] +:limit-244 - [0:0] +:limit-245 - [0:0] +:limit-246 - [0:0] +:limit-248 - [0:0] +:limit-249 - [0:0] :limit-25 - [0:0] +:limit-250 - [0:0] +:limit-251 - [0:0] +:limit-252 - [0:0] +:limit-253 - [0:0] +:limit-254 - [0:0] +:limit-256 - [0:0] +:limit-257 - [0:0] +:limit-258 - [0:0] :limit-26 - [0:0] +:limit-260 - [0:0] +:limit-261 - [0:0] +:limit-262 - [0:0] +:limit-263 - [0:0] +:limit-264 - [0:0] +:limit-265 - [0:0] +:limit-266 - [0:0] +:limit-267 - [0:0] +:limit-268 - [0:0] +:limit-269 - [0:0] :limit-27 - [0:0] +:limit-270 - [0:0] +:limit-271 - [0:0] +:limit-272 - [0:0] +:limit-274 - [0:0] +:limit-275 - [0:0] +:limit-276 - [0:0] +:limit-278 - [0:0] +:limit-279 - [0:0] :limit-28 - [0:0] +:limit-280 - [0:0] +:limit-281 - [0:0] +:limit-282 - [0:0] +:limit-283 - [0:0] +:limit-284 - [0:0] +:limit-286 - [0:0] +:limit-287 - [0:0] +:limit-288 - [0:0] :limit-29 - [0:0] +:limit-290 - [0:0] +:limit-291 - [0:0] +:limit-292 - [0:0] +:limit-293 - [0:0] +:limit-294 - [0:0] +:limit-295 - [0:0] +:limit-296 - [0:0] +:limit-297 - [0:0] +:limit-298 - [0:0] +:limit-299 - [0:0] :limit-3 - [0:0] :limit-30 - [0:0] -:limit-31 - [0:0] +:limit-300 - [0:0] +:limit-301 - [0:0] +:limit-302 - [0:0] +:limit-304 - [0:0] +:limit-305 - [0:0] +:limit-306 - [0:0] +:limit-308 - [0:0] +:limit-309 - [0:0] +:limit-310 - [0:0] +:limit-311 - [0:0] +:limit-312 - [0:0] +:limit-313 - [0:0] +:limit-314 - [0:0] +:limit-316 - [0:0] +:limit-317 - [0:0] +:limit-318 - [0:0] :limit-32 - [0:0] +:limit-320 - [0:0] +:limit-321 - [0:0] +:limit-322 - [0:0] +:limit-323 - [0:0] +:limit-324 - [0:0] +:limit-325 - [0:0] +:limit-326 - [0:0] +:limit-327 - [0:0] +:limit-328 - [0:0] +:limit-329 - [0:0] :limit-33 - [0:0] +:limit-330 - [0:0] +:limit-331 - [0:0] +:limit-332 - [0:0] +:limit-333 - [0:0] +:limit-334 - [0:0] +:limit-335 - [0:0] :limit-34 - [0:0] -:limit-35 - [0:0] :limit-36 - [0:0] +:limit-37 - [0:0] :limit-38 - [0:0] :limit-39 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] +:limit-41 - [0:0] :limit-42 - [0:0] :limit-43 - [0:0] :limit-44 - [0:0] @@ -166,23 +268,21 @@ :limit-46 - [0:0] :limit-47 - [0:0] :limit-48 - [0:0] -:limit-49 - [0:0] :limit-5 - [0:0] :limit-50 - [0:0] :limit-51 - [0:0] :limit-52 - [0:0] -:limit-53 - [0:0] :limit-54 - [0:0] +:limit-55 - [0:0] :limit-56 - [0:0] :limit-57 - [0:0] :limit-58 - [0:0] +:limit-59 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] -:limit-61 - [0:0] :limit-62 - [0:0] :limit-63 - [0:0] :limit-64 - [0:0] -:limit-65 - [0:0] :limit-66 - [0:0] :limit-67 - [0:0] :limit-68 - [0:0] @@ -197,12 +297,10 @@ :limit-76 - [0:0] :limit-77 - [0:0] :limit-78 - [0:0] -:limit-79 - [0:0] :limit-8 - [0:0] :limit-80 - [0:0] :limit-81 - [0:0] :limit-82 - [0:0] -:limit-83 - [0:0] :limit-84 - [0:0] :limit-85 - [0:0] :limit-86 - [0:0] @@ -211,11 +309,9 @@ :limit-89 - [0:0] :limit-9 - [0:0] :limit-90 - [0:0] -:limit-91 - [0:0] :limit-92 - [0:0] :limit-93 - [0:0] :limit-94 - [0:0] -:limit-95 - [0:0] :limit-96 - [0:0] :limit-97 - [0:0] :limit-98 - [0:0] @@ -235,6 +331,12 @@ :logaccept-final-11 - [0:0] :logaccept-final-12 - [0:0] :logaccept-final-13 - [0:0] +:logaccept-final-14 - [0:0] +:logaccept-final-15 - [0:0] +:logaccept-final-16 - [0:0] +:logaccept-final-17 - [0:0] +:logaccept-final-18 - [0:0] +:logaccept-final-19 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] @@ -246,7 +348,16 @@ :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] +:logdrop-100 - [0:0] +:logdrop-101 - [0:0] +:logdrop-102 - [0:0] +:logdrop-103 - [0:0] +:logdrop-105 - [0:0] +:logdrop-106 - [0:0] +:logdrop-107 - [0:0] +:logdrop-109 - [0:0] :logdrop-11 - [0:0] +:logdrop-110 - [0:0] :logdrop-12 - [0:0] :logdrop-13 - [0:0] :logdrop-14 - [0:0] @@ -267,11 +378,9 @@ :logdrop-3 - [0:0] :logdrop-30 - [0:0] :logdrop-31 - [0:0] -:logdrop-32 - [0:0] :logdrop-33 - [0:0] :logdrop-34 - [0:0] :logdrop-35 - [0:0] -:logdrop-36 - [0:0] :logdrop-37 - [0:0] :logdrop-38 - [0:0] :logdrop-39 - [0:0] @@ -306,20 +415,117 @@ :logdrop-65 - [0:0] :logdrop-66 - [0:0] :logdrop-67 - [0:0] +:logdrop-68 - [0:0] :logdrop-69 - [0:0] :logdrop-7 - [0:0] :logdrop-70 - [0:0] :logdrop-71 - [0:0] +:logdrop-72 - [0:0] :logdrop-73 - [0:0] :logdrop-74 - [0:0] +:logdrop-75 - [0:0] +:logdrop-76 - [0:0] +:logdrop-77 - [0:0] +:logdrop-78 - [0:0] +:logdrop-79 - [0:0] :logdrop-8 - [0:0] +:logdrop-80 - [0:0] +:logdrop-81 - [0:0] +:logdrop-82 - [0:0] +:logdrop-83 - [0:0] +:logdrop-84 - [0:0] +:logdrop-85 - [0:0] +:logdrop-86 - [0:0] +:logdrop-87 - [0:0] +:logdrop-88 - [0:0] +:logdrop-89 - [0:0] :logdrop-9 - [0:0] +:logdrop-90 - [0:0] +:logdrop-91 - [0:0] +:logdrop-93 - [0:0] +:logdrop-94 - [0:0] +:logdrop-95 - [0:0] +:logdrop-97 - [0:0] +:logdrop-98 - [0:0] +:logdrop-99 - [0:0] :logpass-0 - [0:0] :logreject-0 - [0:0] :logtarpit-0 - [0:0] :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-223 +-A FORWARD -j limit-222 +-A FORWARD -j limit-221 +-A FORWARD -j limit-220 +-A FORWARD -j limit-219 +-A FORWARD -j limit-218 +-A FORWARD -j limit-217 +-A FORWARD -j limit-216 +-A FORWARD -j limit-215 +-A FORWARD -j limit-214 +-A FORWARD -j limit-213 +-A FORWARD -j limit-212 +-A FORWARD -j limit-211 +-A FORWARD -j limit-210 +-A FORWARD -j limit-209 +-A FORWARD -j limit-208 +-A FORWARD -j limit-207 +-A FORWARD -j limit-206 +-A FORWARD -j limit-205 +-A FORWARD -j limit-204 +-A FORWARD -j limit-203 +-A FORWARD -j limit-202 +-A FORWARD -j limit-201 +-A FORWARD -j limit-200 +-A FORWARD -j limit-199 +-A FORWARD -j limit-198 +-A FORWARD -j limit-197 +-A FORWARD -j limit-196 +-A FORWARD -j limit-195 +-A FORWARD -j limit-194 +-A FORWARD -j limit-193 +-A FORWARD -j limit-192 +-A FORWARD -j limit-191 +-A FORWARD -j limit-190 +-A FORWARD -j limit-189 +-A FORWARD -j limit-188 +-A FORWARD -j limit-187 +-A FORWARD -j limit-186 +-A FORWARD -j limit-185 +-A FORWARD -j limit-184 +-A FORWARD -j limit-183 +-A FORWARD -j limit-182 +-A FORWARD -j limit-181 +-A FORWARD -j limit-180 +-A FORWARD -j limit-179 +-A FORWARD -j limit-178 +-A FORWARD -j limit-177 +-A FORWARD -j limit-176 +-A FORWARD -j limit-175 +-A FORWARD -j limit-174 +-A FORWARD -j limit-173 +-A FORWARD -j limit-172 +-A FORWARD -j limit-171 +-A FORWARD -j limit-170 +-A FORWARD -j limit-169 +-A FORWARD -j limit-168 +-A FORWARD -j limit-167 +-A FORWARD -j limit-166 +-A FORWARD -j limit-165 +-A FORWARD -j limit-164 +-A FORWARD -j limit-163 +-A FORWARD -j limit-162 +-A FORWARD -j limit-161 +-A FORWARD -j limit-160 +-A FORWARD -j limit-159 +-A FORWARD -j limit-158 +-A FORWARD -j limit-157 +-A FORWARD -j limit-156 +-A FORWARD -j limit-155 +-A FORWARD -j limit-154 +-A FORWARD -j limit-153 +-A FORWARD -j limit-152 -A FORWARD -j limit-151 -A FORWARD -j limit-150 -A FORWARD -j limit-149 @@ -360,42 +566,6 @@ -A FORWARD -j limit-114 -A FORWARD -j limit-113 -A FORWARD -j limit-112 --A FORWARD -j limit-111 --A FORWARD -j limit-110 --A FORWARD -j limit-109 --A FORWARD -j limit-108 --A FORWARD -j limit-107 --A FORWARD -j limit-106 --A FORWARD -j limit-105 --A FORWARD -j limit-104 --A FORWARD -j limit-103 --A FORWARD -j limit-102 --A FORWARD -j limit-101 --A FORWARD -j limit-100 --A FORWARD -j limit-99 --A FORWARD -j limit-98 --A FORWARD -j limit-97 --A FORWARD -j limit-96 --A FORWARD -j limit-95 --A FORWARD -j limit-94 --A FORWARD -j limit-93 --A FORWARD -j limit-92 --A FORWARD -j limit-91 --A FORWARD -j limit-90 --A FORWARD -j limit-89 --A FORWARD -j limit-88 --A FORWARD -j limit-87 --A FORWARD -j limit-86 --A FORWARD -j limit-85 --A FORWARD -j limit-84 --A FORWARD -j limit-83 --A FORWARD -j limit-82 --A FORWARD -j limit-81 --A FORWARD -j limit-80 --A FORWARD -j limit-79 --A FORWARD -j limit-78 --A FORWARD -j limit-77 --A FORWARD -j limit-76 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -434,17 +604,17 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 --A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 --A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 @@ -452,23 +622,23 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-46 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-47 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-48 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-49 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-50 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-51 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 -A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-58 --A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-59 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-60 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-61 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-62 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-63 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-64 --A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-65 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-66 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-67 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-68 @@ -479,6 +649,42 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-73 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-74 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-75 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-76 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-77 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-78 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-80 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-81 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-82 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-84 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-85 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-86 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-87 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-88 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-89 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-90 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-92 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-93 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-94 +-A FORWARD -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-96 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-97 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-98 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-99 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-100 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-101 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-102 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-103 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-104 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-105 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-106 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-107 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-108 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-109 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-110 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-111 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -521,16 +727,34 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-13 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-14 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-15 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-16 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-17 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-18 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-19 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-73 +-A FORWARD -j logdrop-109 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-74 +-A FORWARD -j logdrop-110 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -593,6 +817,78 @@ -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-223 +-A INPUT -j limit-222 +-A INPUT -j limit-221 +-A INPUT -j limit-220 +-A INPUT -j limit-219 +-A INPUT -j limit-218 +-A INPUT -j limit-217 +-A INPUT -j limit-216 +-A INPUT -j limit-215 +-A INPUT -j limit-214 +-A INPUT -j limit-213 +-A INPUT -j limit-212 +-A INPUT -j limit-211 +-A INPUT -j limit-210 +-A INPUT -j limit-209 +-A INPUT -j limit-208 +-A INPUT -j limit-207 +-A INPUT -j limit-206 +-A INPUT -j limit-205 +-A INPUT -j limit-204 +-A INPUT -j limit-203 +-A INPUT -j limit-202 +-A INPUT -j limit-201 +-A INPUT -j limit-200 +-A INPUT -j limit-199 +-A INPUT -j limit-198 +-A INPUT -j limit-197 +-A INPUT -j limit-196 +-A INPUT -j limit-195 +-A INPUT -j limit-194 +-A INPUT -j limit-193 +-A INPUT -j limit-192 +-A INPUT -j limit-191 +-A INPUT -j limit-190 +-A INPUT -j limit-189 +-A INPUT -j limit-188 +-A INPUT -j limit-187 +-A INPUT -j limit-186 +-A INPUT -j limit-185 +-A INPUT -j limit-184 +-A INPUT -j limit-183 +-A INPUT -j limit-182 +-A INPUT -j limit-181 +-A INPUT -j limit-180 +-A INPUT -j limit-179 +-A INPUT -j limit-178 +-A INPUT -j limit-177 +-A INPUT -j limit-176 +-A INPUT -j limit-175 +-A INPUT -j limit-174 +-A INPUT -j limit-173 +-A INPUT -j limit-172 +-A INPUT -j limit-171 +-A INPUT -j limit-170 +-A INPUT -j limit-169 +-A INPUT -j limit-168 +-A INPUT -j limit-167 +-A INPUT -j limit-166 +-A INPUT -j limit-165 +-A INPUT -j limit-164 +-A INPUT -j limit-163 +-A INPUT -j limit-162 +-A INPUT -j limit-161 +-A INPUT -j limit-160 +-A INPUT -j limit-159 +-A INPUT -j limit-158 +-A INPUT -j limit-157 +-A INPUT -j limit-156 +-A INPUT -j limit-155 +-A INPUT -j limit-154 +-A INPUT -j limit-153 +-A INPUT -j limit-152 -A INPUT -j limit-151 -A INPUT -j limit-150 -A INPUT -j limit-149 @@ -633,42 +929,6 @@ -A INPUT -j limit-114 -A INPUT -j limit-113 -A INPUT -j limit-112 --A INPUT -j limit-111 --A INPUT -j limit-110 --A INPUT -j limit-109 --A INPUT -j limit-108 --A INPUT -j limit-107 --A INPUT -j limit-106 --A INPUT -j limit-105 --A INPUT -j limit-104 --A INPUT -j limit-103 --A INPUT -j limit-102 --A INPUT -j limit-101 --A INPUT -j limit-100 --A INPUT -j limit-99 --A INPUT -j limit-98 --A INPUT -j limit-97 --A INPUT -j limit-96 --A INPUT -j limit-95 --A INPUT -j limit-94 --A INPUT -j limit-93 --A INPUT -j limit-92 --A INPUT -j limit-91 --A INPUT -j limit-90 --A INPUT -j limit-89 --A INPUT -j limit-88 --A INPUT -j limit-87 --A INPUT -j limit-86 --A INPUT -j limit-85 --A INPUT -j limit-84 --A INPUT -j limit-83 --A INPUT -j limit-82 --A INPUT -j limit-81 --A INPUT -j limit-80 --A INPUT -j limit-79 --A INPUT -j limit-78 --A INPUT -j limit-77 --A INPUT -j limit-76 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -719,92 +979,146 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-13 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-152 --A INPUT -i eth0 -j limit-153 --A INPUT -i eth0 -j limit-154 --A INPUT -i eth0 -j limit-155 --A INPUT -i eth0 -j limit-156 --A INPUT -i eth0 -j limit-157 --A INPUT -i eth0 -j limit-158 --A INPUT -i eth0 -j limit-159 --A INPUT -i eth0 -j limit-160 --A INPUT -i eth0 -j limit-161 --A INPUT -i eth0 -j limit-162 --A INPUT -i eth0 -j limit-163 --A INPUT -i eth0 -j limit-164 --A INPUT -i eth0 -j limit-165 --A INPUT -i eth0 -j limit-166 --A INPUT -i eth0 -j limit-167 --A INPUT -i eth0 -j limit-168 --A INPUT -i eth0 -j limit-169 --A INPUT -i eth0 -j limit-170 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 --A INPUT -i eth0 -j limit-172 --A INPUT -i eth0 -j limit-173 --A INPUT -i eth0 -j limit-174 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 --A INPUT -i eth0 -j limit-176 --A INPUT -i eth0 -j limit-177 --A INPUT -i eth0 -j limit-178 --A INPUT -i eth0 -j limit-179 --A INPUT -i eth0 -j limit-180 --A INPUT -i eth0 -j limit-181 --A INPUT -i eth0 -j limit-182 --A INPUT -i eth0 -j limit-183 --A INPUT -i eth0 -j limit-184 --A INPUT -i eth0 -j limit-185 --A INPUT -i eth0 -j limit-186 --A INPUT -i eth0 -j limit-187 --A INPUT -i eth0 -j limit-188 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-190 --A INPUT -i eth0 -j limit-191 --A INPUT -i eth0 -j limit-192 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-194 --A INPUT -i eth0 -j limit-195 --A INPUT -i eth0 -j limit-196 --A INPUT -i eth0 -j limit-197 --A INPUT -i eth0 -j limit-198 --A INPUT -i eth0 -j limit-199 --A INPUT -i eth0 -j limit-200 --A INPUT -i eth0 -j limit-201 --A INPUT -i eth0 -j limit-202 --A INPUT -i eth0 -j limit-203 --A INPUT -i eth0 -j limit-204 --A INPUT -i eth0 -j limit-205 --A INPUT -i eth0 -j limit-206 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-208 --A INPUT -i eth0 -j limit-209 --A INPUT -i eth0 -j limit-210 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-212 --A INPUT -i eth0 -j limit-213 --A INPUT -i eth0 -j limit-214 --A INPUT -i eth0 -j limit-215 --A INPUT -i eth0 -j limit-216 --A INPUT -i eth0 -j limit-217 --A INPUT -i eth0 -j limit-218 --A INPUT -i eth0 -j limit-219 --A INPUT -i eth0 -j limit-220 --A INPUT -i eth0 -j limit-221 --A INPUT -i eth0 -j limit-222 --A INPUT -i eth0 -j limit-223 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-14 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-15 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-16 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-17 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-18 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-19 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-224 -A INPUT -i eth0 -j limit-225 -A INPUT -i eth0 -j limit-226 -A INPUT -i eth0 -j limit-227 +-A INPUT -i eth0 -j limit-228 +-A INPUT -i eth0 -j limit-229 +-A INPUT -i eth0 -j limit-230 +-A INPUT -i eth0 -j limit-231 +-A INPUT -i eth0 -j limit-232 +-A INPUT -i eth0 -j limit-233 +-A INPUT -i eth0 -j limit-234 +-A INPUT -i eth0 -j limit-235 +-A INPUT -i eth0 -j limit-236 +-A INPUT -i eth0 -j limit-237 +-A INPUT -i eth0 -j limit-238 +-A INPUT -i eth0 -j limit-239 +-A INPUT -i eth0 -j limit-240 +-A INPUT -i eth0 -j limit-241 +-A INPUT -i eth0 -j limit-242 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-92 +-A INPUT -i eth0 -j limit-244 +-A INPUT -i eth0 -j limit-245 +-A INPUT -i eth0 -j limit-246 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-96 +-A INPUT -i eth0 -j limit-248 +-A INPUT -i eth0 -j limit-249 +-A INPUT -i eth0 -j limit-250 +-A INPUT -i eth0 -j limit-251 +-A INPUT -i eth0 -j limit-252 +-A INPUT -i eth0 -j limit-253 +-A INPUT -i eth0 -j limit-254 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-104 +-A INPUT -i eth0 -j limit-256 +-A INPUT -i eth0 -j limit-257 +-A INPUT -i eth0 -j limit-258 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-108 +-A INPUT -i eth0 -j limit-260 +-A INPUT -i eth0 -j limit-261 +-A INPUT -i eth0 -j limit-262 +-A INPUT -i eth0 -j limit-263 +-A INPUT -i eth0 -j limit-264 +-A INPUT -i eth0 -j limit-265 +-A INPUT -i eth0 -j limit-266 +-A INPUT -i eth0 -j limit-267 +-A INPUT -i eth0 -j limit-268 +-A INPUT -i eth0 -j limit-269 +-A INPUT -i eth0 -j limit-270 +-A INPUT -i eth0 -j limit-271 +-A INPUT -i eth0 -j limit-272 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-274 +-A INPUT -i eth0 -j limit-275 +-A INPUT -i eth0 -j limit-276 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-278 +-A INPUT -i eth0 -j limit-279 +-A INPUT -i eth0 -j limit-280 +-A INPUT -i eth0 -j limit-281 +-A INPUT -i eth0 -j limit-282 +-A INPUT -i eth0 -j limit-283 +-A INPUT -i eth0 -j limit-284 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-286 +-A INPUT -i eth0 -j limit-287 +-A INPUT -i eth0 -j limit-288 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-290 +-A INPUT -i eth0 -j limit-291 +-A INPUT -i eth0 -j limit-292 +-A INPUT -i eth0 -j limit-293 +-A INPUT -i eth0 -j limit-294 +-A INPUT -i eth0 -j limit-295 +-A INPUT -i eth0 -j limit-296 +-A INPUT -i eth0 -j limit-297 +-A INPUT -i eth0 -j limit-298 +-A INPUT -i eth0 -j limit-299 +-A INPUT -i eth0 -j limit-300 +-A INPUT -i eth0 -j limit-301 +-A INPUT -i eth0 -j limit-302 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-304 +-A INPUT -i eth0 -j limit-305 +-A INPUT -i eth0 -j limit-306 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-308 +-A INPUT -i eth0 -j limit-309 +-A INPUT -i eth0 -j limit-310 +-A INPUT -i eth0 -j limit-311 +-A INPUT -i eth0 -j limit-312 +-A INPUT -i eth0 -j limit-313 +-A INPUT -i eth0 -j limit-314 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-316 +-A INPUT -i eth0 -j limit-317 +-A INPUT -i eth0 -j limit-318 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-320 +-A INPUT -i eth0 -j limit-321 +-A INPUT -i eth0 -j limit-322 +-A INPUT -i eth0 -j limit-323 +-A INPUT -i eth0 -j limit-324 +-A INPUT -i eth0 -j limit-325 +-A INPUT -i eth0 -j limit-326 +-A INPUT -i eth0 -j limit-327 +-A INPUT -i eth0 -j limit-328 +-A INPUT -i eth0 -j limit-329 +-A INPUT -i eth0 -j limit-330 +-A INPUT -i eth0 -j limit-331 +-A INPUT -i eth0 -j limit-332 +-A INPUT -i eth0 -j limit-333 +-A INPUT -i eth0 -j limit-334 +-A INPUT -i eth0 -j limit-335 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-73 +-A INPUT -j logdrop-109 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-74 +-A INPUT -j logdrop-110 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -823,6 +1137,78 @@ -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-223 +-A OUTPUT -j limit-222 +-A OUTPUT -j limit-221 +-A OUTPUT -j limit-220 +-A OUTPUT -j limit-219 +-A OUTPUT -j limit-218 +-A OUTPUT -j limit-217 +-A OUTPUT -j limit-216 +-A OUTPUT -j limit-215 +-A OUTPUT -j limit-214 +-A OUTPUT -j limit-213 +-A OUTPUT -j limit-212 +-A OUTPUT -j limit-211 +-A OUTPUT -j limit-210 +-A OUTPUT -j limit-209 +-A OUTPUT -j limit-208 +-A OUTPUT -j limit-207 +-A OUTPUT -j limit-206 +-A OUTPUT -j limit-205 +-A OUTPUT -j limit-204 +-A OUTPUT -j limit-203 +-A OUTPUT -j limit-202 +-A OUTPUT -j limit-201 +-A OUTPUT -j limit-200 +-A OUTPUT -j limit-199 +-A OUTPUT -j limit-198 +-A OUTPUT -j limit-197 +-A OUTPUT -j limit-196 +-A OUTPUT -j limit-195 +-A OUTPUT -j limit-194 +-A OUTPUT -j limit-193 +-A OUTPUT -j limit-192 +-A OUTPUT -j limit-191 +-A OUTPUT -j limit-190 +-A OUTPUT -j limit-189 +-A OUTPUT -j limit-188 +-A OUTPUT -j limit-187 +-A OUTPUT -j limit-186 +-A OUTPUT -j limit-185 +-A OUTPUT -j limit-184 +-A OUTPUT -j limit-183 +-A OUTPUT -j limit-182 +-A OUTPUT -j limit-181 +-A OUTPUT -j limit-180 +-A OUTPUT -j limit-179 +-A OUTPUT -j limit-178 +-A OUTPUT -j limit-177 +-A OUTPUT -j limit-176 +-A OUTPUT -j limit-175 +-A OUTPUT -j limit-174 +-A OUTPUT -j limit-173 +-A OUTPUT -j limit-172 +-A OUTPUT -j limit-171 +-A OUTPUT -j limit-170 +-A OUTPUT -j limit-169 +-A OUTPUT -j limit-168 +-A OUTPUT -j limit-167 +-A OUTPUT -j limit-166 +-A OUTPUT -j limit-165 +-A OUTPUT -j limit-164 +-A OUTPUT -j limit-163 +-A OUTPUT -j limit-162 +-A OUTPUT -j limit-161 +-A OUTPUT -j limit-160 +-A OUTPUT -j limit-159 +-A OUTPUT -j limit-158 +-A OUTPUT -j limit-157 +-A OUTPUT -j limit-156 +-A OUTPUT -j limit-155 +-A OUTPUT -j limit-154 +-A OUTPUT -j limit-153 +-A OUTPUT -j limit-152 -A OUTPUT -j limit-151 -A OUTPUT -j limit-150 -A OUTPUT -j limit-149 @@ -863,42 +1249,6 @@ -A OUTPUT -j limit-114 -A OUTPUT -j limit-113 -A OUTPUT -j limit-112 --A OUTPUT -j limit-111 --A OUTPUT -j limit-110 --A OUTPUT -j limit-109 --A OUTPUT -j limit-108 --A OUTPUT -j limit-107 --A OUTPUT -j limit-106 --A OUTPUT -j limit-105 --A OUTPUT -j limit-104 --A OUTPUT -j limit-103 --A OUTPUT -j limit-102 --A OUTPUT -j limit-101 --A OUTPUT -j limit-100 --A OUTPUT -j limit-99 --A OUTPUT -j limit-98 --A OUTPUT -j limit-97 --A OUTPUT -j limit-96 --A OUTPUT -j limit-95 --A OUTPUT -j limit-94 --A OUTPUT -j limit-93 --A OUTPUT -j limit-92 --A OUTPUT -j limit-91 --A OUTPUT -j limit-90 --A OUTPUT -j limit-89 --A OUTPUT -j limit-88 --A OUTPUT -j limit-87 --A OUTPUT -j limit-86 --A OUTPUT -j limit-85 --A OUTPUT -j limit-84 --A OUTPUT -j limit-83 --A OUTPUT -j limit-82 --A OUTPUT -j limit-81 --A OUTPUT -j limit-80 --A OUTPUT -j limit-79 --A OUTPUT -j limit-78 --A OUTPUT -j limit-77 --A OUTPUT -j limit-76 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -938,17 +1288,17 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 --A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 --A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 @@ -956,23 +1306,23 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-46 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-47 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-48 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-49 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-50 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-51 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 -A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-58 --A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-59 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-60 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-61 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-62 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-63 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-64 --A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-65 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-66 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-67 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-68 @@ -983,6 +1333,42 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-73 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-74 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-75 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-76 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-77 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-78 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-80 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-81 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-82 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-84 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-85 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-86 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-87 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-88 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-89 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-90 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-92 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-93 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-94 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-96 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-97 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-98 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-99 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-100 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-101 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-102 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-103 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-104 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-105 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-106 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-107 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-108 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-109 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-110 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-111 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -1025,6 +1411,42 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-13 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-14 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-15 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-16 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-17 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-18 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-19 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -1070,13 +1492,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-73 +-A OUTPUT -j logdrop-109 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-74 +-A OUTPUT -j logdrop-110 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -1102,461 +1524,650 @@ -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set --A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set --A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set --A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-104 -m recent --name limit-104 --rsource --mask 255.255.255.255 --set --A limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-105 -m recent --name limit-105 --rsource --mask 255.255.255.255 --set --A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-106 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-107 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-108 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-109 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j ACCEPT +-A limit-100 -m limit --limit 1/second -j LOG +-A limit-100 -j DROP +-A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN +-A limit-101 -m limit --limit 1/second -j LOG +-A limit-101 -j DROP +-A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j logaccept-1 +-A limit-102 -m limit --limit 1/second -j LOG +-A limit-102 -j DROP +-A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j ACCEPT +-A limit-103 -m limit --limit 1/second -j LOG +-A limit-103 -j DROP +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT +-A limit-104 -j DROP +-A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN +-A limit-105 -j DROP +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-2 +-A limit-106 -j DROP +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -j DROP +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT +-A limit-108 -j DROP +-A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN +-A limit-109 -j DROP -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set --A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-110 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-111 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-112 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-113 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-114 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-115 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-115 -m limit --limit 1/second -j LOG --A limit-116 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-117 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-3 +-A limit-110 -j DROP +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT +-A limit-111 -j DROP +-A limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-112 -m recent --name limit-112 --rsource --mask 255.255.255.255 --set +-A limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-113 -m recent --name limit-113 --rsource --mask 255.255.255.255 --set +-A limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --set +-A limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set +-A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 -A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set --A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 -A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 -A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set --A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 -A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 -A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set --A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 -A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set --A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 -A limit-124 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 -A limit-125 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 -A limit-126 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 -A limit-127 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 -A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 -A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-55 +-A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-56 +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-57 +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-58 -A limit-133 -m limit --limit 1/second -j LOG --A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-136 -j RETURN --A limit-136 -m limit --limit 1/second -j LOG --A limit-136 -j DROP --A limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-137 -j RETURN --A limit-137 -m limit --limit 1/second -j LOG --A limit-137 -j DROP --A limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-138 -j RETURN --A limit-138 -m limit --limit 1/second -j LOG --A limit-138 -j DROP --A limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-139 -j RETURN --A limit-139 -m limit --limit 1/second -j LOG --A limit-139 -j DROP +-A limit-134 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-59 +-A limit-135 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-60 +-A limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 +-A limit-136 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 +-A limit-137 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 +-A limit-138 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 +-A limit-139 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-140 -j RETURN --A limit-140 -m limit --limit 1/second -j LOG --A limit-140 -j DROP --A limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-141 -j RETURN --A limit-141 -m limit --limit 1/second -j LOG --A limit-141 -j DROP --A limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-142 -j RETURN --A limit-142 -m limit --limit 1/second -j LOG --A limit-142 -j DROP --A limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-143 -j RETURN --A limit-143 -m limit --limit 1/second -j LOG --A limit-143 -j DROP --A limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-144 -j RETURN --A limit-144 -j DROP --A limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-145 -j RETURN --A limit-145 -j DROP --A limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-146 -j RETURN --A limit-146 -j DROP --A limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-147 -j RETURN --A limit-147 -j DROP --A limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-148 -j RETURN --A limit-148 -j DROP --A limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-149 -j RETURN --A limit-149 -j DROP +-A limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 +-A limit-140 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 +-A limit-141 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-142 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-143 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-68 +-A limit-144 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-145 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-145 -m limit --limit 1/second -j LOG +-A limit-146 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-147 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-72 +-A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set +-A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-150 -j RETURN --A limit-150 -j DROP --A limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-151 -j RETURN --A limit-151 -j DROP --A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set +-A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-152 -m recent --name limit-152 --rsource --mask 255.255.255.255 --set +-A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-153 -m recent --name limit-153 --rsource --mask 255.255.255.255 --set --A limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-154 -m limit --limit 1/second -j LOG --A limit-154 -m recent --name limit-154 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-155 -m recent --name limit-155 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-156 -m recent --name limit-156 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-157 -m recent --name limit-157 --rsource --mask 255.255.255.255 --set --A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-55 --A limit-158 -m recent --name limit-158 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-56 --A limit-159 -m recent --name limit-159 --rsource --mask 255.255.255.255 --set +-A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-158 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-159 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-57 --A limit-160 -m limit --limit 1/second -j LOG --A limit-160 -m recent --name limit-160 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-58 --A limit-161 -m recent --name limit-161 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-59 --A limit-162 -m recent --name limit-162 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-60 --A limit-163 -m recent --name limit-163 --rsource --mask 255.255.255.255 --set --A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-61 --A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-62 --A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-63 --A limit-166 -m limit --limit 1/second -j LOG --A limit-166 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-64 --A limit-167 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-65 --A limit-168 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-66 --A limit-169 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-160 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-161 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-162 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-163 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-163 -m limit --limit 1/second -j LOG +-A limit-164 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-165 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-166 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-167 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-168 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-169 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-170 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-67 --A limit-170 -j ACCEPT --A limit-172 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-69 --A limit-172 -m limit --limit 1/second -j LOG --A limit-172 -j ACCEPT --A limit-173 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-70 --A limit-173 -m limit --limit 1/second -j LOG --A limit-174 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-71 --A limit-174 -j ACCEPT --A limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-176 -m recent --name limit-176 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-177 -m recent --name limit-177 --rsource --mask 255.255.255.255 --set +-A limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-170 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-171 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-172 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-173 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-174 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-175 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-175 -m limit --limit 1/second -j LOG +-A limit-176 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-177 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-178 -m limit --limit 1/second -j LOG --A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-178 -m recent --name limit-178 --rsource --mask 255.255.255.255 --set -A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-179 -m recent --name limit-179 --rsource --mask 255.255.255.255 --set -A limit-18 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19 -A limit-18 -j ACCEPT -A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-180 -m recent --name limit-180 --rsource --mask 255.255.255.255 --set -A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set --A limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-182 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-183 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-181 -m recent --name limit-181 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-182 -m recent --name limit-182 --rsource --mask 255.255.255.255 --set +-A limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-183 -m recent --name limit-183 --rsource --mask 255.255.255.255 --set -A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-184 -m limit --limit 1/second -j LOG --A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-184 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-185 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-186 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-188 -j ACCEPT +-A limit-187 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-188 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-189 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-190 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-190 -m limit --limit 1/second -j LOG --A limit-190 -j ACCEPT -A limit-191 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-191 -m limit --limit 1/second -j LOG -A limit-192 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-192 -j ACCEPT --A limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-194 -m recent --name limit-194 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-195 -m recent --name limit-195 --rsource --mask 255.255.255.255 --set --A limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-196 -m limit --limit 1/second -j LOG --A limit-196 -m recent --name limit-196 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-197 -m recent --name limit-197 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-198 -m recent --name limit-198 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-199 -m recent --name limit-199 --rsource --mask 255.255.255.255 --set +-A limit-193 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-193 -m limit --limit 1/second -j LOG +-A limit-194 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-195 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-197 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-198 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-199 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-20 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG -A limit-20 -j ACCEPT --A limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-200 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-201 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-202 -m limit --limit 1/second -j LOG --A limit-202 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-203 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-204 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-205 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-206 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-206 -j ACCEPT --A limit-208 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-201 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-202 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-203 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-204 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m limit --limit 1/second -j LOG +-A limit-206 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-207 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-208 -j RETURN -A limit-208 -m limit --limit 1/second -j LOG --A limit-208 -j ACCEPT --A limit-209 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -j DROP +-A limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-209 -j RETURN -A limit-209 -m limit --limit 1/second -j LOG +-A limit-209 -j DROP -A limit-21 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22 -A limit-21 -m limit --limit 1/second -j LOG --A limit-210 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-210 -j ACCEPT --A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j ACCEPT +-A limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-210 -j RETURN +-A limit-210 -m limit --limit 1/second -j LOG +-A limit-210 -j DROP +-A limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-211 -j RETURN +-A limit-211 -m limit --limit 1/second -j LOG +-A limit-211 -j DROP +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-212 -j RETURN -A limit-212 -m limit --limit 1/second -j LOG -A limit-212 -j DROP -A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-213 -j RETURN -A limit-213 -m limit --limit 1/second -j LOG -A limit-213 -j DROP --A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j logaccept-4 +-A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-214 -j RETURN -A limit-214 -m limit --limit 1/second -j LOG -A limit-214 -j DROP --A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j ACCEPT +-A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-215 -j RETURN -A limit-215 -m limit --limit 1/second -j LOG -A limit-215 -j DROP --A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j ACCEPT --A limit-216 -m limit --limit 1/second -j LOG +-A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-216 -j RETURN -A limit-216 -j DROP -A limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-217 -j RETURN --A limit-217 -m limit --limit 1/second -j LOG -A limit-217 -j DROP --A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j logaccept-5 --A limit-218 -m limit --limit 1/second -j LOG +-A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-218 -j RETURN -A limit-218 -j DROP --A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j ACCEPT --A limit-219 -m limit --limit 1/second -j LOG +-A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-219 -j RETURN -A limit-219 -j DROP -A limit-22 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23 -A limit-22 -j ACCEPT --A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j ACCEPT +-A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-220 -j RETURN -A limit-220 -j DROP -A limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-221 -j RETURN -A limit-221 -j DROP --A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j logaccept-6 +-A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-222 -j RETURN -A limit-222 -j DROP --A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j ACCEPT +-A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-223 -j RETURN -A limit-223 -j DROP --A limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-224 -j ACCEPT --A limit-224 -j DROP --A limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-225 -j RETURN --A limit-225 -j DROP --A limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-226 -j logaccept-7 --A limit-226 -j DROP --A limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-227 -j ACCEPT --A limit-227 -j DROP --A limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-24 -m recent --name limit-24 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-25 -m recent --name limit-25 --rsource --mask 255.255.255.255 --set --A limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-73 +-A limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set +-A limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-75 +-A limit-226 -m limit --limit 1/second -j LOG +-A limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-76 +-A limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-77 +-A limit-228 -m recent --name limit-228 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-78 +-A limit-229 -m recent --name limit-229 --rsource --mask 255.255.255.255 --set +-A limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-79 +-A limit-230 -m recent --name limit-230 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-80 +-A limit-231 -m recent --name limit-231 --rsource --mask 255.255.255.255 --set +-A limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-81 +-A limit-232 -m limit --limit 1/second -j LOG +-A limit-232 -m recent --name limit-232 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-82 +-A limit-233 -m recent --name limit-233 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-83 +-A limit-234 -m recent --name limit-234 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-84 +-A limit-235 -m recent --name limit-235 --rsource --mask 255.255.255.255 --set +-A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-85 +-A limit-236 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-86 +-A limit-237 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-87 +-A limit-238 -m limit --limit 1/second -j LOG +-A limit-238 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-88 +-A limit-239 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-24 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-89 +-A limit-240 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-90 +-A limit-241 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-242 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-91 +-A limit-242 -j ACCEPT +-A limit-244 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-93 +-A limit-244 -m limit --limit 1/second -j LOG +-A limit-244 -j ACCEPT +-A limit-245 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-94 +-A limit-245 -m limit --limit 1/second -j LOG +-A limit-246 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-95 +-A limit-246 -j ACCEPT +-A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-97 +-A limit-248 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-98 +-A limit-249 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-25 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-99 +-A limit-250 -m limit --limit 1/second -j LOG +-A limit-250 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-100 +-A limit-251 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-101 +-A limit-252 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-102 +-A limit-253 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-254 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-103 +-A limit-254 -j ACCEPT +-A limit-256 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-105 +-A limit-256 -m limit --limit 1/second -j LOG +-A limit-256 -j ACCEPT +-A limit-257 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-106 +-A limit-257 -m limit --limit 1/second -j LOG +-A limit-258 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-107 +-A limit-258 -j ACCEPT +-A limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -m recent --name limit-26 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-27 -m recent --name limit-27 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-28 -m recent --name limit-28 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-29 -m recent --name limit-29 --rsource --mask 255.255.255.255 --set +-A limit-26 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-260 -m recent --name limit-260 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-261 -m recent --name limit-261 --rsource --mask 255.255.255.255 --set +-A limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-262 -m limit --limit 1/second -j LOG +-A limit-262 -m recent --name limit-262 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-263 -m recent --name limit-263 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-264 -m recent --name limit-264 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m recent --name limit-265 --rsource --mask 255.255.255.255 --set +-A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-266 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-267 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m limit --limit 1/second -j LOG +-A limit-268 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-269 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-27 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-270 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-271 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-272 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-272 -j ACCEPT +-A limit-274 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-274 -m limit --limit 1/second -j LOG +-A limit-274 -j ACCEPT +-A limit-275 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-275 -m limit --limit 1/second -j LOG +-A limit-276 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-276 -j ACCEPT +-A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-278 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-279 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-28 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-280 -m limit --limit 1/second -j LOG +-A limit-280 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-281 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-282 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-283 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-284 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-284 -j ACCEPT +-A limit-286 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-286 -m limit --limit 1/second -j LOG +-A limit-286 -j ACCEPT +-A limit-287 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-287 -m limit --limit 1/second -j LOG +-A limit-288 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-288 -j ACCEPT +-A limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-29 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-290 -m recent --name limit-290 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-291 -m recent --name limit-291 --rsource --mask 255.255.255.255 --set +-A limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-292 -m limit --limit 1/second -j LOG +-A limit-292 -m recent --name limit-292 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-293 -m recent --name limit-293 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-294 -m recent --name limit-294 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m recent --name limit-295 --rsource --mask 255.255.255.255 --set +-A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-296 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-297 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m limit --limit 1/second -j LOG +-A limit-298 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-299 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-30 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-31 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-30 -j ACCEPT +-A limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-300 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-301 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-302 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-302 -j ACCEPT +-A limit-304 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-304 -m limit --limit 1/second -j LOG +-A limit-304 -j ACCEPT +-A limit-305 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-305 -m limit --limit 1/second -j LOG +-A limit-306 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-306 -j ACCEPT +-A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-308 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-309 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-310 -m limit --limit 1/second -j LOG +-A limit-310 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-311 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-312 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-313 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-314 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-314 -j ACCEPT +-A limit-316 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-316 -m limit --limit 1/second -j LOG +-A limit-316 -j ACCEPT +-A limit-317 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-317 -m limit --limit 1/second -j LOG +-A limit-318 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-318 -j ACCEPT +-A limit-32 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-33 -A limit-32 -m limit --limit 1/second -j LOG --A limit-32 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-33 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-34 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-35 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-36 -j ACCEPT --A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-32 -j ACCEPT +-A limit-320 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-320 -j ACCEPT +-A limit-320 -m limit --limit 1/second -j LOG +-A limit-320 -j DROP +-A limit-321 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-321 -j RETURN +-A limit-321 -m limit --limit 1/second -j LOG +-A limit-321 -j DROP +-A limit-322 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-322 -j logaccept-4 +-A limit-322 -m limit --limit 1/second -j LOG +-A limit-322 -j DROP +-A limit-323 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-323 -j ACCEPT +-A limit-323 -m limit --limit 1/second -j LOG +-A limit-323 -j DROP +-A limit-324 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-324 -j ACCEPT +-A limit-324 -m limit --limit 1/second -j LOG +-A limit-324 -j DROP +-A limit-325 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-325 -j RETURN +-A limit-325 -m limit --limit 1/second -j LOG +-A limit-325 -j DROP +-A limit-326 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-326 -j logaccept-5 +-A limit-326 -m limit --limit 1/second -j LOG +-A limit-326 -j DROP +-A limit-327 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-327 -j ACCEPT +-A limit-327 -m limit --limit 1/second -j LOG +-A limit-327 -j DROP +-A limit-328 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-328 -j ACCEPT +-A limit-328 -j DROP +-A limit-329 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-329 -j RETURN +-A limit-329 -j DROP +-A limit-33 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-33 -m limit --limit 1/second -j LOG +-A limit-330 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-330 -j logaccept-6 +-A limit-330 -j DROP +-A limit-331 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-331 -j ACCEPT +-A limit-331 -j DROP +-A limit-332 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-332 -j ACCEPT +-A limit-332 -j DROP +-A limit-333 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-333 -j RETURN +-A limit-333 -j DROP +-A limit-334 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-334 -j logaccept-7 +-A limit-334 -j DROP +-A limit-335 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-335 -j ACCEPT +-A limit-335 -j DROP +-A limit-34 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-34 -j ACCEPT +-A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --set +-A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG --A limit-38 -j ACCEPT --A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-39 -m limit --limit 1/second -j LOG +-A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-40 -j ACCEPT --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set +-A limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set --A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-49 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-44 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-46 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-48 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-48 -j ACCEPT -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set --A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-50 -m limit --limit 1/second -j LOG --A limit-50 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-53 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-54 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-54 -j ACCEPT --A limit-56 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-50 -j ACCEPT +-A limit-51 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-51 -m limit --limit 1/second -j LOG +-A limit-52 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-52 -j ACCEPT +-A limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-54 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-55 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-56 -m limit --limit 1/second -j LOG --A limit-56 -j ACCEPT --A limit-57 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-57 -m limit --limit 1/second -j LOG --A limit-58 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-58 -j ACCEPT +-A limit-56 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-58 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-60 -j ACCEPT --A limit-60 -m limit --limit 1/second -j LOG --A limit-60 -j DROP --A limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-61 -j RETURN --A limit-61 -m limit --limit 1/second -j LOG --A limit-61 -j DROP --A limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-62 -j logaccept-0 +-A limit-60 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-60 -j ACCEPT +-A limit-62 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-62 -m limit --limit 1/second -j LOG --A limit-62 -j DROP --A limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-63 -j ACCEPT +-A limit-62 -j ACCEPT +-A limit-63 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-63 -m limit --limit 1/second -j LOG --A limit-63 -j DROP --A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j ACCEPT --A limit-64 -m limit --limit 1/second -j LOG --A limit-64 -j DROP --A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN --A limit-65 -m limit --limit 1/second -j LOG --A limit-65 -j DROP --A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j logaccept-1 --A limit-66 -m limit --limit 1/second -j LOG --A limit-66 -j DROP --A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j ACCEPT --A limit-67 -m limit --limit 1/second -j LOG --A limit-67 -j DROP --A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j ACCEPT --A limit-68 -j DROP --A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN --A limit-69 -j DROP +-A limit-64 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-64 -j ACCEPT +-A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set +-A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-68 -m limit --limit 1/second -j LOG +-A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set --A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j logaccept-2 --A limit-70 -j DROP --A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j ACCEPT --A limit-71 -j DROP --A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j ACCEPT --A limit-72 -j DROP --A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN --A limit-73 -j DROP --A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j logaccept-3 --A limit-74 -j DROP --A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j ACCEPT --A limit-75 -j DROP --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set --A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set --A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --set +-A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-74 -m limit --limit 1/second -j LOG +-A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-76 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-76 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-77 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-78 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-78 -j ACCEPT -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set --A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set --A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set --A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set --A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set --A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set --A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set --A limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-88 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-89 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-80 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m limit --limit 1/second -j LOG +-A limit-80 -j ACCEPT +-A limit-81 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-81 -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-82 -j ACCEPT +-A limit-84 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-84 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-85 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-85 -m recent --name user:foo --rdest --mask 255.255.255.255 --set +-A limit-86 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-86 -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-87 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-87 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-88 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-88 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -j ACCEPT +-A limit-89 -m recent --name user:foo --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-89 -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-90 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-91 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-92 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-93 -m recent --name user:foo --rsource --mask 255.255.255.255 --set --A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-43 --A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-44 --A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-45 --A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-90 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-90 -j ACCEPT +-A limit-92 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-92 -m limit --limit 1/second -j LOG +-A limit-92 -j ACCEPT +-A limit-93 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-93 -m limit --limit 1/second -j LOG +-A limit-94 -m recent --name user:foo --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-94 -j ACCEPT +-A limit-96 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-96 -j ACCEPT +-A limit-96 -m limit --limit 1/second -j LOG +-A limit-96 -j DROP +-A limit-97 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-97 -j RETURN -A limit-97 -m limit --limit 1/second -j LOG --A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-47 --A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-48 +-A limit-97 -j DROP +-A limit-98 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-98 -j logaccept-0 +-A limit-98 -m limit --limit 1/second -j LOG +-A limit-98 -j DROP +-A limit-99 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-99 -j ACCEPT +-A limit-99 -m limit --limit 1/second -j LOG +-A limit-99 -j DROP -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -1587,6 +2198,18 @@ -A logaccept-final-12 -j ACCEPT -A logaccept-final-13 -m limit --limit 1/second -j LOG -A logaccept-final-13 -j ACCEPT +-A logaccept-final-14 -m limit --limit 1/second -j LOG +-A logaccept-final-14 -j ACCEPT +-A logaccept-final-15 -m limit --limit 1/second -j LOG +-A logaccept-final-15 -j ACCEPT +-A logaccept-final-16 -m limit --limit 1/second -j LOG +-A logaccept-final-16 -j ACCEPT +-A logaccept-final-17 -m limit --limit 1/second -j LOG +-A logaccept-final-17 -j ACCEPT +-A logaccept-final-18 -m limit --limit 1/second -j LOG +-A logaccept-final-18 -j ACCEPT +-A logaccept-final-19 -m limit --limit 1/second -j LOG +-A logaccept-final-19 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -1609,8 +2232,26 @@ -A logdrop-1 -j DROP -A logdrop-10 -m limit --limit 1/second -j LOG -A logdrop-10 -j DROP +-A logdrop-100 -m limit --limit 1/second -j LOG +-A logdrop-100 -j DROP +-A logdrop-101 -m limit --limit 1/second -j LOG +-A logdrop-101 -j DROP +-A logdrop-102 -m limit --limit 1/second -j LOG +-A logdrop-102 -j DROP +-A logdrop-103 -m limit --limit 1/second -j LOG +-A logdrop-103 -j DROP +-A logdrop-105 -m limit --limit 1/second -j LOG +-A logdrop-105 -j DROP +-A logdrop-106 -m limit --limit 1/second -j LOG +-A logdrop-106 -j DROP +-A logdrop-107 -m limit --limit 1/second -j LOG +-A logdrop-107 -j DROP +-A logdrop-109 -m limit --limit 1/second -j LOG +-A logdrop-109 -j DROP -A logdrop-11 -m limit --limit 1/second -j LOG -A logdrop-11 -j DROP +-A logdrop-110 -m limit --limit 1/second -j LOG +-A logdrop-110 -j DROP -A logdrop-12 -m limit --limit 1/second -j LOG -A logdrop-12 -j DROP -A logdrop-13 -m limit --limit 1/second -j LOG @@ -1651,16 +2292,12 @@ -A logdrop-30 -j DROP -A logdrop-31 -m limit --limit 1/second -j LOG -A logdrop-31 -j DROP --A logdrop-32 -m limit --limit 1/second -j LOG --A logdrop-32 -j DROP -A logdrop-33 -m limit --limit 1/second -j LOG -A logdrop-33 -j DROP -A logdrop-34 -m limit --limit 1/second -j LOG -A logdrop-34 -j DROP -A logdrop-35 -m limit --limit 1/second -j LOG -A logdrop-35 -j DROP --A logdrop-36 -m limit --limit 1/second -j LOG --A logdrop-36 -j DROP -A logdrop-37 -m limit --limit 1/second -j LOG -A logdrop-37 -j DROP -A logdrop-38 -m limit --limit 1/second -j LOG @@ -1729,6 +2366,8 @@ -A logdrop-66 -j DROP -A logdrop-67 -m limit --limit 1/second -j LOG -A logdrop-67 -j DROP +-A logdrop-68 -m limit --limit 1/second -j LOG +-A logdrop-68 -j DROP -A logdrop-69 -m limit --limit 1/second -j LOG -A logdrop-69 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG @@ -1737,14 +2376,62 @@ -A logdrop-70 -j DROP -A logdrop-71 -m limit --limit 1/second -j LOG -A logdrop-71 -j DROP +-A logdrop-72 -m limit --limit 1/second -j LOG +-A logdrop-72 -j DROP -A logdrop-73 -m limit --limit 1/second -j LOG -A logdrop-73 -j DROP -A logdrop-74 -m limit --limit 1/second -j LOG -A logdrop-74 -j DROP +-A logdrop-75 -m limit --limit 1/second -j LOG +-A logdrop-75 -j DROP +-A logdrop-76 -m limit --limit 1/second -j LOG +-A logdrop-76 -j DROP +-A logdrop-77 -m limit --limit 1/second -j LOG +-A logdrop-77 -j DROP +-A logdrop-78 -m limit --limit 1/second -j LOG +-A logdrop-78 -j DROP +-A logdrop-79 -m limit --limit 1/second -j LOG +-A logdrop-79 -j DROP -A logdrop-8 -m limit --limit 1/second -j LOG -A logdrop-8 -j DROP +-A logdrop-80 -m limit --limit 1/second -j LOG +-A logdrop-80 -j DROP +-A logdrop-81 -m limit --limit 1/second -j LOG +-A logdrop-81 -j DROP +-A logdrop-82 -m limit --limit 1/second -j LOG +-A logdrop-82 -j DROP +-A logdrop-83 -m limit --limit 1/second -j LOG +-A logdrop-83 -j DROP +-A logdrop-84 -m limit --limit 1/second -j LOG +-A logdrop-84 -j DROP +-A logdrop-85 -m limit --limit 1/second -j LOG +-A logdrop-85 -j DROP +-A logdrop-86 -m limit --limit 1/second -j LOG +-A logdrop-86 -j DROP +-A logdrop-87 -m limit --limit 1/second -j LOG +-A logdrop-87 -j DROP +-A logdrop-88 -m limit --limit 1/second -j LOG +-A logdrop-88 -j DROP +-A logdrop-89 -m limit --limit 1/second -j LOG +-A logdrop-89 -j DROP -A logdrop-9 -m limit --limit 1/second -j LOG -A logdrop-9 -j DROP +-A logdrop-90 -m limit --limit 1/second -j LOG +-A logdrop-90 -j DROP +-A logdrop-91 -m limit --limit 1/second -j LOG +-A logdrop-91 -j DROP +-A logdrop-93 -m limit --limit 1/second -j LOG +-A logdrop-93 -j DROP +-A logdrop-94 -m limit --limit 1/second -j LOG +-A logdrop-94 -j DROP +-A logdrop-95 -m limit --limit 1/second -j LOG +-A logdrop-95 -j DROP +-A logdrop-97 -m limit --limit 1/second -j LOG +-A logdrop-97 -j DROP +-A logdrop-98 -m limit --limit 1/second -j LOG +-A logdrop-98 -j DROP +-A logdrop-99 -m limit --limit 1/second -j LOG +-A logdrop-99 -j DROP -A logpass-0 -m limit --limit 1/second -j LOG -A logreject-0 -m limit --limit 1/second -j LOG -A logreject-0 -j REJECT @@ -1826,6 +2513,24 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -1913,6 +2618,42 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack diff --git a/test/output/rules6-save b/test/output/rules6-save index d79f6a9..fa1677a 100644 --- a/test/output/rules6-save +++ b/test/output/rules6-save @@ -85,9 +85,11 @@ :limit-169 - [0:0] :limit-17 - [0:0] :limit-170 - [0:0] +:limit-171 - [0:0] :limit-172 - [0:0] :limit-173 - [0:0] :limit-174 - [0:0] +:limit-175 - [0:0] :limit-176 - [0:0] :limit-177 - [0:0] :limit-178 - [0:0] @@ -102,9 +104,11 @@ :limit-186 - [0:0] :limit-187 - [0:0] :limit-188 - [0:0] +:limit-189 - [0:0] :limit-190 - [0:0] :limit-191 - [0:0] :limit-192 - [0:0] +:limit-193 - [0:0] :limit-194 - [0:0] :limit-195 - [0:0] :limit-196 - [0:0] @@ -120,10 +124,12 @@ :limit-204 - [0:0] :limit-205 - [0:0] :limit-206 - [0:0] +:limit-207 - [0:0] :limit-208 - [0:0] :limit-209 - [0:0] :limit-21 - [0:0] :limit-210 - [0:0] +:limit-211 - [0:0] :limit-212 - [0:0] :limit-213 - [0:0] :limit-214 - [0:0] @@ -141,24 +147,120 @@ :limit-225 - [0:0] :limit-226 - [0:0] :limit-227 - [0:0] +:limit-228 - [0:0] +:limit-229 - [0:0] +:limit-230 - [0:0] +:limit-231 - [0:0] +:limit-232 - [0:0] +:limit-233 - [0:0] +:limit-234 - [0:0] +:limit-235 - [0:0] +:limit-236 - [0:0] +:limit-237 - [0:0] +:limit-238 - [0:0] +:limit-239 - [0:0] :limit-24 - [0:0] +:limit-240 - [0:0] +:limit-241 - [0:0] +:limit-242 - [0:0] +:limit-244 - [0:0] +:limit-245 - [0:0] +:limit-246 - [0:0] +:limit-248 - [0:0] +:limit-249 - [0:0] :limit-25 - [0:0] +:limit-250 - [0:0] +:limit-251 - [0:0] +:limit-252 - [0:0] +:limit-253 - [0:0] +:limit-254 - [0:0] +:limit-256 - [0:0] +:limit-257 - [0:0] +:limit-258 - [0:0] :limit-26 - [0:0] +:limit-260 - [0:0] +:limit-261 - [0:0] +:limit-262 - [0:0] +:limit-263 - [0:0] +:limit-264 - [0:0] +:limit-265 - [0:0] +:limit-266 - [0:0] +:limit-267 - [0:0] +:limit-268 - [0:0] +:limit-269 - [0:0] :limit-27 - [0:0] +:limit-270 - [0:0] +:limit-271 - [0:0] +:limit-272 - [0:0] +:limit-274 - [0:0] +:limit-275 - [0:0] +:limit-276 - [0:0] +:limit-278 - [0:0] +:limit-279 - [0:0] :limit-28 - [0:0] +:limit-280 - [0:0] +:limit-281 - [0:0] +:limit-282 - [0:0] +:limit-283 - [0:0] +:limit-284 - [0:0] +:limit-286 - [0:0] +:limit-287 - [0:0] +:limit-288 - [0:0] :limit-29 - [0:0] +:limit-290 - [0:0] +:limit-291 - [0:0] +:limit-292 - [0:0] +:limit-293 - [0:0] +:limit-294 - [0:0] +:limit-295 - [0:0] +:limit-296 - [0:0] +:limit-297 - [0:0] +:limit-298 - [0:0] +:limit-299 - [0:0] :limit-3 - [0:0] :limit-30 - [0:0] -:limit-31 - [0:0] +:limit-300 - [0:0] +:limit-301 - [0:0] +:limit-302 - [0:0] +:limit-304 - [0:0] +:limit-305 - [0:0] +:limit-306 - [0:0] +:limit-308 - [0:0] +:limit-309 - [0:0] +:limit-310 - [0:0] +:limit-311 - [0:0] +:limit-312 - [0:0] +:limit-313 - [0:0] +:limit-314 - [0:0] +:limit-316 - [0:0] +:limit-317 - [0:0] +:limit-318 - [0:0] :limit-32 - [0:0] +:limit-320 - [0:0] +:limit-321 - [0:0] +:limit-322 - [0:0] +:limit-323 - [0:0] +:limit-324 - [0:0] +:limit-325 - [0:0] +:limit-326 - [0:0] +:limit-327 - [0:0] +:limit-328 - [0:0] +:limit-329 - [0:0] :limit-33 - [0:0] +:limit-330 - [0:0] +:limit-331 - [0:0] +:limit-332 - [0:0] +:limit-333 - [0:0] +:limit-334 - [0:0] +:limit-335 - [0:0] :limit-34 - [0:0] -:limit-35 - [0:0] :limit-36 - [0:0] +:limit-37 - [0:0] :limit-38 - [0:0] :limit-39 - [0:0] :limit-4 - [0:0] :limit-40 - [0:0] +:limit-41 - [0:0] :limit-42 - [0:0] :limit-43 - [0:0] :limit-44 - [0:0] @@ -166,23 +268,21 @@ :limit-46 - [0:0] :limit-47 - [0:0] :limit-48 - [0:0] -:limit-49 - [0:0] :limit-5 - [0:0] :limit-50 - [0:0] :limit-51 - [0:0] :limit-52 - [0:0] -:limit-53 - [0:0] :limit-54 - [0:0] +:limit-55 - [0:0] :limit-56 - [0:0] :limit-57 - [0:0] :limit-58 - [0:0] +:limit-59 - [0:0] :limit-6 - [0:0] :limit-60 - [0:0] -:limit-61 - [0:0] :limit-62 - [0:0] :limit-63 - [0:0] :limit-64 - [0:0] -:limit-65 - [0:0] :limit-66 - [0:0] :limit-67 - [0:0] :limit-68 - [0:0] @@ -197,12 +297,10 @@ :limit-76 - [0:0] :limit-77 - [0:0] :limit-78 - [0:0] -:limit-79 - [0:0] :limit-8 - [0:0] :limit-80 - [0:0] :limit-81 - [0:0] :limit-82 - [0:0] -:limit-83 - [0:0] :limit-84 - [0:0] :limit-85 - [0:0] :limit-86 - [0:0] @@ -211,11 +309,9 @@ :limit-89 - [0:0] :limit-9 - [0:0] :limit-90 - [0:0] -:limit-91 - [0:0] :limit-92 - [0:0] :limit-93 - [0:0] :limit-94 - [0:0] -:limit-95 - [0:0] :limit-96 - [0:0] :limit-97 - [0:0] :limit-98 - [0:0] @@ -235,6 +331,12 @@ :logaccept-final-11 - [0:0] :logaccept-final-12 - [0:0] :logaccept-final-13 - [0:0] +:logaccept-final-14 - [0:0] +:logaccept-final-15 - [0:0] +:logaccept-final-16 - [0:0] +:logaccept-final-17 - [0:0] +:logaccept-final-18 - [0:0] +:logaccept-final-19 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] @@ -246,7 +348,16 @@ :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] +:logdrop-100 - [0:0] +:logdrop-101 - [0:0] +:logdrop-102 - [0:0] +:logdrop-103 - [0:0] +:logdrop-105 - [0:0] +:logdrop-106 - [0:0] +:logdrop-107 - [0:0] +:logdrop-109 - [0:0] :logdrop-11 - [0:0] +:logdrop-110 - [0:0] :logdrop-12 - [0:0] :logdrop-13 - [0:0] :logdrop-14 - [0:0] @@ -267,11 +378,9 @@ :logdrop-3 - [0:0] :logdrop-30 - [0:0] :logdrop-31 - [0:0] -:logdrop-32 - [0:0] :logdrop-33 - [0:0] :logdrop-34 - [0:0] :logdrop-35 - [0:0] -:logdrop-36 - [0:0] :logdrop-37 - [0:0] :logdrop-38 - [0:0] :logdrop-39 - [0:0] @@ -306,20 +415,117 @@ :logdrop-65 - [0:0] :logdrop-66 - [0:0] :logdrop-67 - [0:0] +:logdrop-68 - [0:0] :logdrop-69 - [0:0] :logdrop-7 - [0:0] :logdrop-70 - [0:0] :logdrop-71 - [0:0] +:logdrop-72 - [0:0] :logdrop-73 - [0:0] :logdrop-74 - [0:0] +:logdrop-75 - [0:0] +:logdrop-76 - [0:0] +:logdrop-77 - [0:0] +:logdrop-78 - [0:0] +:logdrop-79 - [0:0] :logdrop-8 - [0:0] +:logdrop-80 - [0:0] +:logdrop-81 - [0:0] +:logdrop-82 - [0:0] +:logdrop-83 - [0:0] +:logdrop-84 - [0:0] +:logdrop-85 - [0:0] +:logdrop-86 - [0:0] +:logdrop-87 - [0:0] +:logdrop-88 - [0:0] +:logdrop-89 - [0:0] :logdrop-9 - [0:0] +:logdrop-90 - [0:0] +:logdrop-91 - [0:0] +:logdrop-93 - [0:0] +:logdrop-94 - [0:0] +:logdrop-95 - [0:0] +:logdrop-97 - [0:0] +:logdrop-98 - [0:0] +:logdrop-99 - [0:0] :logpass-0 - [0:0] :logreject-0 - [0:0] :logtarpit-0 - [0:0] :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-223 +-A FORWARD -j limit-222 +-A FORWARD -j limit-221 +-A FORWARD -j limit-220 +-A FORWARD -j limit-219 +-A FORWARD -j limit-218 +-A FORWARD -j limit-217 +-A FORWARD -j limit-216 +-A FORWARD -j limit-215 +-A FORWARD -j limit-214 +-A FORWARD -j limit-213 +-A FORWARD -j limit-212 +-A FORWARD -j limit-211 +-A FORWARD -j limit-210 +-A FORWARD -j limit-209 +-A FORWARD -j limit-208 +-A FORWARD -j limit-207 +-A FORWARD -j limit-206 +-A FORWARD -j limit-205 +-A FORWARD -j limit-204 +-A FORWARD -j limit-203 +-A FORWARD -j limit-202 +-A FORWARD -j limit-201 +-A FORWARD -j limit-200 +-A FORWARD -j limit-199 +-A FORWARD -j limit-198 +-A FORWARD -j limit-197 +-A FORWARD -j limit-196 +-A FORWARD -j limit-195 +-A FORWARD -j limit-194 +-A FORWARD -j limit-193 +-A FORWARD -j limit-192 +-A FORWARD -j limit-191 +-A FORWARD -j limit-190 +-A FORWARD -j limit-189 +-A FORWARD -j limit-188 +-A FORWARD -j limit-187 +-A FORWARD -j limit-186 +-A FORWARD -j limit-185 +-A FORWARD -j limit-184 +-A FORWARD -j limit-183 +-A FORWARD -j limit-182 +-A FORWARD -j limit-181 +-A FORWARD -j limit-180 +-A FORWARD -j limit-179 +-A FORWARD -j limit-178 +-A FORWARD -j limit-177 +-A FORWARD -j limit-176 +-A FORWARD -j limit-175 +-A FORWARD -j limit-174 +-A FORWARD -j limit-173 +-A FORWARD -j limit-172 +-A FORWARD -j limit-171 +-A FORWARD -j limit-170 +-A FORWARD -j limit-169 +-A FORWARD -j limit-168 +-A FORWARD -j limit-167 +-A FORWARD -j limit-166 +-A FORWARD -j limit-165 +-A FORWARD -j limit-164 +-A FORWARD -j limit-163 +-A FORWARD -j limit-162 +-A FORWARD -j limit-161 +-A FORWARD -j limit-160 +-A FORWARD -j limit-159 +-A FORWARD -j limit-158 +-A FORWARD -j limit-157 +-A FORWARD -j limit-156 +-A FORWARD -j limit-155 +-A FORWARD -j limit-154 +-A FORWARD -j limit-153 +-A FORWARD -j limit-152 -A FORWARD -j limit-151 -A FORWARD -j limit-150 -A FORWARD -j limit-149 @@ -360,42 +566,6 @@ -A FORWARD -j limit-114 -A FORWARD -j limit-113 -A FORWARD -j limit-112 --A FORWARD -j limit-111 --A FORWARD -j limit-110 --A FORWARD -j limit-109 --A FORWARD -j limit-108 --A FORWARD -j limit-107 --A FORWARD -j limit-106 --A FORWARD -j limit-105 --A FORWARD -j limit-104 --A FORWARD -j limit-103 --A FORWARD -j limit-102 --A FORWARD -j limit-101 --A FORWARD -j limit-100 --A FORWARD -j limit-99 --A FORWARD -j limit-98 --A FORWARD -j limit-97 --A FORWARD -j limit-96 --A FORWARD -j limit-95 --A FORWARD -j limit-94 --A FORWARD -j limit-93 --A FORWARD -j limit-92 --A FORWARD -j limit-91 --A FORWARD -j limit-90 --A FORWARD -j limit-89 --A FORWARD -j limit-88 --A FORWARD -j limit-87 --A FORWARD -j limit-86 --A FORWARD -j limit-85 --A FORWARD -j limit-84 --A FORWARD -j limit-83 --A FORWARD -j limit-82 --A FORWARD -j limit-81 --A FORWARD -j limit-80 --A FORWARD -j limit-79 --A FORWARD -j limit-78 --A FORWARD -j limit-77 --A FORWARD -j limit-76 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -434,17 +604,17 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-28 -A FORWARD -o eth1 -d fc00::/7 -j limit-29 -A FORWARD -o eth1 -d fc00::/7 -j limit-30 --A FORWARD -o eth1 -d fc00::/7 -j limit-31 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -A FORWARD -o eth1 -d fc00::/7 -j limit-32 -A FORWARD -o eth1 -d fc00::/7 -j limit-33 -A FORWARD -o eth1 -d fc00::/7 -j limit-34 --A FORWARD -o eth1 -d fc00::/7 -j limit-35 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -A FORWARD -o eth1 -d fc00::/7 -j limit-36 --A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-37 -A FORWARD -o eth1 -d fc00::/7 -j limit-38 -A FORWARD -o eth1 -d fc00::/7 -j limit-39 -A FORWARD -o eth1 -d fc00::/7 -j limit-40 --A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-41 -A FORWARD -o eth1 -d fc00::/7 -j limit-42 -A FORWARD -o eth1 -d fc00::/7 -j limit-43 -A FORWARD -o eth1 -d fc00::/7 -j limit-44 @@ -452,23 +622,23 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-46 -A FORWARD -o eth1 -d fc00::/7 -j limit-47 -A FORWARD -o eth1 -d fc00::/7 -j limit-48 --A FORWARD -o eth1 -d fc00::/7 -j limit-49 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-50 -A FORWARD -o eth1 -d fc00::/7 -j limit-51 -A FORWARD -o eth1 -d fc00::/7 -j limit-52 --A FORWARD -o eth1 -d fc00::/7 -j limit-53 --A FORWARD -o eth1 -d fc00::/7 -j limit-54 -A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-54 +-A FORWARD -o eth1 -d fc00::/7 -j limit-55 -A FORWARD -o eth1 -d fc00::/7 -j limit-56 -A FORWARD -o eth1 -d fc00::/7 -j limit-57 -A FORWARD -o eth1 -d fc00::/7 -j limit-58 --A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-59 -A FORWARD -o eth1 -d fc00::/7 -j limit-60 --A FORWARD -o eth1 -d fc00::/7 -j limit-61 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-62 -A FORWARD -o eth1 -d fc00::/7 -j limit-63 -A FORWARD -o eth1 -d fc00::/7 -j limit-64 --A FORWARD -o eth1 -d fc00::/7 -j limit-65 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A FORWARD -o eth1 -d fc00::/7 -j limit-66 -A FORWARD -o eth1 -d fc00::/7 -j limit-67 -A FORWARD -o eth1 -d fc00::/7 -j limit-68 @@ -479,6 +649,42 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-73 -A FORWARD -o eth1 -d fc00::/7 -j limit-74 -A FORWARD -o eth1 -d fc00::/7 -j limit-75 +-A FORWARD -o eth1 -d fc00::/7 -j limit-76 +-A FORWARD -o eth1 -d fc00::/7 -j limit-77 +-A FORWARD -o eth1 -d fc00::/7 -j limit-78 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-80 +-A FORWARD -o eth1 -d fc00::/7 -j limit-81 +-A FORWARD -o eth1 -d fc00::/7 -j limit-82 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-84 +-A FORWARD -o eth1 -d fc00::/7 -j limit-85 +-A FORWARD -o eth1 -d fc00::/7 -j limit-86 +-A FORWARD -o eth1 -d fc00::/7 -j limit-87 +-A FORWARD -o eth1 -d fc00::/7 -j limit-88 +-A FORWARD -o eth1 -d fc00::/7 -j limit-89 +-A FORWARD -o eth1 -d fc00::/7 -j limit-90 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-92 +-A FORWARD -o eth1 -d fc00::/7 -j limit-93 +-A FORWARD -o eth1 -d fc00::/7 -j limit-94 +-A FORWARD -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A FORWARD -o eth1 -d fc00::/7 -j limit-96 +-A FORWARD -o eth1 -d fc00::/7 -j limit-97 +-A FORWARD -o eth1 -d fc00::/7 -j limit-98 +-A FORWARD -o eth1 -d fc00::/7 -j limit-99 +-A FORWARD -o eth1 -d fc00::/7 -j limit-100 +-A FORWARD -o eth1 -d fc00::/7 -j limit-101 +-A FORWARD -o eth1 -d fc00::/7 -j limit-102 +-A FORWARD -o eth1 -d fc00::/7 -j limit-103 +-A FORWARD -o eth1 -d fc00::/7 -j limit-104 +-A FORWARD -o eth1 -d fc00::/7 -j limit-105 +-A FORWARD -o eth1 -d fc00::/7 -j limit-106 +-A FORWARD -o eth1 -d fc00::/7 -j limit-107 +-A FORWARD -o eth1 -d fc00::/7 -j limit-108 +-A FORWARD -o eth1 -d fc00::/7 -j limit-109 +-A FORWARD -o eth1 -d fc00::/7 -j limit-110 +-A FORWARD -o eth1 -d fc00::/7 -j limit-111 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -521,16 +727,34 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-13 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-14 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-15 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-16 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-17 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-18 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-19 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-73 +-A FORWARD -j logdrop-109 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-74 +-A FORWARD -j logdrop-110 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -563,6 +787,78 @@ -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-223 +-A INPUT -j limit-222 +-A INPUT -j limit-221 +-A INPUT -j limit-220 +-A INPUT -j limit-219 +-A INPUT -j limit-218 +-A INPUT -j limit-217 +-A INPUT -j limit-216 +-A INPUT -j limit-215 +-A INPUT -j limit-214 +-A INPUT -j limit-213 +-A INPUT -j limit-212 +-A INPUT -j limit-211 +-A INPUT -j limit-210 +-A INPUT -j limit-209 +-A INPUT -j limit-208 +-A INPUT -j limit-207 +-A INPUT -j limit-206 +-A INPUT -j limit-205 +-A INPUT -j limit-204 +-A INPUT -j limit-203 +-A INPUT -j limit-202 +-A INPUT -j limit-201 +-A INPUT -j limit-200 +-A INPUT -j limit-199 +-A INPUT -j limit-198 +-A INPUT -j limit-197 +-A INPUT -j limit-196 +-A INPUT -j limit-195 +-A INPUT -j limit-194 +-A INPUT -j limit-193 +-A INPUT -j limit-192 +-A INPUT -j limit-191 +-A INPUT -j limit-190 +-A INPUT -j limit-189 +-A INPUT -j limit-188 +-A INPUT -j limit-187 +-A INPUT -j limit-186 +-A INPUT -j limit-185 +-A INPUT -j limit-184 +-A INPUT -j limit-183 +-A INPUT -j limit-182 +-A INPUT -j limit-181 +-A INPUT -j limit-180 +-A INPUT -j limit-179 +-A INPUT -j limit-178 +-A INPUT -j limit-177 +-A INPUT -j limit-176 +-A INPUT -j limit-175 +-A INPUT -j limit-174 +-A INPUT -j limit-173 +-A INPUT -j limit-172 +-A INPUT -j limit-171 +-A INPUT -j limit-170 +-A INPUT -j limit-169 +-A INPUT -j limit-168 +-A INPUT -j limit-167 +-A INPUT -j limit-166 +-A INPUT -j limit-165 +-A INPUT -j limit-164 +-A INPUT -j limit-163 +-A INPUT -j limit-162 +-A INPUT -j limit-161 +-A INPUT -j limit-160 +-A INPUT -j limit-159 +-A INPUT -j limit-158 +-A INPUT -j limit-157 +-A INPUT -j limit-156 +-A INPUT -j limit-155 +-A INPUT -j limit-154 +-A INPUT -j limit-153 +-A INPUT -j limit-152 -A INPUT -j limit-151 -A INPUT -j limit-150 -A INPUT -j limit-149 @@ -603,42 +899,6 @@ -A INPUT -j limit-114 -A INPUT -j limit-113 -A INPUT -j limit-112 --A INPUT -j limit-111 --A INPUT -j limit-110 --A INPUT -j limit-109 --A INPUT -j limit-108 --A INPUT -j limit-107 --A INPUT -j limit-106 --A INPUT -j limit-105 --A INPUT -j limit-104 --A INPUT -j limit-103 --A INPUT -j limit-102 --A INPUT -j limit-101 --A INPUT -j limit-100 --A INPUT -j limit-99 --A INPUT -j limit-98 --A INPUT -j limit-97 --A INPUT -j limit-96 --A INPUT -j limit-95 --A INPUT -j limit-94 --A INPUT -j limit-93 --A INPUT -j limit-92 --A INPUT -j limit-91 --A INPUT -j limit-90 --A INPUT -j limit-89 --A INPUT -j limit-88 --A INPUT -j limit-87 --A INPUT -j limit-86 --A INPUT -j limit-85 --A INPUT -j limit-84 --A INPUT -j limit-83 --A INPUT -j limit-82 --A INPUT -j limit-81 --A INPUT -j limit-80 --A INPUT -j limit-79 --A INPUT -j limit-78 --A INPUT -j limit-77 --A INPUT -j limit-76 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -689,92 +949,146 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-13 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-152 --A INPUT -i eth0 -j limit-153 --A INPUT -i eth0 -j limit-154 --A INPUT -i eth0 -j limit-155 --A INPUT -i eth0 -j limit-156 --A INPUT -i eth0 -j limit-157 --A INPUT -i eth0 -j limit-158 --A INPUT -i eth0 -j limit-159 --A INPUT -i eth0 -j limit-160 --A INPUT -i eth0 -j limit-161 --A INPUT -i eth0 -j limit-162 --A INPUT -i eth0 -j limit-163 --A INPUT -i eth0 -j limit-164 --A INPUT -i eth0 -j limit-165 --A INPUT -i eth0 -j limit-166 --A INPUT -i eth0 -j limit-167 --A INPUT -i eth0 -j limit-168 --A INPUT -i eth0 -j limit-169 --A INPUT -i eth0 -j limit-170 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 --A INPUT -i eth0 -j limit-172 --A INPUT -i eth0 -j limit-173 --A INPUT -i eth0 -j limit-174 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 --A INPUT -i eth0 -j limit-176 --A INPUT -i eth0 -j limit-177 --A INPUT -i eth0 -j limit-178 --A INPUT -i eth0 -j limit-179 --A INPUT -i eth0 -j limit-180 --A INPUT -i eth0 -j limit-181 --A INPUT -i eth0 -j limit-182 --A INPUT -i eth0 -j limit-183 --A INPUT -i eth0 -j limit-184 --A INPUT -i eth0 -j limit-185 --A INPUT -i eth0 -j limit-186 --A INPUT -i eth0 -j limit-187 --A INPUT -i eth0 -j limit-188 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-190 --A INPUT -i eth0 -j limit-191 --A INPUT -i eth0 -j limit-192 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-194 --A INPUT -i eth0 -j limit-195 --A INPUT -i eth0 -j limit-196 --A INPUT -i eth0 -j limit-197 --A INPUT -i eth0 -j limit-198 --A INPUT -i eth0 -j limit-199 --A INPUT -i eth0 -j limit-200 --A INPUT -i eth0 -j limit-201 --A INPUT -i eth0 -j limit-202 --A INPUT -i eth0 -j limit-203 --A INPUT -i eth0 -j limit-204 --A INPUT -i eth0 -j limit-205 --A INPUT -i eth0 -j limit-206 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-208 --A INPUT -i eth0 -j limit-209 --A INPUT -i eth0 -j limit-210 --A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A INPUT -i eth0 -j limit-212 --A INPUT -i eth0 -j limit-213 --A INPUT -i eth0 -j limit-214 --A INPUT -i eth0 -j limit-215 --A INPUT -i eth0 -j limit-216 --A INPUT -i eth0 -j limit-217 --A INPUT -i eth0 -j limit-218 --A INPUT -i eth0 -j limit-219 --A INPUT -i eth0 -j limit-220 --A INPUT -i eth0 -j limit-221 --A INPUT -i eth0 -j limit-222 --A INPUT -i eth0 -j limit-223 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-14 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-15 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-16 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-17 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-18 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-19 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-224 -A INPUT -i eth0 -j limit-225 -A INPUT -i eth0 -j limit-226 -A INPUT -i eth0 -j limit-227 +-A INPUT -i eth0 -j limit-228 +-A INPUT -i eth0 -j limit-229 +-A INPUT -i eth0 -j limit-230 +-A INPUT -i eth0 -j limit-231 +-A INPUT -i eth0 -j limit-232 +-A INPUT -i eth0 -j limit-233 +-A INPUT -i eth0 -j limit-234 +-A INPUT -i eth0 -j limit-235 +-A INPUT -i eth0 -j limit-236 +-A INPUT -i eth0 -j limit-237 +-A INPUT -i eth0 -j limit-238 +-A INPUT -i eth0 -j limit-239 +-A INPUT -i eth0 -j limit-240 +-A INPUT -i eth0 -j limit-241 +-A INPUT -i eth0 -j limit-242 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-92 +-A INPUT -i eth0 -j limit-244 +-A INPUT -i eth0 -j limit-245 +-A INPUT -i eth0 -j limit-246 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-96 +-A INPUT -i eth0 -j limit-248 +-A INPUT -i eth0 -j limit-249 +-A INPUT -i eth0 -j limit-250 +-A INPUT -i eth0 -j limit-251 +-A INPUT -i eth0 -j limit-252 +-A INPUT -i eth0 -j limit-253 +-A INPUT -i eth0 -j limit-254 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-104 +-A INPUT -i eth0 -j limit-256 +-A INPUT -i eth0 -j limit-257 +-A INPUT -i eth0 -j limit-258 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-108 +-A INPUT -i eth0 -j limit-260 +-A INPUT -i eth0 -j limit-261 +-A INPUT -i eth0 -j limit-262 +-A INPUT -i eth0 -j limit-263 +-A INPUT -i eth0 -j limit-264 +-A INPUT -i eth0 -j limit-265 +-A INPUT -i eth0 -j limit-266 +-A INPUT -i eth0 -j limit-267 +-A INPUT -i eth0 -j limit-268 +-A INPUT -i eth0 -j limit-269 +-A INPUT -i eth0 -j limit-270 +-A INPUT -i eth0 -j limit-271 +-A INPUT -i eth0 -j limit-272 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-274 +-A INPUT -i eth0 -j limit-275 +-A INPUT -i eth0 -j limit-276 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-278 +-A INPUT -i eth0 -j limit-279 +-A INPUT -i eth0 -j limit-280 +-A INPUT -i eth0 -j limit-281 +-A INPUT -i eth0 -j limit-282 +-A INPUT -i eth0 -j limit-283 +-A INPUT -i eth0 -j limit-284 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-286 +-A INPUT -i eth0 -j limit-287 +-A INPUT -i eth0 -j limit-288 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-290 +-A INPUT -i eth0 -j limit-291 +-A INPUT -i eth0 -j limit-292 +-A INPUT -i eth0 -j limit-293 +-A INPUT -i eth0 -j limit-294 +-A INPUT -i eth0 -j limit-295 +-A INPUT -i eth0 -j limit-296 +-A INPUT -i eth0 -j limit-297 +-A INPUT -i eth0 -j limit-298 +-A INPUT -i eth0 -j limit-299 +-A INPUT -i eth0 -j limit-300 +-A INPUT -i eth0 -j limit-301 +-A INPUT -i eth0 -j limit-302 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-304 +-A INPUT -i eth0 -j limit-305 +-A INPUT -i eth0 -j limit-306 +-A INPUT -i eth0 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-308 +-A INPUT -i eth0 -j limit-309 +-A INPUT -i eth0 -j limit-310 +-A INPUT -i eth0 -j limit-311 +-A INPUT -i eth0 -j limit-312 +-A INPUT -i eth0 -j limit-313 +-A INPUT -i eth0 -j limit-314 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-316 +-A INPUT -i eth0 -j limit-317 +-A INPUT -i eth0 -j limit-318 +-A INPUT -i eth0 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A INPUT -i eth0 -j limit-320 +-A INPUT -i eth0 -j limit-321 +-A INPUT -i eth0 -j limit-322 +-A INPUT -i eth0 -j limit-323 +-A INPUT -i eth0 -j limit-324 +-A INPUT -i eth0 -j limit-325 +-A INPUT -i eth0 -j limit-326 +-A INPUT -i eth0 -j limit-327 +-A INPUT -i eth0 -j limit-328 +-A INPUT -i eth0 -j limit-329 +-A INPUT -i eth0 -j limit-330 +-A INPUT -i eth0 -j limit-331 +-A INPUT -i eth0 -j limit-332 +-A INPUT -i eth0 -j limit-333 +-A INPUT -i eth0 -j limit-334 +-A INPUT -i eth0 -j limit-335 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-73 +-A INPUT -j logdrop-109 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-74 +-A INPUT -j logdrop-110 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -787,6 +1101,78 @@ -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-223 +-A OUTPUT -j limit-222 +-A OUTPUT -j limit-221 +-A OUTPUT -j limit-220 +-A OUTPUT -j limit-219 +-A OUTPUT -j limit-218 +-A OUTPUT -j limit-217 +-A OUTPUT -j limit-216 +-A OUTPUT -j limit-215 +-A OUTPUT -j limit-214 +-A OUTPUT -j limit-213 +-A OUTPUT -j limit-212 +-A OUTPUT -j limit-211 +-A OUTPUT -j limit-210 +-A OUTPUT -j limit-209 +-A OUTPUT -j limit-208 +-A OUTPUT -j limit-207 +-A OUTPUT -j limit-206 +-A OUTPUT -j limit-205 +-A OUTPUT -j limit-204 +-A OUTPUT -j limit-203 +-A OUTPUT -j limit-202 +-A OUTPUT -j limit-201 +-A OUTPUT -j limit-200 +-A OUTPUT -j limit-199 +-A OUTPUT -j limit-198 +-A OUTPUT -j limit-197 +-A OUTPUT -j limit-196 +-A OUTPUT -j limit-195 +-A OUTPUT -j limit-194 +-A OUTPUT -j limit-193 +-A OUTPUT -j limit-192 +-A OUTPUT -j limit-191 +-A OUTPUT -j limit-190 +-A OUTPUT -j limit-189 +-A OUTPUT -j limit-188 +-A OUTPUT -j limit-187 +-A OUTPUT -j limit-186 +-A OUTPUT -j limit-185 +-A OUTPUT -j limit-184 +-A OUTPUT -j limit-183 +-A OUTPUT -j limit-182 +-A OUTPUT -j limit-181 +-A OUTPUT -j limit-180 +-A OUTPUT -j limit-179 +-A OUTPUT -j limit-178 +-A OUTPUT -j limit-177 +-A OUTPUT -j limit-176 +-A OUTPUT -j limit-175 +-A OUTPUT -j limit-174 +-A OUTPUT -j limit-173 +-A OUTPUT -j limit-172 +-A OUTPUT -j limit-171 +-A OUTPUT -j limit-170 +-A OUTPUT -j limit-169 +-A OUTPUT -j limit-168 +-A OUTPUT -j limit-167 +-A OUTPUT -j limit-166 +-A OUTPUT -j limit-165 +-A OUTPUT -j limit-164 +-A OUTPUT -j limit-163 +-A OUTPUT -j limit-162 +-A OUTPUT -j limit-161 +-A OUTPUT -j limit-160 +-A OUTPUT -j limit-159 +-A OUTPUT -j limit-158 +-A OUTPUT -j limit-157 +-A OUTPUT -j limit-156 +-A OUTPUT -j limit-155 +-A OUTPUT -j limit-154 +-A OUTPUT -j limit-153 +-A OUTPUT -j limit-152 -A OUTPUT -j limit-151 -A OUTPUT -j limit-150 -A OUTPUT -j limit-149 @@ -827,42 +1213,6 @@ -A OUTPUT -j limit-114 -A OUTPUT -j limit-113 -A OUTPUT -j limit-112 --A OUTPUT -j limit-111 --A OUTPUT -j limit-110 --A OUTPUT -j limit-109 --A OUTPUT -j limit-108 --A OUTPUT -j limit-107 --A OUTPUT -j limit-106 --A OUTPUT -j limit-105 --A OUTPUT -j limit-104 --A OUTPUT -j limit-103 --A OUTPUT -j limit-102 --A OUTPUT -j limit-101 --A OUTPUT -j limit-100 --A OUTPUT -j limit-99 --A OUTPUT -j limit-98 --A OUTPUT -j limit-97 --A OUTPUT -j limit-96 --A OUTPUT -j limit-95 --A OUTPUT -j limit-94 --A OUTPUT -j limit-93 --A OUTPUT -j limit-92 --A OUTPUT -j limit-91 --A OUTPUT -j limit-90 --A OUTPUT -j limit-89 --A OUTPUT -j limit-88 --A OUTPUT -j limit-87 --A OUTPUT -j limit-86 --A OUTPUT -j limit-85 --A OUTPUT -j limit-84 --A OUTPUT -j limit-83 --A OUTPUT -j limit-82 --A OUTPUT -j limit-81 --A OUTPUT -j limit-80 --A OUTPUT -j limit-79 --A OUTPUT -j limit-78 --A OUTPUT -j limit-77 --A OUTPUT -j limit-76 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -902,17 +1252,17 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-28 -A OUTPUT -o eth1 -d fc00::/7 -j limit-29 -A OUTPUT -o eth1 -d fc00::/7 -j limit-30 --A OUTPUT -o eth1 -d fc00::/7 -j limit-31 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32 -A OUTPUT -o eth1 -d fc00::/7 -j limit-32 -A OUTPUT -o eth1 -d fc00::/7 -j limit-33 -A OUTPUT -o eth1 -d fc00::/7 -j limit-34 --A OUTPUT -o eth1 -d fc00::/7 -j limit-35 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-36 -A OUTPUT -o eth1 -d fc00::/7 -j limit-36 --A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-37 -A OUTPUT -o eth1 -d fc00::/7 -j limit-38 -A OUTPUT -o eth1 -d fc00::/7 -j limit-39 -A OUTPUT -o eth1 -d fc00::/7 -j limit-40 --A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-41 -A OUTPUT -o eth1 -d fc00::/7 -j limit-42 -A OUTPUT -o eth1 -d fc00::/7 -j limit-43 -A OUTPUT -o eth1 -d fc00::/7 -j limit-44 @@ -920,23 +1270,23 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-46 -A OUTPUT -o eth1 -d fc00::/7 -j limit-47 -A OUTPUT -o eth1 -d fc00::/7 -j limit-48 --A OUTPUT -o eth1 -d fc00::/7 -j limit-49 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-50 -A OUTPUT -o eth1 -d fc00::/7 -j limit-51 -A OUTPUT -o eth1 -d fc00::/7 -j limit-52 --A OUTPUT -o eth1 -d fc00::/7 -j limit-53 --A OUTPUT -o eth1 -d fc00::/7 -j limit-54 -A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-54 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-55 -A OUTPUT -o eth1 -d fc00::/7 -j limit-56 -A OUTPUT -o eth1 -d fc00::/7 -j limit-57 -A OUTPUT -o eth1 -d fc00::/7 -j limit-58 --A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-59 -A OUTPUT -o eth1 -d fc00::/7 -j limit-60 --A OUTPUT -o eth1 -d fc00::/7 -j limit-61 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-62 -A OUTPUT -o eth1 -d fc00::/7 -j limit-63 -A OUTPUT -o eth1 -d fc00::/7 -j limit-64 --A OUTPUT -o eth1 -d fc00::/7 -j limit-65 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A OUTPUT -o eth1 -d fc00::/7 -j limit-66 -A OUTPUT -o eth1 -d fc00::/7 -j limit-67 -A OUTPUT -o eth1 -d fc00::/7 -j limit-68 @@ -947,6 +1297,42 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-73 -A OUTPUT -o eth1 -d fc00::/7 -j limit-74 -A OUTPUT -o eth1 -d fc00::/7 -j limit-75 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-76 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-77 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-78 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-80 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-81 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-82 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-84 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-85 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-86 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-87 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-88 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-89 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-90 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-92 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-93 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-94 +-A OUTPUT -o eth1 -d fc00::/7 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A OUTPUT -o eth1 -d fc00::/7 -j limit-96 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-97 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-98 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-99 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-100 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-101 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-102 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-103 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-104 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-105 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-106 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-107 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-108 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-109 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-110 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-111 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -989,6 +1375,42 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-13 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-14 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-15 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-16 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-17 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-18 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-19 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -1034,13 +1456,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-73 +-A OUTPUT -j logdrop-109 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-74 +-A OUTPUT -j logdrop-110 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -1061,461 +1483,650 @@ -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-104 -m recent --name limit-104 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-105 -m recent --name limit-105 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-106 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-107 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-108 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-109 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j ACCEPT +-A limit-100 -m limit --limit 1/second -j LOG +-A limit-100 -j DROP +-A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN +-A limit-101 -m limit --limit 1/second -j LOG +-A limit-101 -j DROP +-A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j logaccept-1 +-A limit-102 -m limit --limit 1/second -j LOG +-A limit-102 -j DROP +-A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j ACCEPT +-A limit-103 -m limit --limit 1/second -j LOG +-A limit-103 -j DROP +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT +-A limit-104 -j DROP +-A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN +-A limit-105 -j DROP +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-2 +-A limit-106 -j DROP +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -j DROP +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT +-A limit-108 -j DROP +-A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN +-A limit-109 -j DROP -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-110 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-111 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-112 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-113 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-114 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-115 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-115 -m limit --limit 1/second -j LOG --A limit-116 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-117 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-3 +-A limit-110 -j DROP +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT +-A limit-111 -j DROP +-A limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-112 -m recent --name limit-112 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-113 -m recent --name limit-113 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 -A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 -A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 -A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 -A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 -A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 -A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 -A limit-124 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 -A limit-125 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 -A limit-126 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 -A limit-127 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 -A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 -A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-55 +-A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-56 +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-57 +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-58 -A limit-133 -m limit --limit 1/second -j LOG --A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-136 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-136 -j RETURN --A limit-136 -m limit --limit 1/second -j LOG --A limit-136 -j DROP --A limit-137 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-137 -j RETURN --A limit-137 -m limit --limit 1/second -j LOG --A limit-137 -j DROP --A limit-138 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-138 -j RETURN --A limit-138 -m limit --limit 1/second -j LOG --A limit-138 -j DROP --A limit-139 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-139 -j RETURN --A limit-139 -m limit --limit 1/second -j LOG --A limit-139 -j DROP +-A limit-134 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-59 +-A limit-135 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-60 +-A limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 +-A limit-136 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 +-A limit-137 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 +-A limit-138 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 +-A limit-139 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG -A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-140 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-140 -j RETURN --A limit-140 -m limit --limit 1/second -j LOG --A limit-140 -j DROP --A limit-141 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-141 -j RETURN --A limit-141 -m limit --limit 1/second -j LOG --A limit-141 -j DROP --A limit-142 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-142 -j RETURN --A limit-142 -m limit --limit 1/second -j LOG --A limit-142 -j DROP --A limit-143 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-143 -j RETURN --A limit-143 -m limit --limit 1/second -j LOG --A limit-143 -j DROP --A limit-144 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-144 -j RETURN --A limit-144 -j DROP --A limit-145 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-145 -j RETURN --A limit-145 -j DROP --A limit-146 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-146 -j RETURN --A limit-146 -j DROP --A limit-147 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-147 -j RETURN --A limit-147 -j DROP --A limit-148 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-148 -j RETURN --A limit-148 -j DROP --A limit-149 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-149 -j RETURN --A limit-149 -j DROP +-A limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 +-A limit-140 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 +-A limit-141 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-142 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 +-A limit-143 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-68 +-A limit-144 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 +-A limit-145 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 +-A limit-145 -m limit --limit 1/second -j LOG +-A limit-146 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 +-A limit-147 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-72 +-A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 -A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-150 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-150 -j RETURN --A limit-150 -j DROP --A limit-151 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-151 -j RETURN --A limit-151 -j DROP --A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 --A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-152 -m recent --name limit-152 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-153 -m recent --name limit-153 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 --A limit-154 -m limit --limit 1/second -j LOG --A limit-154 -m recent --name limit-154 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 --A limit-155 -m recent --name limit-155 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 --A limit-156 -m recent --name limit-156 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 --A limit-157 -m recent --name limit-157 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-55 --A limit-158 -m recent --name limit-158 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-56 --A limit-159 -m recent --name limit-159 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-158 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-159 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-57 --A limit-160 -m limit --limit 1/second -j LOG --A limit-160 -m recent --name limit-160 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-58 --A limit-161 -m recent --name limit-161 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-59 --A limit-162 -m recent --name limit-162 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-60 --A limit-163 -m recent --name limit-163 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-61 --A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-62 --A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-63 --A limit-166 -m limit --limit 1/second -j LOG --A limit-166 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-64 --A limit-167 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-65 --A limit-168 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-66 --A limit-169 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-160 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-161 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-162 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-163 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-163 -m limit --limit 1/second -j LOG +-A limit-164 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-165 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-166 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-167 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-168 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-169 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 -A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-170 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-67 --A limit-170 -j ACCEPT --A limit-172 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-69 --A limit-172 -m limit --limit 1/second -j LOG --A limit-172 -j ACCEPT --A limit-173 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-70 --A limit-173 -m limit --limit 1/second -j LOG --A limit-174 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-71 --A limit-174 -j ACCEPT --A limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-176 -m recent --name limit-176 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-177 -m recent --name limit-177 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-170 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-171 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-172 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-173 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-174 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-175 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-175 -m limit --limit 1/second -j LOG +-A limit-176 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-177 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-178 -m limit --limit 1/second -j LOG --A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-178 -m recent --name limit-178 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-179 -m recent --name limit-179 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-18 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19 -A limit-18 -j ACCEPT -A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-180 -m recent --name limit-180 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-182 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-183 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-181 -m recent --name limit-181 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-182 -m recent --name limit-182 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-183 -m recent --name limit-183 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-184 -m limit --limit 1/second -j LOG --A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-184 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-185 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-186 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-188 -j ACCEPT +-A limit-187 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-188 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-189 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-190 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-190 -m limit --limit 1/second -j LOG --A limit-190 -j ACCEPT -A limit-191 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-191 -m limit --limit 1/second -j LOG -A limit-192 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-192 -j ACCEPT --A limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-194 -m recent --name limit-194 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-195 -m recent --name limit-195 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-196 -m limit --limit 1/second -j LOG --A limit-196 -m recent --name limit-196 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-197 -m recent --name limit-197 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-198 -m recent --name limit-198 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-199 -m recent --name limit-199 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-193 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-193 -m limit --limit 1/second -j LOG +-A limit-194 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-195 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-196 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-197 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-198 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-199 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-20 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21 -A limit-20 -m limit --limit 1/second -j LOG -A limit-20 -j ACCEPT --A limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-200 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-201 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-202 -m limit --limit 1/second -j LOG --A limit-202 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-203 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-204 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-205 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-206 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-206 -j ACCEPT --A limit-208 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-200 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-201 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-202 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-203 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-204 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-205 -m limit --limit 1/second -j LOG +-A limit-206 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-207 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-208 -j RETURN -A limit-208 -m limit --limit 1/second -j LOG --A limit-208 -j ACCEPT --A limit-209 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-208 -j DROP +-A limit-209 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-209 -j RETURN -A limit-209 -m limit --limit 1/second -j LOG +-A limit-209 -j DROP -A limit-21 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22 -A limit-21 -m limit --limit 1/second -j LOG --A limit-210 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-210 -j ACCEPT --A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j ACCEPT +-A limit-210 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-210 -j RETURN +-A limit-210 -m limit --limit 1/second -j LOG +-A limit-210 -j DROP +-A limit-211 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-211 -j RETURN +-A limit-211 -m limit --limit 1/second -j LOG +-A limit-211 -j DROP +-A limit-212 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-212 -j RETURN -A limit-212 -m limit --limit 1/second -j LOG -A limit-212 -j DROP -A limit-213 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-213 -j RETURN -A limit-213 -m limit --limit 1/second -j LOG -A limit-213 -j DROP --A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j logaccept-4 +-A limit-214 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-214 -j RETURN -A limit-214 -m limit --limit 1/second -j LOG -A limit-214 -j DROP --A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j ACCEPT +-A limit-215 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-215 -j RETURN -A limit-215 -m limit --limit 1/second -j LOG -A limit-215 -j DROP --A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j ACCEPT --A limit-216 -m limit --limit 1/second -j LOG +-A limit-216 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-216 -j RETURN -A limit-216 -j DROP -A limit-217 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-217 -j RETURN --A limit-217 -m limit --limit 1/second -j LOG -A limit-217 -j DROP --A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j logaccept-5 --A limit-218 -m limit --limit 1/second -j LOG +-A limit-218 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-218 -j RETURN -A limit-218 -j DROP --A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j ACCEPT --A limit-219 -m limit --limit 1/second -j LOG +-A limit-219 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-219 -j RETURN -A limit-219 -j DROP -A limit-22 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23 -A limit-22 -j ACCEPT --A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j ACCEPT +-A limit-220 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-220 -j RETURN -A limit-220 -j DROP -A limit-221 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-221 -j RETURN -A limit-221 -j DROP --A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j logaccept-6 +-A limit-222 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-222 -j RETURN -A limit-222 -j DROP --A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j ACCEPT +-A limit-223 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-223 -j RETURN -A limit-223 -j DROP --A limit-224 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-224 -j ACCEPT --A limit-224 -j DROP --A limit-225 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-225 -j RETURN --A limit-225 -j DROP --A limit-226 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-226 -j logaccept-7 --A limit-226 -j DROP --A limit-227 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-227 -j ACCEPT --A limit-227 -j DROP --A limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-24 -m recent --name limit-24 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-25 -m recent --name limit-25 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-73 +-A limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-74 +-A limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-75 +-A limit-226 -m limit --limit 1/second -j LOG +-A limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-76 +-A limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-77 +-A limit-228 -m recent --name limit-228 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-78 +-A limit-229 -m recent --name limit-229 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-79 +-A limit-230 -m recent --name limit-230 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-80 +-A limit-231 -m recent --name limit-231 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-81 +-A limit-232 -m limit --limit 1/second -j LOG +-A limit-232 -m recent --name limit-232 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-82 +-A limit-233 -m recent --name limit-233 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-83 +-A limit-234 -m recent --name limit-234 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-84 +-A limit-235 -m recent --name limit-235 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-85 +-A limit-236 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-86 +-A limit-237 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-87 +-A limit-238 -m limit --limit 1/second -j LOG +-A limit-238 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-88 +-A limit-239 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-24 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-89 +-A limit-240 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-90 +-A limit-241 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-242 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-91 +-A limit-242 -j ACCEPT +-A limit-244 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-93 +-A limit-244 -m limit --limit 1/second -j LOG +-A limit-244 -j ACCEPT +-A limit-245 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-94 +-A limit-245 -m limit --limit 1/second -j LOG +-A limit-246 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-95 +-A limit-246 -j ACCEPT +-A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-97 +-A limit-248 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-98 +-A limit-249 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-25 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-99 +-A limit-250 -m limit --limit 1/second -j LOG +-A limit-250 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-100 +-A limit-251 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-101 +-A limit-252 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-102 +-A limit-253 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-254 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-103 +-A limit-254 -j ACCEPT +-A limit-256 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-105 +-A limit-256 -m limit --limit 1/second -j LOG +-A limit-256 -j ACCEPT +-A limit-257 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-106 +-A limit-257 -m limit --limit 1/second -j LOG +-A limit-258 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-107 +-A limit-258 -j ACCEPT +-A limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -m recent --name limit-26 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-27 -m recent --name limit-27 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-28 -m recent --name limit-28 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-29 -m recent --name limit-29 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-26 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-260 -m recent --name limit-260 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-261 -m recent --name limit-261 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-262 -m limit --limit 1/second -j LOG +-A limit-262 -m recent --name limit-262 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-263 -m recent --name limit-263 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-264 -m recent --name limit-264 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-265 -m recent --name limit-265 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-266 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-267 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-268 -m limit --limit 1/second -j LOG +-A limit-268 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-269 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-27 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-270 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-271 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-272 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-272 -j ACCEPT +-A limit-274 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-274 -m limit --limit 1/second -j LOG +-A limit-274 -j ACCEPT +-A limit-275 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-275 -m limit --limit 1/second -j LOG +-A limit-276 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-276 -j ACCEPT +-A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-278 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-279 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-28 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-280 -m limit --limit 1/second -j LOG +-A limit-280 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-281 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-282 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-283 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-284 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-284 -j ACCEPT +-A limit-286 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-286 -m limit --limit 1/second -j LOG +-A limit-286 -j ACCEPT +-A limit-287 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-287 -m limit --limit 1/second -j LOG +-A limit-288 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-288 -j ACCEPT +-A limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-29 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-290 -m recent --name limit-290 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-291 -m recent --name limit-291 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-292 -m limit --limit 1/second -j LOG +-A limit-292 -m recent --name limit-292 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-293 -m recent --name limit-293 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-294 -m recent --name limit-294 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-295 -m recent --name limit-295 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-296 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-297 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-298 -m limit --limit 1/second -j LOG +-A limit-298 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-299 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-30 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-31 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-30 -j ACCEPT +-A limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-300 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-301 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-302 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-302 -j ACCEPT +-A limit-304 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-304 -m limit --limit 1/second -j LOG +-A limit-304 -j ACCEPT +-A limit-305 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-305 -m limit --limit 1/second -j LOG +-A limit-306 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-306 -j ACCEPT +-A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-308 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-309 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-310 -m limit --limit 1/second -j LOG +-A limit-310 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-311 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-312 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-313 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-314 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-314 -j ACCEPT +-A limit-316 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-316 -m limit --limit 1/second -j LOG +-A limit-316 -j ACCEPT +-A limit-317 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-317 -m limit --limit 1/second -j LOG +-A limit-318 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-318 -j ACCEPT +-A limit-32 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-33 -A limit-32 -m limit --limit 1/second -j LOG --A limit-32 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-33 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-34 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-35 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-36 -j ACCEPT --A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-32 -j ACCEPT +-A limit-320 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-320 -j ACCEPT +-A limit-320 -m limit --limit 1/second -j LOG +-A limit-320 -j DROP +-A limit-321 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-321 -j RETURN +-A limit-321 -m limit --limit 1/second -j LOG +-A limit-321 -j DROP +-A limit-322 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-322 -j logaccept-4 +-A limit-322 -m limit --limit 1/second -j LOG +-A limit-322 -j DROP +-A limit-323 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-323 -j ACCEPT +-A limit-323 -m limit --limit 1/second -j LOG +-A limit-323 -j DROP +-A limit-324 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-324 -j ACCEPT +-A limit-324 -m limit --limit 1/second -j LOG +-A limit-324 -j DROP +-A limit-325 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-325 -j RETURN +-A limit-325 -m limit --limit 1/second -j LOG +-A limit-325 -j DROP +-A limit-326 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-326 -j logaccept-5 +-A limit-326 -m limit --limit 1/second -j LOG +-A limit-326 -j DROP +-A limit-327 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-327 -j ACCEPT +-A limit-327 -m limit --limit 1/second -j LOG +-A limit-327 -j DROP +-A limit-328 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-328 -j ACCEPT +-A limit-328 -j DROP +-A limit-329 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-329 -j RETURN +-A limit-329 -j DROP +-A limit-33 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-33 -m limit --limit 1/second -j LOG +-A limit-330 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-330 -j logaccept-6 +-A limit-330 -j DROP +-A limit-331 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-331 -j ACCEPT +-A limit-331 -j DROP +-A limit-332 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-332 -j ACCEPT +-A limit-332 -j DROP +-A limit-333 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-333 -j RETURN +-A limit-333 -j DROP +-A limit-334 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-334 -j logaccept-7 +-A limit-334 -j DROP +-A limit-335 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-335 -j ACCEPT +-A limit-335 -j DROP +-A limit-34 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-34 -j ACCEPT +-A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-38 -m limit --limit 1/second -j LOG --A limit-38 -j ACCEPT --A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-39 -m limit --limit 1/second -j LOG +-A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-40 -j ACCEPT --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-44 -m limit --limit 1/second -j LOG --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-49 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-44 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-46 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-48 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-48 -j ACCEPT -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-50 -m limit --limit 1/second -j LOG --A limit-50 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-53 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-54 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-54 -j ACCEPT --A limit-56 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-50 -j ACCEPT +-A limit-51 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-51 -m limit --limit 1/second -j LOG +-A limit-52 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-52 -j ACCEPT +-A limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-54 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-55 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-56 -m limit --limit 1/second -j LOG --A limit-56 -j ACCEPT --A limit-57 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-57 -m limit --limit 1/second -j LOG --A limit-58 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP --A limit-58 -j ACCEPT +-A limit-56 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-58 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-60 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-60 -j ACCEPT --A limit-60 -m limit --limit 1/second -j LOG --A limit-60 -j DROP --A limit-61 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-61 -j RETURN --A limit-61 -m limit --limit 1/second -j LOG --A limit-61 -j DROP --A limit-62 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-62 -j logaccept-0 +-A limit-60 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-60 -j ACCEPT +-A limit-62 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-62 -m limit --limit 1/second -j LOG --A limit-62 -j DROP --A limit-63 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-63 -j ACCEPT +-A limit-62 -j ACCEPT +-A limit-63 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP -A limit-63 -m limit --limit 1/second -j LOG --A limit-63 -j DROP --A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j ACCEPT --A limit-64 -m limit --limit 1/second -j LOG --A limit-64 -j DROP --A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN --A limit-65 -m limit --limit 1/second -j LOG --A limit-65 -j DROP --A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j logaccept-1 --A limit-66 -m limit --limit 1/second -j LOG --A limit-66 -j DROP --A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j ACCEPT --A limit-67 -m limit --limit 1/second -j LOG --A limit-67 -j DROP --A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j ACCEPT --A limit-68 -j DROP --A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN --A limit-69 -j DROP +-A limit-64 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-64 -j ACCEPT +-A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-68 -m limit --limit 1/second -j LOG +-A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j logaccept-2 --A limit-70 -j DROP --A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j ACCEPT --A limit-71 -j DROP --A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j ACCEPT --A limit-72 -j DROP --A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN --A limit-73 -j DROP --A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j logaccept-3 --A limit-74 -j DROP --A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j ACCEPT --A limit-75 -j DROP --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-74 -m limit --limit 1/second -j LOG +-A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-76 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-76 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-77 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-78 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-78 -j ACCEPT -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 --A limit-88 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 --A limit-89 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-80 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m limit --limit 1/second -j LOG +-A limit-80 -j ACCEPT +-A limit-81 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-81 -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-82 -j ACCEPT +-A limit-84 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-84 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-85 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-85 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-86 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-86 -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-87 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-87 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-88 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-88 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-89 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-89 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 --A limit-90 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 --A limit-91 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 --A limit-92 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 --A limit-93 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-43 --A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-44 --A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-45 --A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-90 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-90 -j ACCEPT +-A limit-92 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-92 -m limit --limit 1/second -j LOG +-A limit-92 -j ACCEPT +-A limit-93 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-93 -m limit --limit 1/second -j LOG +-A limit-94 -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP +-A limit-94 -j ACCEPT +-A limit-96 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-96 -j ACCEPT +-A limit-96 -m limit --limit 1/second -j LOG +-A limit-96 -j DROP +-A limit-97 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-97 -j RETURN -A limit-97 -m limit --limit 1/second -j LOG --A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-47 --A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-48 +-A limit-97 -j DROP +-A limit-98 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-98 -j logaccept-0 +-A limit-98 -m limit --limit 1/second -j LOG +-A limit-98 -j DROP +-A limit-99 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-99 -j ACCEPT +-A limit-99 -m limit --limit 1/second -j LOG +-A limit-99 -j DROP -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -1546,6 +2157,18 @@ -A logaccept-final-12 -j ACCEPT -A logaccept-final-13 -m limit --limit 1/second -j LOG -A logaccept-final-13 -j ACCEPT +-A logaccept-final-14 -m limit --limit 1/second -j LOG +-A logaccept-final-14 -j ACCEPT +-A logaccept-final-15 -m limit --limit 1/second -j LOG +-A logaccept-final-15 -j ACCEPT +-A logaccept-final-16 -m limit --limit 1/second -j LOG +-A logaccept-final-16 -j ACCEPT +-A logaccept-final-17 -m limit --limit 1/second -j LOG +-A logaccept-final-17 -j ACCEPT +-A logaccept-final-18 -m limit --limit 1/second -j LOG +-A logaccept-final-18 -j ACCEPT +-A logaccept-final-19 -m limit --limit 1/second -j LOG +-A logaccept-final-19 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -1568,8 +2191,26 @@ -A logdrop-1 -j DROP -A logdrop-10 -m limit --limit 1/second -j LOG -A logdrop-10 -j DROP +-A logdrop-100 -m limit --limit 1/second -j LOG +-A logdrop-100 -j DROP +-A logdrop-101 -m limit --limit 1/second -j LOG +-A logdrop-101 -j DROP +-A logdrop-102 -m limit --limit 1/second -j LOG +-A logdrop-102 -j DROP +-A logdrop-103 -m limit --limit 1/second -j LOG +-A logdrop-103 -j DROP +-A logdrop-105 -m limit --limit 1/second -j LOG +-A logdrop-105 -j DROP +-A logdrop-106 -m limit --limit 1/second -j LOG +-A logdrop-106 -j DROP +-A logdrop-107 -m limit --limit 1/second -j LOG +-A logdrop-107 -j DROP +-A logdrop-109 -m limit --limit 1/second -j LOG +-A logdrop-109 -j DROP -A logdrop-11 -m limit --limit 1/second -j LOG -A logdrop-11 -j DROP +-A logdrop-110 -m limit --limit 1/second -j LOG +-A logdrop-110 -j DROP -A logdrop-12 -m limit --limit 1/second -j LOG -A logdrop-12 -j DROP -A logdrop-13 -m limit --limit 1/second -j LOG @@ -1610,16 +2251,12 @@ -A logdrop-30 -j DROP -A logdrop-31 -m limit --limit 1/second -j LOG -A logdrop-31 -j DROP --A logdrop-32 -m limit --limit 1/second -j LOG --A logdrop-32 -j DROP -A logdrop-33 -m limit --limit 1/second -j LOG -A logdrop-33 -j DROP -A logdrop-34 -m limit --limit 1/second -j LOG -A logdrop-34 -j DROP -A logdrop-35 -m limit --limit 1/second -j LOG -A logdrop-35 -j DROP --A logdrop-36 -m limit --limit 1/second -j LOG --A logdrop-36 -j DROP -A logdrop-37 -m limit --limit 1/second -j LOG -A logdrop-37 -j DROP -A logdrop-38 -m limit --limit 1/second -j LOG @@ -1688,6 +2325,8 @@ -A logdrop-66 -j DROP -A logdrop-67 -m limit --limit 1/second -j LOG -A logdrop-67 -j DROP +-A logdrop-68 -m limit --limit 1/second -j LOG +-A logdrop-68 -j DROP -A logdrop-69 -m limit --limit 1/second -j LOG -A logdrop-69 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG @@ -1696,14 +2335,62 @@ -A logdrop-70 -j DROP -A logdrop-71 -m limit --limit 1/second -j LOG -A logdrop-71 -j DROP +-A logdrop-72 -m limit --limit 1/second -j LOG +-A logdrop-72 -j DROP -A logdrop-73 -m limit --limit 1/second -j LOG -A logdrop-73 -j DROP -A logdrop-74 -m limit --limit 1/second -j LOG -A logdrop-74 -j DROP +-A logdrop-75 -m limit --limit 1/second -j LOG +-A logdrop-75 -j DROP +-A logdrop-76 -m limit --limit 1/second -j LOG +-A logdrop-76 -j DROP +-A logdrop-77 -m limit --limit 1/second -j LOG +-A logdrop-77 -j DROP +-A logdrop-78 -m limit --limit 1/second -j LOG +-A logdrop-78 -j DROP +-A logdrop-79 -m limit --limit 1/second -j LOG +-A logdrop-79 -j DROP -A logdrop-8 -m limit --limit 1/second -j LOG -A logdrop-8 -j DROP +-A logdrop-80 -m limit --limit 1/second -j LOG +-A logdrop-80 -j DROP +-A logdrop-81 -m limit --limit 1/second -j LOG +-A logdrop-81 -j DROP +-A logdrop-82 -m limit --limit 1/second -j LOG +-A logdrop-82 -j DROP +-A logdrop-83 -m limit --limit 1/second -j LOG +-A logdrop-83 -j DROP +-A logdrop-84 -m limit --limit 1/second -j LOG +-A logdrop-84 -j DROP +-A logdrop-85 -m limit --limit 1/second -j LOG +-A logdrop-85 -j DROP +-A logdrop-86 -m limit --limit 1/second -j LOG +-A logdrop-86 -j DROP +-A logdrop-87 -m limit --limit 1/second -j LOG +-A logdrop-87 -j DROP +-A logdrop-88 -m limit --limit 1/second -j LOG +-A logdrop-88 -j DROP +-A logdrop-89 -m limit --limit 1/second -j LOG +-A logdrop-89 -j DROP -A logdrop-9 -m limit --limit 1/second -j LOG -A logdrop-9 -j DROP +-A logdrop-90 -m limit --limit 1/second -j LOG +-A logdrop-90 -j DROP +-A logdrop-91 -m limit --limit 1/second -j LOG +-A logdrop-91 -j DROP +-A logdrop-93 -m limit --limit 1/second -j LOG +-A logdrop-93 -j DROP +-A logdrop-94 -m limit --limit 1/second -j LOG +-A logdrop-94 -j DROP +-A logdrop-95 -m limit --limit 1/second -j LOG +-A logdrop-95 -j DROP +-A logdrop-97 -m limit --limit 1/second -j LOG +-A logdrop-97 -j DROP +-A logdrop-98 -m limit --limit 1/second -j LOG +-A logdrop-98 -j DROP +-A logdrop-99 -m limit --limit 1/second -j LOG +-A logdrop-99 -j DROP -A logpass-0 -m limit --limit 1/second -j LOG -A logreject-0 -m limit --limit 1/second -j LOG -A logreject-0 -j REJECT @@ -1768,6 +2455,24 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -1849,6 +2554,42 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack |