diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 12:50:02 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 12:58:29 +0300 |
| commit | b8bb8e88476dbd1ad60244222aba0234da63d3dd (patch) | |
| tree | e72f4bcd2b9f67121d6a0c938b9723821a8bbf65 /test | |
| parent | ec0c0201f12bffa7330ddd87717b663fc2c22e86 (diff) | |
| download | awall-b8bb8e88476dbd1ad60244222aba0234da63d3dd.tar.bz2 awall-b8bb8e88476dbd1ad60244222aba0234da63d3dd.tar.xz | |
test: filter-limit: name
Diffstat (limited to 'test')
| -rw-r--r-- | test/mandatory/filter-limit.lua | 36 | ||||
| -rw-r--r-- | test/output/dump | 7406 | ||||
| -rw-r--r-- | test/output/rules-save | 996 | ||||
| -rw-r--r-- | test/output/rules6-save | 996 |
4 files changed, 5932 insertions, 3502 deletions
diff --git a/test/mandatory/filter-limit.lua b/test/mandatory/filter-limit.lua index b992a34..7fe5757 100644 --- a/test/mandatory/filter-limit.lua +++ b/test/mandatory/filter-limit.lua @@ -1,4 +1,4 @@ -util = require('awall.util') +update = require('awall.util').update json = require('cjson') res = {} @@ -11,20 +11,26 @@ function add(limit_type, base) {count=count, log=false}, {count=count, log='none'} } do - for _, log in ipairs{false, true, 'none'} do - for _, action in ipairs{false, 'pass'} do - if not (count == 30 and log and action) then - table.insert( - res, - util.update( - util.copy(base or {}), - { - [limit_type..'-limit']=limit, - log=log or nil, - action=action or nil - } - ) - ) + for _, name in ipairs{ + false, type(limit) == 'table' and count == 1 and 'foo' or nil + } do + for _, log in ipairs{false, true, 'none'} do + for _, action in ipairs{false, 'pass'} do + if not (count == 30 and log and action) then + table.insert( + res, + update( + { + [limit_type..'-limit']=type(limit) == 'table' and update( + {name=name or nil}, limit + ) or limit, + log=log or nil, + action=action or nil + }, + base or {} + ) + ) + end end end end diff --git a/test/output/dump b/test/output/dump index 6d03ab9..432d290 100644 --- a/test/output/dump +++ b/test/output/dump @@ -8,2305 +8,3121 @@ Dnat 2 {"in":"B"} inet/nat/PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT -Filter 1 {} -(filter) - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 2 {"action":"accept"} -(filter) - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 3 {"action":"drop"} -(filter) - inet/filter/FORWARD -j logdrop-0 - inet6/filter/FORWARD -j logdrop-0 - inet/filter/INPUT -j logdrop-0 - inet6/filter/INPUT -j logdrop-0 - inet/filter/OUTPUT -j logdrop-0 - inet6/filter/OUTPUT -j logdrop-0 - inet/filter/logdrop-0 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG - inet/filter/logdrop-0 -j DROP - inet6/filter/logdrop-0 -j DROP - -Filter 4 {"action":"pass"} -(filter) - inet/filter/FORWARD - inet6/filter/FORWARD - inet/filter/INPUT - inet6/filter/INPUT - inet/filter/OUTPUT - inet6/filter/OUTPUT - -Filter 5 {"action":"reject"} -(filter) - inet/filter/FORWARD -j logreject-0 - inet6/filter/FORWARD -j logreject-0 - inet/filter/INPUT -j logreject-0 - inet6/filter/INPUT -j logreject-0 - inet/filter/OUTPUT -j logreject-0 - inet6/filter/OUTPUT -j logreject-0 - inet/filter/logreject-0 -m limit --limit 1/second -j LOG - inet6/filter/logreject-0 -m limit --limit 1/second -j LOG - inet/filter/logreject-0 -j REJECT - inet6/filter/logreject-0 -j REJECT - -Filter 6 {"action":"tarpit"} -(filter) - inet/filter/FORWARD -j logtarpit-0 - inet6/filter/FORWARD -j logtarpit-0 - inet/filter/INPUT -j logtarpit-0 - inet6/filter/INPUT -j logtarpit-0 - inet/filter/OUTPUT -j logtarpit-0 - inet6/filter/OUTPUT -j logtarpit-0 - inet/filter/logtarpit-0 -m limit --limit 1/second -j LOG - inet6/filter/logtarpit-0 -m limit --limit 1/second -j LOG - inet/filter/logtarpit-0 -j tarpit - inet6/filter/logtarpit-0 -j tarpit - inet/raw/PREROUTING -j CT --notrack - inet6/raw/PREROUTING -j CT --notrack - inet/raw/OUTPUT -j CT --notrack - inet6/raw/OUTPUT -j CT --notrack - -Filter 7 {"conn-limit":1,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-0 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-0 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-0 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-0 - inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-1 - inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-1 - inet/filter/logdrop-1 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG - inet/filter/logdrop-1 -j DROP - inet6/filter/logdrop-1 -j DROP - inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 8 {"action":"pass","conn-limit":1,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-1 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-1 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-1 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-1 - inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-2 - inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2 - inet/filter/logdrop-2 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-2 -m limit --limit 1/second -j LOG - inet/filter/logdrop-2 -j DROP - inet6/filter/logdrop-2 -j DROP - inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 9 {"conn-limit":1,"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-2 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-2 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-2 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-2 - inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 - inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 - inet/filter/logdrop-3 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-3 -m limit --limit 1/second -j LOG - inet/filter/logdrop-3 -j DROP - inet6/filter/logdrop-3 -j DROP - inet/filter/limit-2 -m limit --limit 1/second -j LOG - inet6/filter/limit-2 -m limit --limit 1/second -j LOG - inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 10 {"action":"pass","conn-limit":1,"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-3 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-3 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-3 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-3 - inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 - inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 - inet/filter/logdrop-4 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-4 -m limit --limit 1/second -j LOG - inet/filter/logdrop-4 -j DROP - inet6/filter/logdrop-4 -j DROP - inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 11 {"conn-limit":1,"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-4 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-4 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-4 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-4 - inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 - inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 - inet/filter/logdrop-5 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-5 -m limit --limit 1/second -j LOG - inet/filter/logdrop-5 -j DROP - inet6/filter/logdrop-5 -j DROP - inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 12 {"action":"pass","conn-limit":1,"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-5 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-5 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-5 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-5 - inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 - inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 - inet/filter/logdrop-6 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-6 -m limit --limit 1/second -j LOG - inet/filter/logdrop-6 -j DROP - inet6/filter/logdrop-6 -j DROP - inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 13 {"conn-limit":{"count":1},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-6 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-6 - inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 - inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 - inet/filter/logdrop-7 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-7 -m limit --limit 1/second -j LOG - inet/filter/logdrop-7 -j DROP - inet6/filter/logdrop-7 -j DROP - inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 14 {"action":"pass","conn-limit":{"count":1},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-7 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-7 - inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 - inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 - inet/filter/logdrop-8 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-8 -m limit --limit 1/second -j LOG - inet/filter/logdrop-8 -j DROP - inet6/filter/logdrop-8 -j DROP - inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 15 {"conn-limit":{"count":1},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-8 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-8 - inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 - inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 - inet/filter/logdrop-9 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-9 -m limit --limit 1/second -j LOG - inet/filter/logdrop-9 -j DROP - inet6/filter/logdrop-9 -j DROP - inet/filter/limit-8 -m limit --limit 1/second -j LOG - inet6/filter/limit-8 -m limit --limit 1/second -j LOG - inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 16 {"action":"pass","conn-limit":{"count":1},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-9 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-9 - inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 - inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 - inet/filter/logdrop-10 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-10 -m limit --limit 1/second -j LOG - inet/filter/logdrop-10 -j DROP - inet6/filter/logdrop-10 -j DROP - inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 17 {"conn-limit":{"count":1},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-10 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-10 - inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 - inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 - inet/filter/logdrop-11 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-11 -m limit --limit 1/second -j LOG - inet/filter/logdrop-11 -j DROP - inet6/filter/logdrop-11 -j DROP - inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 18 {"action":"pass","conn-limit":{"count":1},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-11 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-11 - inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 - inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 - inet/filter/logdrop-12 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-12 -m limit --limit 1/second -j LOG - inet/filter/logdrop-12 -j DROP - inet6/filter/logdrop-12 -j DROP - inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 19 {"conn-limit":{"count":1,"log":false},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-12 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-12 - inet/filter/limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 20 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-13 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-13 - inet/filter/limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 21 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-14 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-14 - inet/filter/limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-14 -m limit --limit 1/second -j LOG - inet6/filter/limit-14 -m limit --limit 1/second -j LOG - inet/filter/limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 22 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-15 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-15 - inet/filter/limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 23 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-16 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-16 - inet/filter/limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 24 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-17 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-17 - inet/filter/limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 25 {"conn-limit":{"count":1,"log":"none"},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-18 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-18 - inet/filter/limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 26 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-19 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-19 - inet/filter/limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 27 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-20 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-20 - inet/filter/limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-20 -m limit --limit 1/second -j LOG - inet6/filter/limit-20 -m limit --limit 1/second -j LOG - inet/filter/limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 28 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-21 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-21 - inet/filter/limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 29 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-22 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-22 - inet/filter/limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - -Filter 30 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-23 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-23 - inet/filter/limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 31 {"conn-limit":30,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-24 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-24 - inet/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j ACCEPT - inet6/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j ACCEPT - inet/filter/limit-24 -m limit --limit 1/second -j LOG - inet6/filter/limit-24 -m limit --limit 1/second -j LOG - inet/filter/limit-24 -j DROP - inet6/filter/limit-24 -j DROP - -Filter 32 {"action":"pass","conn-limit":30,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-25 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-25 - inet/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j RETURN - inet6/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j RETURN - inet/filter/limit-25 -m limit --limit 1/second -j LOG - inet6/filter/limit-25 -m limit --limit 1/second -j LOG - inet/filter/limit-25 -j DROP - inet6/filter/limit-25 -j DROP - -Filter 33 {"conn-limit":30,"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26 - inet/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j logaccept-0 - inet6/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j logaccept-0 - inet/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-0 -j ACCEPT - inet6/filter/logaccept-0 -j ACCEPT - inet/filter/limit-26 -m limit --limit 1/second -j LOG - inet6/filter/limit-26 -m limit --limit 1/second -j LOG - inet/filter/limit-26 -j DROP - inet6/filter/limit-26 -j DROP - -Filter 34 {"conn-limit":30,"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-27 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-27 - inet/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j ACCEPT - inet6/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j ACCEPT - inet/filter/limit-27 -m limit --limit 1/second -j LOG - inet6/filter/limit-27 -m limit --limit 1/second -j LOG - inet/filter/limit-27 -j DROP - inet6/filter/limit-27 -j DROP - -Filter 35 {"conn-limit":{"count":30},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-28 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-28 - inet/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j ACCEPT - inet6/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j ACCEPT - inet/filter/limit-28 -m limit --limit 1/second -j LOG - inet6/filter/limit-28 -m limit --limit 1/second -j LOG - inet/filter/limit-28 -j DROP - inet6/filter/limit-28 -j DROP - -Filter 36 {"action":"pass","conn-limit":{"count":30},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-29 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-29 - inet/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j RETURN - inet6/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j RETURN - inet/filter/limit-29 -m limit --limit 1/second -j LOG - inet6/filter/limit-29 -m limit --limit 1/second -j LOG - inet/filter/limit-29 -j DROP - inet6/filter/limit-29 -j DROP - -Filter 37 {"conn-limit":{"count":30},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-30 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-30 - inet/filter/limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-30 -j logaccept-1 - inet6/filter/limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-30 -j logaccept-1 - inet/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-1 -j ACCEPT - inet6/filter/logaccept-1 -j ACCEPT - inet/filter/limit-30 -m limit --limit 1/second -j LOG - inet6/filter/limit-30 -m limit --limit 1/second -j LOG - inet/filter/limit-30 -j DROP - inet6/filter/limit-30 -j DROP - -Filter 38 {"conn-limit":{"count":30},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-31 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-31 - inet/filter/limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-31 -j ACCEPT - inet6/filter/limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-31 -j ACCEPT - inet/filter/limit-31 -m limit --limit 1/second -j LOG - inet6/filter/limit-31 -m limit --limit 1/second -j LOG - inet/filter/limit-31 -j DROP - inet6/filter/limit-31 -j DROP - -Filter 39 {"conn-limit":{"count":30,"log":false},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-32 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-32 - inet/filter/limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-32 -j ACCEPT - inet6/filter/limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-32 -j ACCEPT - inet/filter/limit-32 -j DROP - inet6/filter/limit-32 -j DROP - -Filter 40 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-33 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-33 - inet/filter/limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-33 -j RETURN - inet6/filter/limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-33 -j RETURN - inet/filter/limit-33 -j DROP - inet6/filter/limit-33 -j DROP - -Filter 41 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-34 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-34 - inet/filter/limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-34 -j logaccept-2 - inet6/filter/limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-34 -j logaccept-2 - inet/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-2 -j ACCEPT - inet6/filter/logaccept-2 -j ACCEPT - inet/filter/limit-34 -j DROP - inet6/filter/limit-34 -j DROP - -Filter 42 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-35 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-35 - inet/filter/limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-35 -j ACCEPT - inet6/filter/limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-35 -j ACCEPT - inet/filter/limit-35 -j DROP - inet6/filter/limit-35 -j DROP - -Filter 43 {"conn-limit":{"count":30,"log":"none"},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-36 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-36 - inet/filter/limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-36 -j ACCEPT - inet6/filter/limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-36 -j ACCEPT - inet/filter/limit-36 -j DROP - inet6/filter/limit-36 -j DROP - -Filter 44 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-37 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-37 - inet/filter/limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-37 -j RETURN - inet6/filter/limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-37 -j RETURN - inet/filter/limit-37 -j DROP - inet6/filter/limit-37 -j DROP - -Filter 45 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-38 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-38 - inet/filter/limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-38 -j logaccept-3 - inet6/filter/limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-38 -j logaccept-3 - inet/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-3 -j ACCEPT - inet6/filter/logaccept-3 -j ACCEPT - inet/filter/limit-38 -j DROP - inet6/filter/limit-38 -j DROP - -Filter 46 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} -(filter-limit) - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-39 - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-39 - inet/filter/limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-39 -j ACCEPT - inet6/filter/limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-39 -j ACCEPT - inet/filter/limit-39 -j DROP - inet6/filter/limit-39 -j DROP - -Filter 47 {"flow-limit":1} -(filter-limit) - inet/filter/FORWARD -j limit-40 - inet6/filter/FORWARD -j limit-40 - inet/filter/INPUT -j limit-40 - inet6/filter/INPUT -j limit-40 - inet/filter/OUTPUT -j limit-40 - inet6/filter/OUTPUT -j limit-40 - inet/filter/limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 - inet6/filter/limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 - inet/filter/logdrop-13 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-13 -m limit --limit 1/second -j LOG - inet/filter/logdrop-13 -j DROP - inet6/filter/logdrop-13 -j DROP - inet/filter/limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 48 {"action":"pass","flow-limit":1} -(filter-limit) - inet/filter/FORWARD -j limit-41 - inet6/filter/FORWARD -j limit-41 - inet/filter/INPUT -j limit-41 - inet6/filter/INPUT -j limit-41 - inet/filter/OUTPUT -j limit-41 - inet6/filter/OUTPUT -j limit-41 - inet/filter/limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 - inet6/filter/limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 - inet/filter/logdrop-14 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-14 -m limit --limit 1/second -j LOG - inet/filter/logdrop-14 -j DROP - inet6/filter/logdrop-14 -j DROP - inet/filter/limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 49 {"flow-limit":1,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-42 - inet6/filter/FORWARD -j limit-42 - inet/filter/INPUT -j limit-42 - inet6/filter/INPUT -j limit-42 - inet/filter/OUTPUT -j limit-42 - inet6/filter/OUTPUT -j limit-42 - inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 - inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 - inet/filter/logdrop-15 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-15 -m limit --limit 1/second -j LOG - inet/filter/logdrop-15 -j DROP - inet6/filter/logdrop-15 -j DROP - inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-0 - inet6/filter/FORWARD -j logaccept-final-0 - inet/filter/INPUT -j logaccept-final-0 - inet6/filter/INPUT -j logaccept-final-0 - inet/filter/OUTPUT -j logaccept-final-0 - inet6/filter/OUTPUT -j logaccept-final-0 - inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-0 -j ACCEPT - inet6/filter/logaccept-final-0 -j ACCEPT - -Filter 50 {"action":"pass","flow-limit":1,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-43 - inet6/filter/FORWARD -j limit-43 - inet/filter/INPUT -j limit-43 - inet6/filter/INPUT -j limit-43 - inet/filter/OUTPUT -j limit-43 - inet6/filter/OUTPUT -j limit-43 - inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 - inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 - inet/filter/logdrop-16 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-16 -m limit --limit 1/second -j LOG - inet/filter/logdrop-16 -j DROP - inet6/filter/logdrop-16 -j DROP - inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 51 {"flow-limit":1,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-44 - inet6/filter/FORWARD -j limit-44 - inet/filter/INPUT -j limit-44 - inet6/filter/INPUT -j limit-44 - inet/filter/OUTPUT -j limit-44 - inet6/filter/OUTPUT -j limit-44 - inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 - inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 - inet/filter/logdrop-17 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-17 -m limit --limit 1/second -j LOG - inet/filter/logdrop-17 -j DROP - inet6/filter/logdrop-17 -j DROP - inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 52 {"action":"pass","flow-limit":1,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-45 - inet6/filter/FORWARD -j limit-45 - inet/filter/INPUT -j limit-45 - inet6/filter/INPUT -j limit-45 - inet/filter/OUTPUT -j limit-45 - inet6/filter/OUTPUT -j limit-45 - inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 - inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 - inet/filter/logdrop-18 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-18 -m limit --limit 1/second -j LOG - inet/filter/logdrop-18 -j DROP - inet6/filter/logdrop-18 -j DROP - inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 53 {"flow-limit":{"count":1}} -(filter-limit) - inet/filter/FORWARD -j limit-46 - inet6/filter/FORWARD -j limit-46 - inet/filter/INPUT -j limit-46 - inet6/filter/INPUT -j limit-46 - inet/filter/OUTPUT -j limit-46 - inet6/filter/OUTPUT -j limit-46 - inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 - inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 - inet/filter/logdrop-19 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-19 -m limit --limit 1/second -j LOG - inet/filter/logdrop-19 -j DROP - inet6/filter/logdrop-19 -j DROP - inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 54 {"action":"pass","flow-limit":{"count":1}} -(filter-limit) - inet/filter/FORWARD -j limit-47 - inet6/filter/FORWARD -j limit-47 - inet/filter/INPUT -j limit-47 - inet6/filter/INPUT -j limit-47 - inet/filter/OUTPUT -j limit-47 - inet6/filter/OUTPUT -j limit-47 - inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 - inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 - inet/filter/logdrop-20 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-20 -m limit --limit 1/second -j LOG - inet/filter/logdrop-20 -j DROP - inet6/filter/logdrop-20 -j DROP - inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 55 {"flow-limit":{"count":1},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-48 - inet6/filter/FORWARD -j limit-48 - inet/filter/INPUT -j limit-48 - inet6/filter/INPUT -j limit-48 - inet/filter/OUTPUT -j limit-48 - inet6/filter/OUTPUT -j limit-48 - inet/filter/limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 - inet6/filter/limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 - inet/filter/logdrop-21 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-21 -m limit --limit 1/second -j LOG - inet/filter/logdrop-21 -j DROP - inet6/filter/logdrop-21 -j DROP - inet/filter/limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-1 - inet6/filter/FORWARD -j logaccept-final-1 - inet/filter/INPUT -j logaccept-final-1 - inet6/filter/INPUT -j logaccept-final-1 - inet/filter/OUTPUT -j logaccept-final-1 - inet6/filter/OUTPUT -j logaccept-final-1 - inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-1 -j ACCEPT - inet6/filter/logaccept-final-1 -j ACCEPT - -Filter 56 {"action":"pass","flow-limit":{"count":1},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-49 - inet6/filter/FORWARD -j limit-49 - inet/filter/INPUT -j limit-49 - inet6/filter/INPUT -j limit-49 - inet/filter/OUTPUT -j limit-49 - inet6/filter/OUTPUT -j limit-49 - inet/filter/limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 - inet6/filter/limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 - inet/filter/logdrop-22 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-22 -m limit --limit 1/second -j LOG - inet/filter/logdrop-22 -j DROP - inet6/filter/logdrop-22 -j DROP - inet/filter/limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 57 {"flow-limit":{"count":1},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-50 - inet6/filter/FORWARD -j limit-50 - inet/filter/INPUT -j limit-50 - inet6/filter/INPUT -j limit-50 - inet/filter/OUTPUT -j limit-50 - inet6/filter/OUTPUT -j limit-50 - inet/filter/limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 - inet6/filter/limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 - inet/filter/logdrop-23 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-23 -m limit --limit 1/second -j LOG - inet/filter/logdrop-23 -j DROP - inet6/filter/logdrop-23 -j DROP - inet/filter/limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 58 {"action":"pass","flow-limit":{"count":1},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-51 - inet6/filter/FORWARD -j limit-51 - inet/filter/INPUT -j limit-51 - inet6/filter/INPUT -j limit-51 - inet/filter/OUTPUT -j limit-51 - inet6/filter/OUTPUT -j limit-51 - inet/filter/limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 - inet6/filter/limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 - inet/filter/logdrop-24 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-24 -m limit --limit 1/second -j LOG - inet/filter/logdrop-24 -j DROP - inet6/filter/logdrop-24 -j DROP - inet/filter/limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 59 {"flow-limit":{"count":1,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-52 - inet6/filter/FORWARD -j limit-52 - inet/filter/INPUT -j limit-52 - inet6/filter/INPUT -j limit-52 - inet/filter/OUTPUT -j limit-52 - inet6/filter/OUTPUT -j limit-52 - inet/filter/limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 60 {"action":"pass","flow-limit":{"count":1,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-53 - inet6/filter/FORWARD -j limit-53 - inet/filter/INPUT -j limit-53 - inet6/filter/INPUT -j limit-53 - inet/filter/OUTPUT -j limit-53 - inet6/filter/OUTPUT -j limit-53 - inet/filter/limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 61 {"flow-limit":{"count":1,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-54 - inet6/filter/FORWARD -j limit-54 - inet/filter/INPUT -j limit-54 - inet6/filter/INPUT -j limit-54 - inet/filter/OUTPUT -j limit-54 - inet6/filter/OUTPUT -j limit-54 - inet/filter/limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-2 - inet6/filter/FORWARD -j logaccept-final-2 - inet/filter/INPUT -j logaccept-final-2 - inet6/filter/INPUT -j logaccept-final-2 - inet/filter/OUTPUT -j logaccept-final-2 - inet6/filter/OUTPUT -j logaccept-final-2 - inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-2 -j ACCEPT - inet6/filter/logaccept-final-2 -j ACCEPT - -Filter 62 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-55 - inet6/filter/FORWARD -j limit-55 - inet/filter/INPUT -j limit-55 - inet6/filter/INPUT -j limit-55 - inet/filter/OUTPUT -j limit-55 - inet6/filter/OUTPUT -j limit-55 - inet/filter/limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 63 {"flow-limit":{"count":1,"log":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-56 - inet6/filter/FORWARD -j limit-56 - inet/filter/INPUT -j limit-56 - inet6/filter/INPUT -j limit-56 - inet/filter/OUTPUT -j limit-56 - inet6/filter/OUTPUT -j limit-56 - inet/filter/limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 64 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-57 - inet6/filter/FORWARD -j limit-57 - inet/filter/INPUT -j limit-57 - inet6/filter/INPUT -j limit-57 - inet/filter/OUTPUT -j limit-57 - inet6/filter/OUTPUT -j limit-57 - inet/filter/limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 65 {"flow-limit":{"count":1,"log":"none"}} -(filter-limit) - inet/filter/FORWARD -j limit-58 - inet6/filter/FORWARD -j limit-58 - inet/filter/INPUT -j limit-58 - inet6/filter/INPUT -j limit-58 - inet/filter/OUTPUT -j limit-58 - inet6/filter/OUTPUT -j limit-58 - inet/filter/limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 66 {"action":"pass","flow-limit":{"count":1,"log":"none"}} -(filter-limit) - inet/filter/FORWARD -j limit-59 - inet6/filter/FORWARD -j limit-59 - inet/filter/INPUT -j limit-59 - inet6/filter/INPUT -j limit-59 - inet/filter/OUTPUT -j limit-59 - inet6/filter/OUTPUT -j limit-59 - inet/filter/limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 67 {"flow-limit":{"count":1,"log":"none"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-60 - inet6/filter/FORWARD -j limit-60 - inet/filter/INPUT -j limit-60 - inet6/filter/INPUT -j limit-60 - inet/filter/OUTPUT -j limit-60 - inet6/filter/OUTPUT -j limit-60 - inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-3 - inet6/filter/FORWARD -j logaccept-final-3 - inet/filter/INPUT -j logaccept-final-3 - inet6/filter/INPUT -j logaccept-final-3 - inet/filter/OUTPUT -j logaccept-final-3 - inet6/filter/OUTPUT -j logaccept-final-3 - inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-3 -j ACCEPT - inet6/filter/logaccept-final-3 -j ACCEPT - -Filter 68 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-61 - inet6/filter/FORWARD -j limit-61 - inet/filter/INPUT -j limit-61 - inet6/filter/INPUT -j limit-61 - inet/filter/OUTPUT -j limit-61 - inet6/filter/OUTPUT -j limit-61 - inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 69 {"flow-limit":{"count":1,"log":"none"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-62 - inet6/filter/FORWARD -j limit-62 - inet/filter/INPUT -j limit-62 - inet6/filter/INPUT -j limit-62 - inet/filter/OUTPUT -j limit-62 - inet6/filter/OUTPUT -j limit-62 - inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 70 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-63 - inet6/filter/FORWARD -j limit-63 - inet/filter/INPUT -j limit-63 - inet6/filter/INPUT -j limit-63 - inet/filter/OUTPUT -j limit-63 - inet6/filter/OUTPUT -j limit-63 - inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 71 {"flow-limit":30} -(filter-limit) - inet/filter/FORWARD -j limit-64 - inet6/filter/FORWARD -j limit-64 - inet/filter/INPUT -j limit-64 - inet6/filter/INPUT -j limit-64 - inet/filter/OUTPUT -j limit-64 - inet6/filter/OUTPUT -j limit-64 - inet/filter/limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j RETURN - inet6/filter/limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j RETURN - inet/filter/limit-64 -m limit --limit 1/second -j LOG - inet6/filter/limit-64 -m limit --limit 1/second -j LOG - inet/filter/limit-64 -j DROP - inet6/filter/limit-64 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 72 {"action":"pass","flow-limit":30} -(filter-limit) - inet/filter/FORWARD -j limit-65 - inet6/filter/FORWARD -j limit-65 - inet/filter/INPUT -j limit-65 - inet6/filter/INPUT -j limit-65 - inet/filter/OUTPUT -j limit-65 - inet6/filter/OUTPUT -j limit-65 - inet/filter/limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN - inet6/filter/limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN - inet/filter/limit-65 -m limit --limit 1/second -j LOG - inet6/filter/limit-65 -m limit --limit 1/second -j LOG - inet/filter/limit-65 -j DROP - inet6/filter/limit-65 -j DROP - -Filter 73 {"flow-limit":30,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-66 - inet6/filter/FORWARD -j limit-66 - inet/filter/INPUT -j limit-66 - inet6/filter/INPUT -j limit-66 - inet/filter/OUTPUT -j limit-66 - inet6/filter/OUTPUT -j limit-66 - inet/filter/limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j RETURN - inet6/filter/limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j RETURN - inet/filter/limit-66 -m limit --limit 1/second -j LOG - inet6/filter/limit-66 -m limit --limit 1/second -j LOG - inet/filter/limit-66 -j DROP - inet6/filter/limit-66 -j DROP - inet/filter/FORWARD -j logaccept-final-4 - inet6/filter/FORWARD -j logaccept-final-4 - inet/filter/INPUT -j logaccept-final-4 - inet6/filter/INPUT -j logaccept-final-4 - inet/filter/OUTPUT -j logaccept-final-4 - inet6/filter/OUTPUT -j logaccept-final-4 - inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-4 -j ACCEPT - inet6/filter/logaccept-final-4 -j ACCEPT - -Filter 74 {"flow-limit":30,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-67 - inet6/filter/FORWARD -j limit-67 - inet/filter/INPUT -j limit-67 - inet6/filter/INPUT -j limit-67 - inet/filter/OUTPUT -j limit-67 - inet6/filter/OUTPUT -j limit-67 - inet/filter/limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j RETURN - inet6/filter/limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j RETURN - inet/filter/limit-67 -m limit --limit 1/second -j LOG - inet6/filter/limit-67 -m limit --limit 1/second -j LOG - inet/filter/limit-67 -j DROP - inet6/filter/limit-67 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 75 {"flow-limit":{"count":30}} -(filter-limit) - inet/filter/FORWARD -j limit-68 - inet6/filter/FORWARD -j limit-68 - inet/filter/INPUT -j limit-68 - inet6/filter/INPUT -j limit-68 - inet/filter/OUTPUT -j limit-68 - inet6/filter/OUTPUT -j limit-68 - inet/filter/limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j RETURN - inet6/filter/limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j RETURN - inet/filter/limit-68 -m limit --limit 1/second -j LOG - inet6/filter/limit-68 -m limit --limit 1/second -j LOG - inet/filter/limit-68 -j DROP - inet6/filter/limit-68 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 76 {"action":"pass","flow-limit":{"count":30}} -(filter-limit) - inet/filter/FORWARD -j limit-69 - inet6/filter/FORWARD -j limit-69 - inet/filter/INPUT -j limit-69 - inet6/filter/INPUT -j limit-69 - inet/filter/OUTPUT -j limit-69 - inet6/filter/OUTPUT -j limit-69 - inet/filter/limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN - inet6/filter/limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN - inet/filter/limit-69 -m limit --limit 1/second -j LOG - inet6/filter/limit-69 -m limit --limit 1/second -j LOG - inet/filter/limit-69 -j DROP - inet6/filter/limit-69 -j DROP - -Filter 77 {"flow-limit":{"count":30},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-70 - inet6/filter/FORWARD -j limit-70 - inet/filter/INPUT -j limit-70 - inet6/filter/INPUT -j limit-70 - inet/filter/OUTPUT -j limit-70 - inet6/filter/OUTPUT -j limit-70 - inet/filter/limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j RETURN - inet6/filter/limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j RETURN - inet/filter/limit-70 -m limit --limit 1/second -j LOG - inet6/filter/limit-70 -m limit --limit 1/second -j LOG - inet/filter/limit-70 -j DROP - inet6/filter/limit-70 -j DROP - inet/filter/FORWARD -j logaccept-final-5 - inet6/filter/FORWARD -j logaccept-final-5 - inet/filter/INPUT -j logaccept-final-5 - inet6/filter/INPUT -j logaccept-final-5 - inet/filter/OUTPUT -j logaccept-final-5 - inet6/filter/OUTPUT -j logaccept-final-5 - inet/filter/logaccept-final-5 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-5 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-5 -j ACCEPT - inet6/filter/logaccept-final-5 -j ACCEPT - -Filter 78 {"flow-limit":{"count":30},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-71 - inet6/filter/FORWARD -j limit-71 - inet/filter/INPUT -j limit-71 - inet6/filter/INPUT -j limit-71 - inet/filter/OUTPUT -j limit-71 - inet6/filter/OUTPUT -j limit-71 - inet/filter/limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j RETURN - inet6/filter/limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j RETURN - inet/filter/limit-71 -m limit --limit 1/second -j LOG - inet6/filter/limit-71 -m limit --limit 1/second -j LOG - inet/filter/limit-71 -j DROP - inet6/filter/limit-71 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 79 {"flow-limit":{"count":30,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-72 - inet6/filter/FORWARD -j limit-72 - inet/filter/INPUT -j limit-72 - inet6/filter/INPUT -j limit-72 - inet/filter/OUTPUT -j limit-72 - inet6/filter/OUTPUT -j limit-72 - inet/filter/limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j RETURN - inet6/filter/limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j RETURN - inet/filter/limit-72 -j DROP - inet6/filter/limit-72 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 80 {"action":"pass","flow-limit":{"count":30,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-73 - inet6/filter/FORWARD -j limit-73 - inet/filter/INPUT -j limit-73 - inet6/filter/INPUT -j limit-73 - inet/filter/OUTPUT -j limit-73 - inet6/filter/OUTPUT -j limit-73 - inet/filter/limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN - inet6/filter/limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN - inet/filter/limit-73 -j DROP - inet6/filter/limit-73 -j DROP - -Filter 81 {"flow-limit":{"count":30,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-74 - inet6/filter/FORWARD -j limit-74 - inet/filter/INPUT -j limit-74 - inet6/filter/INPUT -j limit-74 - inet/filter/OUTPUT -j limit-74 - inet6/filter/OUTPUT -j limit-74 - inet/filter/limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j RETURN - inet6/filter/limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j RETURN - inet/filter/limit-74 -j DROP - inet6/filter/limit-74 -j DROP - inet/filter/FORWARD -j logaccept-final-6 - inet6/filter/FORWARD -j logaccept-final-6 - inet/filter/INPUT -j logaccept-final-6 - inet6/filter/INPUT -j logaccept-final-6 - inet/filter/OUTPUT -j logaccept-final-6 - inet6/filter/OUTPUT -j logaccept-final-6 - inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-6 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-6 -j ACCEPT - inet6/filter/logaccept-final-6 -j ACCEPT - -Filter 82 {"flow-limit":{"count":30,"log":false},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-75 - inet6/filter/FORWARD -j limit-75 - inet/filter/INPUT -j limit-75 - inet6/filter/INPUT -j limit-75 - inet/filter/OUTPUT -j limit-75 - inet6/filter/OUTPUT -j limit-75 - inet/filter/limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j RETURN - inet6/filter/limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j RETURN - inet/filter/limit-75 -j DROP - inet6/filter/limit-75 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 83 {"flow-limit":{"count":30,"log":"none"}} -(filter-limit) - inet/filter/FORWARD -j limit-76 - inet6/filter/FORWARD -j limit-76 - inet/filter/INPUT -j limit-76 - inet6/filter/INPUT -j limit-76 - inet/filter/OUTPUT -j limit-76 - inet6/filter/OUTPUT -j limit-76 - inet/filter/limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-76 -j RETURN - inet6/filter/limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-76 -j RETURN - inet/filter/limit-76 -j DROP - inet6/filter/limit-76 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 84 {"action":"pass","flow-limit":{"count":30,"log":"none"}} -(filter-limit) - inet/filter/FORWARD -j limit-77 - inet6/filter/FORWARD -j limit-77 - inet/filter/INPUT -j limit-77 - inet6/filter/INPUT -j limit-77 - inet/filter/OUTPUT -j limit-77 - inet6/filter/OUTPUT -j limit-77 - inet/filter/limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-77 -j RETURN - inet6/filter/limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-77 -j RETURN - inet/filter/limit-77 -j DROP - inet6/filter/limit-77 -j DROP - -Filter 85 {"flow-limit":{"count":30,"log":"none"},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-78 - inet6/filter/FORWARD -j limit-78 - inet/filter/INPUT -j limit-78 - inet6/filter/INPUT -j limit-78 - inet/filter/OUTPUT -j limit-78 - inet6/filter/OUTPUT -j limit-78 - inet/filter/limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j RETURN - inet6/filter/limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j RETURN - inet/filter/limit-78 -j DROP - inet6/filter/limit-78 -j DROP - inet/filter/FORWARD -j logaccept-final-7 - inet6/filter/FORWARD -j logaccept-final-7 - inet/filter/INPUT -j logaccept-final-7 - inet6/filter/INPUT -j logaccept-final-7 - inet/filter/OUTPUT -j logaccept-final-7 - inet6/filter/OUTPUT -j logaccept-final-7 - inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-7 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-7 -j ACCEPT - inet6/filter/logaccept-final-7 -j ACCEPT - -Filter 86 {"flow-limit":{"count":30,"log":"none"},"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-79 - inet6/filter/FORWARD -j limit-79 - inet/filter/INPUT -j limit-79 - inet6/filter/INPUT -j limit-79 - inet/filter/OUTPUT -j limit-79 - inet6/filter/OUTPUT -j limit-79 - inet/filter/limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-79 -j RETURN - inet6/filter/limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-79 -j RETURN - inet/filter/limit-79 -j DROP - inet6/filter/limit-79 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 87 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-80 - inet6/filter/INPUT -i eth0 -j limit-80 - inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 - inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 - inet/filter/logdrop-25 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-25 -m limit --limit 1/second -j LOG - inet/filter/logdrop-25 -j DROP - inet6/filter/logdrop-25 -j DROP - inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 88 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-81 - inet6/filter/INPUT -i eth0 -j limit-81 - inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 - inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 - inet/filter/logdrop-26 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG - inet/filter/logdrop-26 -j DROP - inet6/filter/logdrop-26 -j DROP - inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 89 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-82 - inet6/filter/INPUT -i eth0 -j limit-82 - inet/filter/limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 - inet6/filter/limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 - inet/filter/logdrop-27 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-27 -m limit --limit 1/second -j LOG - inet/filter/logdrop-27 -j DROP - inet6/filter/logdrop-27 -j DROP - inet/filter/limit-82 -m limit --limit 1/second -j LOG - inet6/filter/limit-82 -m limit --limit 1/second -j LOG - inet/filter/limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 90 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-83 - inet6/filter/INPUT -i eth0 -j limit-83 - inet/filter/limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 - inet6/filter/limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 - inet/filter/logdrop-28 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-28 -m limit --limit 1/second -j LOG - inet/filter/logdrop-28 -j DROP - inet6/filter/logdrop-28 -j DROP - inet/filter/limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 91 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-84 - inet6/filter/INPUT -i eth0 -j limit-84 - inet/filter/limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 - inet6/filter/limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 - inet/filter/logdrop-29 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-29 -m limit --limit 1/second -j LOG - inet/filter/logdrop-29 -j DROP - inet6/filter/logdrop-29 -j DROP - inet/filter/limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 92 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-85 - inet6/filter/INPUT -i eth0 -j limit-85 - inet/filter/limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 - inet6/filter/limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 - inet/filter/logdrop-30 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-30 -m limit --limit 1/second -j LOG - inet/filter/logdrop-30 -j DROP - inet6/filter/logdrop-30 -j DROP - inet/filter/limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 93 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-86 - inet6/filter/INPUT -i eth0 -j limit-86 - inet/filter/limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 - inet6/filter/limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 - inet/filter/logdrop-31 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-31 -m limit --limit 1/second -j LOG - inet/filter/logdrop-31 -j DROP - inet6/filter/logdrop-31 -j DROP - inet/filter/limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 94 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-87 - inet6/filter/INPUT -i eth0 -j limit-87 - inet/filter/limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 - inet6/filter/limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 - inet/filter/logdrop-32 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-32 -m limit --limit 1/second -j LOG - inet/filter/logdrop-32 -j DROP - inet6/filter/logdrop-32 -j DROP - inet/filter/limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 95 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-88 - inet6/filter/INPUT -i eth0 -j limit-88 - inet/filter/limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 - inet6/filter/limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 - inet/filter/logdrop-33 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-33 -m limit --limit 1/second -j LOG - inet/filter/logdrop-33 -j DROP - inet6/filter/logdrop-33 -j DROP - inet/filter/limit-88 -m limit --limit 1/second -j LOG - inet6/filter/limit-88 -m limit --limit 1/second -j LOG - inet/filter/limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 96 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-89 - inet6/filter/INPUT -i eth0 -j limit-89 - inet/filter/limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 - inet6/filter/limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 - inet/filter/logdrop-34 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-34 -m limit --limit 1/second -j LOG - inet/filter/logdrop-34 -j DROP - inet6/filter/logdrop-34 -j DROP - inet/filter/limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 97 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-90 - inet6/filter/INPUT -i eth0 -j limit-90 - inet/filter/limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 - inet6/filter/limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 - inet/filter/logdrop-35 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-35 -m limit --limit 1/second -j LOG - inet/filter/logdrop-35 -j DROP - inet6/filter/logdrop-35 -j DROP - inet/filter/limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 98 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-91 - inet6/filter/INPUT -i eth0 -j limit-91 - inet/filter/limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 - inet6/filter/limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 - inet/filter/logdrop-36 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-36 -m limit --limit 1/second -j LOG - inet/filter/logdrop-36 -j DROP - inet6/filter/logdrop-36 -j DROP - inet/filter/limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 99 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-92 - inet6/filter/INPUT -i eth0 -j limit-92 - inet/filter/limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 100 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-93 - inet6/filter/INPUT -i eth0 -j limit-93 - inet/filter/limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 101 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-94 - inet6/filter/INPUT -i eth0 -j limit-94 - inet/filter/limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-94 -m limit --limit 1/second -j LOG - inet6/filter/limit-94 -m limit --limit 1/second -j LOG - inet/filter/limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 102 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-95 - inet6/filter/INPUT -i eth0 -j limit-95 - inet/filter/limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 103 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-96 - inet6/filter/INPUT -i eth0 -j limit-96 - inet/filter/limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 104 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-97 - inet6/filter/INPUT -i eth0 -j limit-97 - inet/filter/limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 105 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-98 - inet6/filter/INPUT -i eth0 -j limit-98 - inet/filter/limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 106 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-99 - inet6/filter/INPUT -i eth0 -j limit-99 - inet/filter/limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 107 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-100 - inet6/filter/INPUT -i eth0 -j limit-100 - inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-100 -m limit --limit 1/second -j LOG - inet6/filter/limit-100 -m limit --limit 1/second -j LOG - inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 108 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-101 - inet6/filter/INPUT -i eth0 -j limit-101 - inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 109 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-102 - inet6/filter/INPUT -i eth0 -j limit-102 - inet/filter/limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 110 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-103 - inet6/filter/INPUT -i eth0 -j limit-103 - inet/filter/limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 111 {"flow-limit":30,"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-104 - inet6/filter/INPUT -i eth0 -j limit-104 - inet/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT - inet6/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT - inet/filter/limit-104 -m limit --limit 1/second -j LOG - inet6/filter/limit-104 -m limit --limit 1/second -j LOG - inet/filter/limit-104 -j DROP - inet6/filter/limit-104 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 112 {"action":"pass","flow-limit":30,"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-105 - inet6/filter/INPUT -i eth0 -j limit-105 - inet/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN - inet6/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN - inet/filter/limit-105 -m limit --limit 1/second -j LOG - inet6/filter/limit-105 -m limit --limit 1/second -j LOG - inet/filter/limit-105 -j DROP - inet6/filter/limit-105 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 113 {"flow-limit":30,"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-106 - inet6/filter/INPUT -i eth0 -j limit-106 - inet/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-4 - inet6/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-4 - inet/filter/logaccept-4 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG - inet/filter/logaccept-4 -j ACCEPT - inet6/filter/logaccept-4 -j ACCEPT - inet/filter/limit-106 -m limit --limit 1/second -j LOG - inet6/filter/limit-106 -m limit --limit 1/second -j LOG - inet/filter/limit-106 -j DROP - inet6/filter/limit-106 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 114 {"flow-limit":30,"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-107 - inet6/filter/INPUT -i eth0 -j limit-107 - inet/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT - inet6/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT - inet/filter/limit-107 -m limit --limit 1/second -j LOG - inet6/filter/limit-107 -m limit --limit 1/second -j LOG - inet/filter/limit-107 -j DROP - inet6/filter/limit-107 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 115 {"flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-108 - inet6/filter/INPUT -i eth0 -j limit-108 - inet/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT - inet6/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT - inet/filter/limit-108 -m limit --limit 1/second -j LOG - inet6/filter/limit-108 -m limit --limit 1/second -j LOG - inet/filter/limit-108 -j DROP - inet6/filter/limit-108 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 116 {"action":"pass","flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-109 - inet6/filter/INPUT -i eth0 -j limit-109 - inet/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN - inet6/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN - inet/filter/limit-109 -m limit --limit 1/second -j LOG - inet6/filter/limit-109 -m limit --limit 1/second -j LOG - inet/filter/limit-109 -j DROP - inet6/filter/limit-109 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 117 {"flow-limit":{"count":30},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-110 - inet6/filter/INPUT -i eth0 -j limit-110 - inet/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-5 - inet6/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-5 - inet/filter/logaccept-5 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-5 -m limit --limit 1/second -j LOG - inet/filter/logaccept-5 -j ACCEPT - inet6/filter/logaccept-5 -j ACCEPT - inet/filter/limit-110 -m limit --limit 1/second -j LOG - inet6/filter/limit-110 -m limit --limit 1/second -j LOG - inet/filter/limit-110 -j DROP - inet6/filter/limit-110 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 118 {"flow-limit":{"count":30},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-111 - inet6/filter/INPUT -i eth0 -j limit-111 - inet/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT - inet6/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT - inet/filter/limit-111 -m limit --limit 1/second -j LOG - inet6/filter/limit-111 -m limit --limit 1/second -j LOG - inet/filter/limit-111 -j DROP - inet6/filter/limit-111 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 119 {"flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-112 - inet6/filter/INPUT -i eth0 -j limit-112 - inet/filter/limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j ACCEPT - inet6/filter/limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j ACCEPT - inet/filter/limit-112 -j DROP - inet6/filter/limit-112 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 120 {"action":"pass","flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-113 - inet6/filter/INPUT -i eth0 -j limit-113 - inet/filter/limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN - inet6/filter/limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN - inet/filter/limit-113 -j DROP - inet6/filter/limit-113 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 121 {"flow-limit":{"count":30,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-114 - inet6/filter/INPUT -i eth0 -j limit-114 - inet/filter/limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j logaccept-6 - inet6/filter/limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j logaccept-6 - inet/filter/logaccept-6 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG - inet/filter/logaccept-6 -j ACCEPT - inet6/filter/logaccept-6 -j ACCEPT - inet/filter/limit-114 -j DROP - inet6/filter/limit-114 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 122 {"flow-limit":{"count":30,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-115 - inet6/filter/INPUT -i eth0 -j limit-115 - inet/filter/limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j ACCEPT - inet6/filter/limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j ACCEPT - inet/filter/limit-115 -j DROP - inet6/filter/limit-115 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 123 {"flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-116 - inet6/filter/INPUT -i eth0 -j limit-116 - inet/filter/limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-116 -j ACCEPT - inet6/filter/limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-116 -j ACCEPT - inet/filter/limit-116 -j DROP - inet6/filter/limit-116 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 124 {"action":"pass","flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-117 - inet6/filter/INPUT -i eth0 -j limit-117 - inet/filter/limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-117 -j RETURN - inet6/filter/limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-117 -j RETURN - inet/filter/limit-117 -j DROP - inet6/filter/limit-117 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - -Filter 125 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-118 - inet6/filter/INPUT -i eth0 -j limit-118 - inet/filter/limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-118 -j logaccept-7 - inet6/filter/limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-118 -j logaccept-7 - inet/filter/logaccept-7 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-7 -m limit --limit 1/second -j LOG - inet/filter/logaccept-7 -j ACCEPT - inet6/filter/logaccept-7 -j ACCEPT - inet/filter/limit-118 -j DROP - inet6/filter/limit-118 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 126 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} -(filter-limit) - inet/filter/INPUT -i eth0 -j limit-119 - inet6/filter/INPUT -i eth0 -j limit-119 - inet/filter/limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-119 -j ACCEPT - inet6/filter/limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-119 -j ACCEPT - inet/filter/limit-119 -j DROP - inet6/filter/limit-119 -j DROP - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack - inet/raw/OUTPUT -o eth0 -j CT --notrack - inet6/raw/OUTPUT -o eth0 -j CT --notrack - inet/filter/OUTPUT -o eth0 -j ACCEPT - inet6/filter/OUTPUT -o eth0 -j ACCEPT - -Filter 127 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} -(filter-limit) - inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet6/filter/INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 128 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} -(filter-limit) - inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet6/filter/INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 129 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} -(filter-limit) - inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet6/filter/INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set - inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 130 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} -(filter-limit) - inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet6/filter/INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set - inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 131 {} -(log) - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 132 {"action":"drop"} -(log) - inet/filter/FORWARD -j logdrop-37 - inet6/filter/FORWARD -j logdrop-37 - inet/filter/INPUT -j logdrop-37 - inet6/filter/INPUT -j logdrop-37 - inet/filter/OUTPUT -j logdrop-37 - inet6/filter/OUTPUT -j logdrop-37 - inet/filter/logdrop-37 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG - inet/filter/logdrop-37 -j DROP - inet6/filter/logdrop-37 -j DROP - -Filter 133 {"action":"pass"} -(log) - inet/filter/FORWARD - inet6/filter/FORWARD - inet/filter/INPUT - inet6/filter/INPUT - inet/filter/OUTPUT - inet6/filter/OUTPUT - -Filter 134 {"log":false} -(log) - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 135 {"action":"drop","log":false} -(log) - inet/filter/FORWARD -j DROP - inet6/filter/FORWARD -j DROP - inet/filter/INPUT -j DROP - inet6/filter/INPUT -j DROP - inet/filter/OUTPUT -j DROP - inet6/filter/OUTPUT -j DROP - -Filter 136 {"action":"pass","log":false} -(log) - inet/filter/FORWARD - inet6/filter/FORWARD - inet/filter/INPUT - inet6/filter/INPUT - inet/filter/OUTPUT - inet6/filter/OUTPUT - -Filter 137 {"log":true} -(log) - inet/filter/FORWARD -j logaccept-8 - inet6/filter/FORWARD -j logaccept-8 - inet/filter/INPUT -j logaccept-8 - inet6/filter/INPUT -j logaccept-8 - inet/filter/OUTPUT -j logaccept-8 - inet6/filter/OUTPUT -j logaccept-8 - inet/filter/logaccept-8 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-8 -m limit --limit 1/second -j LOG - inet/filter/logaccept-8 -j ACCEPT - inet6/filter/logaccept-8 -j ACCEPT - -Filter 138 {"action":"drop","log":true} -(log) - inet/filter/FORWARD -j logdrop-38 - inet6/filter/FORWARD -j logdrop-38 - inet/filter/INPUT -j logdrop-38 - inet6/filter/INPUT -j logdrop-38 - inet/filter/OUTPUT -j logdrop-38 - inet6/filter/OUTPUT -j logdrop-38 - inet/filter/logdrop-38 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG - inet/filter/logdrop-38 -j DROP - inet6/filter/logdrop-38 -j DROP - -Filter 139 {"action":"pass","log":true} -(log) - inet/filter/FORWARD -j logpass-0 - inet6/filter/FORWARD -j logpass-0 - inet/filter/INPUT -j logpass-0 - inet6/filter/INPUT -j logpass-0 - inet/filter/OUTPUT -j logpass-0 - inet6/filter/OUTPUT -j logpass-0 - inet/filter/logpass-0 -m limit --limit 1/second -j LOG - inet6/filter/logpass-0 -m limit --limit 1/second -j LOG - -Filter 140 {"log":"none"} -(log) - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 141 {"action":"drop","log":"none"} -(log) - inet/filter/FORWARD -j DROP - inet6/filter/FORWARD -j DROP - inet/filter/INPUT -j DROP - inet6/filter/INPUT -j DROP - inet/filter/OUTPUT -j DROP - inet6/filter/OUTPUT -j DROP - -Filter 142 {"action":"pass","log":"none"} -(log) - inet/filter/FORWARD - inet6/filter/FORWARD - inet/filter/INPUT - inet6/filter/INPUT - inet/filter/OUTPUT - inet6/filter/OUTPUT - -Filter 143 {"in":"_fw","no-track":true,"service":"http"} -(no-track) - inet/filter/OUTPUT -p tcp --dport 80 -j ACCEPT - inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT - inet/raw/OUTPUT -p tcp --dport 80 -j CT --notrack - inet6/raw/OUTPUT -p tcp --dport 80 -j CT --notrack - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack - inet/filter/INPUT -p tcp --sport 80 -j ACCEPT - inet6/filter/INPUT -p tcp --sport 80 -j ACCEPT - -Filter 144 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} -(no-track) - inet/filter/FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT - inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT - inet/filter/FORWARD -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT - inet/filter/INPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT - inet/filter/OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT - inet/filter/OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT - inet/raw/PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack - inet/raw/PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack - inet/raw/OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack - inet/raw/OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack - inet/raw/PREROUTING -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack - inet/raw/PREROUTING -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack - inet/raw/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack - inet/raw/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack - inet/filter/FORWARD -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT - inet/filter/INPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT - inet/filter/FORWARD -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT - inet/filter/INPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT - inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT - inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT - -Filter 145 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} -(no-track) - inet/filter/FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT - inet/filter/INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT - inet/filter/OUTPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT - inet/raw/PREROUTING -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack - inet/raw/OUTPUT -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack - inet/raw/PREROUTING -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack - inet/raw/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack - inet/filter/FORWARD -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT - inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT - inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT - -Filter 146 {"no-track":true,"out":"_fw","service":"ipsec"} -(no-track) - inet/filter/INPUT -p esp -j ACCEPT - inet6/filter/INPUT -p esp -j ACCEPT - inet/filter/INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT - inet6/filter/INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack - inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack - inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack - inet/raw/OUTPUT -p esp -j CT --notrack - inet6/raw/OUTPUT -p esp -j CT --notrack - inet/raw/OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack - inet6/raw/OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack - inet/filter/OUTPUT -p esp -j ACCEPT - inet6/filter/OUTPUT -p esp -j ACCEPT - inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT - inet6/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT - -Filter 147 {"in":["_fw","A"]} -(zone) - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - inet/filter/FORWARD -i eth0 -j ACCEPT - inet6/filter/FORWARD -i eth0 -j ACCEPT - inet/filter/INPUT -i eth0 -j ACCEPT - inet6/filter/INPUT -i eth0 -j ACCEPT - -Filter 148 {"in":"B","out":"C"} -(zone) - inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT - -Filter 149 {"out":["_fw","B"]} -(zone) - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT - inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT - inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT - inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT - -Filter 150 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} -(zone) - inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT - inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT - inet/filter/FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth0 -o eth3 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth0 -o eth4 -j ACCEPT - inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT - inet/filter/FORWARD -i eth0 -o eth5 -j ACCEPT - inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT - inet/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT - inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT - inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth0 -j ACCEPT - inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT - inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth4 -j ACCEPT - inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth5 -j ACCEPT - inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT - inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT - inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT - inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT - inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth0 -j ACCEPT - inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth0 -j ACCEPT - inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth4 -j ACCEPT - inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth5 -j ACCEPT - inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth4 -j ACCEPT - inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth5 -j ACCEPT - inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT - inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT - inet/filter/FORWARD -i eth4 -o eth0 -j ACCEPT - inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT - inet/filter/FORWARD -i eth5 -o eth0 -j ACCEPT - inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT - inet/filter/FORWARD -i eth4 -o eth1 -d 10.0.0.0/12 -j ACCEPT - inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT - inet/filter/FORWARD -i eth5 -o eth1 -d 10.0.0.0/12 -j ACCEPT - inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT - inet/filter/FORWARD -i eth4 -o eth2 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth4 -o eth3 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth5 -o eth2 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth5 -o eth3 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -i eth4 -o eth4 -j ACCEPT - inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT - inet/filter/FORWARD -i eth4 -o eth5 -j ACCEPT - inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT - inet/filter/FORWARD -i eth5 -o eth4 -j ACCEPT - inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT - inet/filter/FORWARD -i eth5 -o eth5 -j ACCEPT - inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT - inet/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT - inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT - inet/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT - inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT - inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT - inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT - inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d 10.0.0.0/12 -j ACCEPT - inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT - inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth2 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth3 -d 10.1.0.0/12 -j ACCEPT - inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT - inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT - inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT - inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT - inet/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT - inet6/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT +Filter 1 {} +(filter) + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 2 {"action":"accept"} +(filter) + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 3 {"action":"drop"} +(filter) + inet/filter/FORWARD -j logdrop-0 + inet6/filter/FORWARD -j logdrop-0 + inet/filter/INPUT -j logdrop-0 + inet6/filter/INPUT -j logdrop-0 + inet/filter/OUTPUT -j logdrop-0 + inet6/filter/OUTPUT -j logdrop-0 + inet/filter/logdrop-0 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG + inet/filter/logdrop-0 -j DROP + inet6/filter/logdrop-0 -j DROP + +Filter 4 {"action":"pass"} +(filter) + inet/filter/FORWARD + inet6/filter/FORWARD + inet/filter/INPUT + inet6/filter/INPUT + inet/filter/OUTPUT + inet6/filter/OUTPUT + +Filter 5 {"action":"reject"} +(filter) + inet/filter/FORWARD -j logreject-0 + inet6/filter/FORWARD -j logreject-0 + inet/filter/INPUT -j logreject-0 + inet6/filter/INPUT -j logreject-0 + inet/filter/OUTPUT -j logreject-0 + inet6/filter/OUTPUT -j logreject-0 + inet/filter/logreject-0 -m limit --limit 1/second -j LOG + inet6/filter/logreject-0 -m limit --limit 1/second -j LOG + inet/filter/logreject-0 -j REJECT + inet6/filter/logreject-0 -j REJECT + +Filter 6 {"action":"tarpit"} +(filter) + inet/filter/FORWARD -j logtarpit-0 + inet6/filter/FORWARD -j logtarpit-0 + inet/filter/INPUT -j logtarpit-0 + inet6/filter/INPUT -j logtarpit-0 + inet/filter/OUTPUT -j logtarpit-0 + inet6/filter/OUTPUT -j logtarpit-0 + inet/filter/logtarpit-0 -m limit --limit 1/second -j LOG + inet6/filter/logtarpit-0 -m limit --limit 1/second -j LOG + inet/filter/logtarpit-0 -j tarpit + inet6/filter/logtarpit-0 -j tarpit + inet/raw/PREROUTING -j CT --notrack + inet6/raw/PREROUTING -j CT --notrack + inet/raw/OUTPUT -j CT --notrack + inet6/raw/OUTPUT -j CT --notrack + +Filter 7 {"conn-limit":1,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-0 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-0 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-0 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-0 + inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-1 + inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-1 + inet/filter/logdrop-1 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG + inet/filter/logdrop-1 -j DROP + inet6/filter/logdrop-1 -j DROP + inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 8 {"action":"pass","conn-limit":1,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-1 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-1 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-1 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-1 + inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-2 + inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2 + inet/filter/logdrop-2 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-2 -m limit --limit 1/second -j LOG + inet/filter/logdrop-2 -j DROP + inet6/filter/logdrop-2 -j DROP + inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 9 {"conn-limit":1,"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-2 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-2 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-2 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-2 + inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 + inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 + inet/filter/logdrop-3 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-3 -m limit --limit 1/second -j LOG + inet/filter/logdrop-3 -j DROP + inet6/filter/logdrop-3 -j DROP + inet/filter/limit-2 -m limit --limit 1/second -j LOG + inet6/filter/limit-2 -m limit --limit 1/second -j LOG + inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 10 {"action":"pass","conn-limit":1,"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-3 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-3 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-3 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-3 + inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 + inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 + inet/filter/logdrop-4 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-4 -m limit --limit 1/second -j LOG + inet/filter/logdrop-4 -j DROP + inet6/filter/logdrop-4 -j DROP + inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 11 {"conn-limit":1,"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-4 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-4 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-4 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-4 + inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 + inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 + inet/filter/logdrop-5 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-5 -m limit --limit 1/second -j LOG + inet/filter/logdrop-5 -j DROP + inet6/filter/logdrop-5 -j DROP + inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 12 {"action":"pass","conn-limit":1,"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-5 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-5 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-5 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-5 + inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 + inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 + inet/filter/logdrop-6 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-6 -m limit --limit 1/second -j LOG + inet/filter/logdrop-6 -j DROP + inet6/filter/logdrop-6 -j DROP + inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 13 {"conn-limit":{"count":1},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-6 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-6 + inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 + inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 + inet/filter/logdrop-7 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-7 -m limit --limit 1/second -j LOG + inet/filter/logdrop-7 -j DROP + inet6/filter/logdrop-7 -j DROP + inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 14 {"action":"pass","conn-limit":{"count":1},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-7 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-7 + inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 + inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 + inet/filter/logdrop-8 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-8 -m limit --limit 1/second -j LOG + inet/filter/logdrop-8 -j DROP + inet6/filter/logdrop-8 -j DROP + inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 15 {"conn-limit":{"count":1},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-8 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-8 + inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 + inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 + inet/filter/logdrop-9 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-9 -m limit --limit 1/second -j LOG + inet/filter/logdrop-9 -j DROP + inet6/filter/logdrop-9 -j DROP + inet/filter/limit-8 -m limit --limit 1/second -j LOG + inet6/filter/limit-8 -m limit --limit 1/second -j LOG + inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 16 {"action":"pass","conn-limit":{"count":1},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-9 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-9 + inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 + inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 + inet/filter/logdrop-10 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-10 -m limit --limit 1/second -j LOG + inet/filter/logdrop-10 -j DROP + inet6/filter/logdrop-10 -j DROP + inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 17 {"conn-limit":{"count":1},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-10 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-10 + inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 + inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 + inet/filter/logdrop-11 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-11 -m limit --limit 1/second -j LOG + inet/filter/logdrop-11 -j DROP + inet6/filter/logdrop-11 -j DROP + inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 18 {"action":"pass","conn-limit":{"count":1},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-11 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-11 + inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 + inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 + inet/filter/logdrop-12 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-12 -m limit --limit 1/second -j LOG + inet/filter/logdrop-12 -j DROP + inet6/filter/logdrop-12 -j DROP + inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 19 {"conn-limit":{"count":1,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-12 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-12 + inet/filter/limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 + inet6/filter/limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 + inet/filter/logdrop-13 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-13 -m limit --limit 1/second -j LOG + inet/filter/logdrop-13 -j DROP + inet6/filter/logdrop-13 -j DROP + inet/filter/limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 20 {"action":"pass","conn-limit":{"count":1,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-13 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-13 + inet/filter/limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 + inet6/filter/limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 + inet/filter/logdrop-14 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-14 -m limit --limit 1/second -j LOG + inet/filter/logdrop-14 -j DROP + inet6/filter/logdrop-14 -j DROP + inet/filter/limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 21 {"conn-limit":{"count":1,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-14 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-14 + inet/filter/limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 + inet6/filter/limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 + inet/filter/logdrop-15 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-15 -m limit --limit 1/second -j LOG + inet/filter/logdrop-15 -j DROP + inet6/filter/logdrop-15 -j DROP + inet/filter/limit-14 -m limit --limit 1/second -j LOG + inet6/filter/limit-14 -m limit --limit 1/second -j LOG + inet/filter/limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 22 {"action":"pass","conn-limit":{"count":1,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-15 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-15 + inet/filter/limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 + inet6/filter/limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 + inet/filter/logdrop-16 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-16 -m limit --limit 1/second -j LOG + inet/filter/logdrop-16 -j DROP + inet6/filter/logdrop-16 -j DROP + inet/filter/limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 23 {"conn-limit":{"count":1,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-16 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-16 + inet/filter/limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 + inet6/filter/limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 + inet/filter/logdrop-17 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-17 -m limit --limit 1/second -j LOG + inet/filter/logdrop-17 -j DROP + inet6/filter/logdrop-17 -j DROP + inet/filter/limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 24 {"action":"pass","conn-limit":{"count":1,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-17 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-17 + inet/filter/limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 + inet6/filter/limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 + inet/filter/logdrop-18 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-18 -m limit --limit 1/second -j LOG + inet/filter/logdrop-18 -j DROP + inet6/filter/logdrop-18 -j DROP + inet/filter/limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 25 {"conn-limit":{"count":1,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-18 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-18 + inet/filter/limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 26 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-19 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-19 + inet/filter/limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 27 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-20 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-20 + inet/filter/limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-20 -m limit --limit 1/second -j LOG + inet6/filter/limit-20 -m limit --limit 1/second -j LOG + inet/filter/limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 28 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-21 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-21 + inet/filter/limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 29 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-22 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-22 + inet/filter/limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 30 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-23 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-23 + inet/filter/limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 31 {"conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-24 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-24 + inet/filter/limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 32 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-25 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-25 + inet/filter/limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 33 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26 + inet/filter/limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-26 -m limit --limit 1/second -j LOG + inet6/filter/limit-26 -m limit --limit 1/second -j LOG + inet/filter/limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 34 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-27 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-27 + inet/filter/limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 35 {"conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-28 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-28 + inet/filter/limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 36 {"action":"pass","conn-limit":{"count":1,"log":false,"name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-29 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-29 + inet/filter/limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 37 {"conn-limit":{"count":1,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-30 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-30 + inet/filter/limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 38 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-31 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-31 + inet/filter/limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 39 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-32 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-32 + inet/filter/limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-32 -m limit --limit 1/second -j LOG + inet6/filter/limit-32 -m limit --limit 1/second -j LOG + inet/filter/limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 40 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-33 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-33 + inet/filter/limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 41 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-34 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-34 + inet/filter/limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 42 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-35 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-35 + inet/filter/limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 43 {"conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-36 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-36 + inet/filter/limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 44 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-37 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-37 + inet/filter/limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 45 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-38 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-38 + inet/filter/limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-38 -m limit --limit 1/second -j LOG + inet6/filter/limit-38 -m limit --limit 1/second -j LOG + inet/filter/limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 46 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-39 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-39 + inet/filter/limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 47 {"conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-40 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-40 + inet/filter/limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + +Filter 48 {"action":"pass","conn-limit":{"count":1,"log":"none","name":"foo"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-41 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-41 + inet/filter/limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 49 {"conn-limit":30,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-42 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-42 + inet/filter/limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-42 -j ACCEPT + inet6/filter/limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-42 -j ACCEPT + inet/filter/limit-42 -m limit --limit 1/second -j LOG + inet6/filter/limit-42 -m limit --limit 1/second -j LOG + inet/filter/limit-42 -j DROP + inet6/filter/limit-42 -j DROP + +Filter 50 {"action":"pass","conn-limit":30,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-43 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-43 + inet/filter/limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-43 -j RETURN + inet6/filter/limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-43 -j RETURN + inet/filter/limit-43 -m limit --limit 1/second -j LOG + inet6/filter/limit-43 -m limit --limit 1/second -j LOG + inet/filter/limit-43 -j DROP + inet6/filter/limit-43 -j DROP + +Filter 51 {"conn-limit":30,"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-44 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-44 + inet/filter/limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-44 -j logaccept-0 + inet6/filter/limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-44 -j logaccept-0 + inet/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-0 -j ACCEPT + inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-44 -m limit --limit 1/second -j LOG + inet6/filter/limit-44 -m limit --limit 1/second -j LOG + inet/filter/limit-44 -j DROP + inet6/filter/limit-44 -j DROP + +Filter 52 {"conn-limit":30,"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-45 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-45 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-45 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-45 + inet/filter/limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-45 -j ACCEPT + inet6/filter/limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-45 -j ACCEPT + inet/filter/limit-45 -m limit --limit 1/second -j LOG + inet6/filter/limit-45 -m limit --limit 1/second -j LOG + inet/filter/limit-45 -j DROP + inet6/filter/limit-45 -j DROP + +Filter 53 {"conn-limit":{"count":30},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-46 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-46 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-46 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-46 + inet/filter/limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-46 -j ACCEPT + inet6/filter/limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-46 -j ACCEPT + inet/filter/limit-46 -m limit --limit 1/second -j LOG + inet6/filter/limit-46 -m limit --limit 1/second -j LOG + inet/filter/limit-46 -j DROP + inet6/filter/limit-46 -j DROP + +Filter 54 {"action":"pass","conn-limit":{"count":30},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-47 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-47 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-47 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-47 + inet/filter/limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-47 -j RETURN + inet6/filter/limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-47 -j RETURN + inet/filter/limit-47 -m limit --limit 1/second -j LOG + inet6/filter/limit-47 -m limit --limit 1/second -j LOG + inet/filter/limit-47 -j DROP + inet6/filter/limit-47 -j DROP + +Filter 55 {"conn-limit":{"count":30},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-48 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-48 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-48 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-48 + inet/filter/limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j logaccept-1 + inet6/filter/limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j logaccept-1 + inet/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-1 -j ACCEPT + inet6/filter/logaccept-1 -j ACCEPT + inet/filter/limit-48 -m limit --limit 1/second -j LOG + inet6/filter/limit-48 -m limit --limit 1/second -j LOG + inet/filter/limit-48 -j DROP + inet6/filter/limit-48 -j DROP + +Filter 56 {"conn-limit":{"count":30},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-49 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-49 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-49 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-49 + inet/filter/limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j ACCEPT + inet6/filter/limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j ACCEPT + inet/filter/limit-49 -m limit --limit 1/second -j LOG + inet6/filter/limit-49 -m limit --limit 1/second -j LOG + inet/filter/limit-49 -j DROP + inet6/filter/limit-49 -j DROP + +Filter 57 {"conn-limit":{"count":30,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-50 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-50 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-50 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-50 + inet/filter/limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j ACCEPT + inet6/filter/limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j ACCEPT + inet/filter/limit-50 -j DROP + inet6/filter/limit-50 -j DROP + +Filter 58 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-51 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-51 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-51 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-51 + inet/filter/limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN + inet6/filter/limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN + inet/filter/limit-51 -j DROP + inet6/filter/limit-51 -j DROP + +Filter 59 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-52 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-52 + inet/filter/limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j logaccept-2 + inet6/filter/limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j logaccept-2 + inet/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-2 -j ACCEPT + inet6/filter/logaccept-2 -j ACCEPT + inet/filter/limit-52 -j DROP + inet6/filter/limit-52 -j DROP + +Filter 60 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-53 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-53 + inet/filter/limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j ACCEPT + inet6/filter/limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j ACCEPT + inet/filter/limit-53 -j DROP + inet6/filter/limit-53 -j DROP + +Filter 61 {"conn-limit":{"count":30,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-54 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-54 + inet/filter/limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j ACCEPT + inet6/filter/limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j ACCEPT + inet/filter/limit-54 -j DROP + inet6/filter/limit-54 -j DROP + +Filter 62 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-55 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-55 + inet/filter/limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN + inet6/filter/limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN + inet/filter/limit-55 -j DROP + inet6/filter/limit-55 -j DROP + +Filter 63 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-56 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-56 + inet/filter/limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j logaccept-3 + inet6/filter/limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j logaccept-3 + inet/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-3 -j ACCEPT + inet6/filter/logaccept-3 -j ACCEPT + inet/filter/limit-56 -j DROP + inet6/filter/limit-56 -j DROP + +Filter 64 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-57 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-57 + inet/filter/limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j ACCEPT + inet6/filter/limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j ACCEPT + inet/filter/limit-57 -j DROP + inet6/filter/limit-57 -j DROP + +Filter 65 {"flow-limit":1} +(filter-limit) + inet/filter/FORWARD -j limit-58 + inet6/filter/FORWARD -j limit-58 + inet/filter/INPUT -j limit-58 + inet6/filter/INPUT -j limit-58 + inet/filter/OUTPUT -j limit-58 + inet6/filter/OUTPUT -j limit-58 + inet/filter/limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 + inet6/filter/limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 + inet/filter/logdrop-19 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-19 -m limit --limit 1/second -j LOG + inet/filter/logdrop-19 -j DROP + inet6/filter/logdrop-19 -j DROP + inet/filter/limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 66 {"action":"pass","flow-limit":1} +(filter-limit) + inet/filter/FORWARD -j limit-59 + inet6/filter/FORWARD -j limit-59 + inet/filter/INPUT -j limit-59 + inet6/filter/INPUT -j limit-59 + inet/filter/OUTPUT -j limit-59 + inet6/filter/OUTPUT -j limit-59 + inet/filter/limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 + inet6/filter/limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 + inet/filter/logdrop-20 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-20 -m limit --limit 1/second -j LOG + inet/filter/logdrop-20 -j DROP + inet6/filter/logdrop-20 -j DROP + inet/filter/limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 67 {"flow-limit":1,"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-60 + inet6/filter/FORWARD -j limit-60 + inet/filter/INPUT -j limit-60 + inet6/filter/INPUT -j limit-60 + inet/filter/OUTPUT -j limit-60 + inet6/filter/OUTPUT -j limit-60 + inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 + inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 + inet/filter/logdrop-21 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-21 -m limit --limit 1/second -j LOG + inet/filter/logdrop-21 -j DROP + inet6/filter/logdrop-21 -j DROP + inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-0 + inet6/filter/FORWARD -j logaccept-final-0 + inet/filter/INPUT -j logaccept-final-0 + inet6/filter/INPUT -j logaccept-final-0 + inet/filter/OUTPUT -j logaccept-final-0 + inet6/filter/OUTPUT -j logaccept-final-0 + inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-0 -j ACCEPT + inet6/filter/logaccept-final-0 -j ACCEPT + +Filter 68 {"action":"pass","flow-limit":1,"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-61 + inet6/filter/FORWARD -j limit-61 + inet/filter/INPUT -j limit-61 + inet6/filter/INPUT -j limit-61 + inet/filter/OUTPUT -j limit-61 + inet6/filter/OUTPUT -j limit-61 + inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 + inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 + inet/filter/logdrop-22 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-22 -m limit --limit 1/second -j LOG + inet/filter/logdrop-22 -j DROP + inet6/filter/logdrop-22 -j DROP + inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 69 {"flow-limit":1,"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-62 + inet6/filter/FORWARD -j limit-62 + inet/filter/INPUT -j limit-62 + inet6/filter/INPUT -j limit-62 + inet/filter/OUTPUT -j limit-62 + inet6/filter/OUTPUT -j limit-62 + inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 + inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 + inet/filter/logdrop-23 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-23 -m limit --limit 1/second -j LOG + inet/filter/logdrop-23 -j DROP + inet6/filter/logdrop-23 -j DROP + inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 70 {"action":"pass","flow-limit":1,"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-63 + inet6/filter/FORWARD -j limit-63 + inet/filter/INPUT -j limit-63 + inet6/filter/INPUT -j limit-63 + inet/filter/OUTPUT -j limit-63 + inet6/filter/OUTPUT -j limit-63 + inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 + inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 + inet/filter/logdrop-24 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-24 -m limit --limit 1/second -j LOG + inet/filter/logdrop-24 -j DROP + inet6/filter/logdrop-24 -j DROP + inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 71 {"flow-limit":{"count":1}} +(filter-limit) + inet/filter/FORWARD -j limit-64 + inet6/filter/FORWARD -j limit-64 + inet/filter/INPUT -j limit-64 + inet6/filter/INPUT -j limit-64 + inet/filter/OUTPUT -j limit-64 + inet6/filter/OUTPUT -j limit-64 + inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 + inet6/filter/limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 + inet/filter/logdrop-25 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-25 -m limit --limit 1/second -j LOG + inet/filter/logdrop-25 -j DROP + inet6/filter/logdrop-25 -j DROP + inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 72 {"action":"pass","flow-limit":{"count":1}} +(filter-limit) + inet/filter/FORWARD -j limit-65 + inet6/filter/FORWARD -j limit-65 + inet/filter/INPUT -j limit-65 + inet6/filter/INPUT -j limit-65 + inet/filter/OUTPUT -j limit-65 + inet6/filter/OUTPUT -j limit-65 + inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 + inet6/filter/limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 + inet/filter/logdrop-26 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG + inet/filter/logdrop-26 -j DROP + inet6/filter/logdrop-26 -j DROP + inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 73 {"flow-limit":{"count":1},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-66 + inet6/filter/FORWARD -j limit-66 + inet/filter/INPUT -j limit-66 + inet6/filter/INPUT -j limit-66 + inet/filter/OUTPUT -j limit-66 + inet6/filter/OUTPUT -j limit-66 + inet/filter/limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 + inet6/filter/limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 + inet/filter/logdrop-27 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-27 -m limit --limit 1/second -j LOG + inet/filter/logdrop-27 -j DROP + inet6/filter/logdrop-27 -j DROP + inet/filter/limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-1 + inet6/filter/FORWARD -j logaccept-final-1 + inet/filter/INPUT -j logaccept-final-1 + inet6/filter/INPUT -j logaccept-final-1 + inet/filter/OUTPUT -j logaccept-final-1 + inet6/filter/OUTPUT -j logaccept-final-1 + inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-1 -j ACCEPT + inet6/filter/logaccept-final-1 -j ACCEPT + +Filter 74 {"action":"pass","flow-limit":{"count":1},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-67 + inet6/filter/FORWARD -j limit-67 + inet/filter/INPUT -j limit-67 + inet6/filter/INPUT -j limit-67 + inet/filter/OUTPUT -j limit-67 + inet6/filter/OUTPUT -j limit-67 + inet/filter/limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 + inet6/filter/limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 + inet/filter/logdrop-28 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-28 -m limit --limit 1/second -j LOG + inet/filter/logdrop-28 -j DROP + inet6/filter/logdrop-28 -j DROP + inet/filter/limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 75 {"flow-limit":{"count":1},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-68 + inet6/filter/FORWARD -j limit-68 + inet/filter/INPUT -j limit-68 + inet6/filter/INPUT -j limit-68 + inet/filter/OUTPUT -j limit-68 + inet6/filter/OUTPUT -j limit-68 + inet/filter/limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 + inet6/filter/limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 + inet/filter/logdrop-29 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-29 -m limit --limit 1/second -j LOG + inet/filter/logdrop-29 -j DROP + inet6/filter/logdrop-29 -j DROP + inet/filter/limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 76 {"action":"pass","flow-limit":{"count":1},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-69 + inet6/filter/FORWARD -j limit-69 + inet/filter/INPUT -j limit-69 + inet6/filter/INPUT -j limit-69 + inet/filter/OUTPUT -j limit-69 + inet6/filter/OUTPUT -j limit-69 + inet/filter/limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 + inet6/filter/limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 + inet/filter/logdrop-30 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-30 -m limit --limit 1/second -j LOG + inet/filter/logdrop-30 -j DROP + inet6/filter/logdrop-30 -j DROP + inet/filter/limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 77 {"flow-limit":{"count":1,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-70 + inet6/filter/FORWARD -j limit-70 + inet/filter/INPUT -j limit-70 + inet6/filter/INPUT -j limit-70 + inet/filter/OUTPUT -j limit-70 + inet6/filter/OUTPUT -j limit-70 + inet/filter/limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 + inet6/filter/limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 + inet/filter/logdrop-31 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-31 -m limit --limit 1/second -j LOG + inet/filter/logdrop-31 -j DROP + inet6/filter/logdrop-31 -j DROP + inet/filter/limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 78 {"action":"pass","flow-limit":{"count":1,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-71 + inet6/filter/FORWARD -j limit-71 + inet/filter/INPUT -j limit-71 + inet6/filter/INPUT -j limit-71 + inet/filter/OUTPUT -j limit-71 + inet6/filter/OUTPUT -j limit-71 + inet/filter/limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 + inet6/filter/limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 + inet/filter/logdrop-32 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-32 -m limit --limit 1/second -j LOG + inet/filter/logdrop-32 -j DROP + inet6/filter/logdrop-32 -j DROP + inet/filter/limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 79 {"flow-limit":{"count":1,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-72 + inet6/filter/FORWARD -j limit-72 + inet/filter/INPUT -j limit-72 + inet6/filter/INPUT -j limit-72 + inet/filter/OUTPUT -j limit-72 + inet6/filter/OUTPUT -j limit-72 + inet/filter/limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 + inet6/filter/limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 + inet/filter/logdrop-33 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-33 -m limit --limit 1/second -j LOG + inet/filter/logdrop-33 -j DROP + inet6/filter/logdrop-33 -j DROP + inet/filter/limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-2 + inet6/filter/FORWARD -j logaccept-final-2 + inet/filter/INPUT -j logaccept-final-2 + inet6/filter/INPUT -j logaccept-final-2 + inet/filter/OUTPUT -j logaccept-final-2 + inet6/filter/OUTPUT -j logaccept-final-2 + inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-2 -j ACCEPT + inet6/filter/logaccept-final-2 -j ACCEPT + +Filter 80 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-73 + inet6/filter/FORWARD -j limit-73 + inet/filter/INPUT -j limit-73 + inet6/filter/INPUT -j limit-73 + inet/filter/OUTPUT -j limit-73 + inet6/filter/OUTPUT -j limit-73 + inet/filter/limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 + inet6/filter/limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 + inet/filter/logdrop-34 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-34 -m limit --limit 1/second -j LOG + inet/filter/logdrop-34 -j DROP + inet6/filter/logdrop-34 -j DROP + inet/filter/limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 81 {"flow-limit":{"count":1,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-74 + inet6/filter/FORWARD -j limit-74 + inet/filter/INPUT -j limit-74 + inet6/filter/INPUT -j limit-74 + inet/filter/OUTPUT -j limit-74 + inet6/filter/OUTPUT -j limit-74 + inet/filter/limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 + inet6/filter/limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 + inet/filter/logdrop-35 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-35 -m limit --limit 1/second -j LOG + inet/filter/logdrop-35 -j DROP + inet6/filter/logdrop-35 -j DROP + inet/filter/limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 82 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-75 + inet6/filter/FORWARD -j limit-75 + inet/filter/INPUT -j limit-75 + inet6/filter/INPUT -j limit-75 + inet/filter/OUTPUT -j limit-75 + inet6/filter/OUTPUT -j limit-75 + inet/filter/limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 + inet6/filter/limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 + inet/filter/logdrop-36 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-36 -m limit --limit 1/second -j LOG + inet/filter/logdrop-36 -j DROP + inet6/filter/logdrop-36 -j DROP + inet/filter/limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 83 {"flow-limit":{"count":1,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-76 + inet6/filter/FORWARD -j limit-76 + inet/filter/INPUT -j limit-76 + inet6/filter/INPUT -j limit-76 + inet/filter/OUTPUT -j limit-76 + inet6/filter/OUTPUT -j limit-76 + inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 84 {"action":"pass","flow-limit":{"count":1,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-77 + inet6/filter/FORWARD -j limit-77 + inet/filter/INPUT -j limit-77 + inet6/filter/INPUT -j limit-77 + inet/filter/OUTPUT -j limit-77 + inet6/filter/OUTPUT -j limit-77 + inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 85 {"flow-limit":{"count":1,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-78 + inet6/filter/FORWARD -j limit-78 + inet/filter/INPUT -j limit-78 + inet6/filter/INPUT -j limit-78 + inet/filter/OUTPUT -j limit-78 + inet6/filter/OUTPUT -j limit-78 + inet/filter/limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-3 + inet6/filter/FORWARD -j logaccept-final-3 + inet/filter/INPUT -j logaccept-final-3 + inet6/filter/INPUT -j logaccept-final-3 + inet/filter/OUTPUT -j logaccept-final-3 + inet6/filter/OUTPUT -j logaccept-final-3 + inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-3 -j ACCEPT + inet6/filter/logaccept-final-3 -j ACCEPT + +Filter 86 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-79 + inet6/filter/FORWARD -j limit-79 + inet/filter/INPUT -j limit-79 + inet6/filter/INPUT -j limit-79 + inet/filter/OUTPUT -j limit-79 + inet6/filter/OUTPUT -j limit-79 + inet/filter/limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 87 {"flow-limit":{"count":1,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-80 + inet6/filter/FORWARD -j limit-80 + inet/filter/INPUT -j limit-80 + inet6/filter/INPUT -j limit-80 + inet/filter/OUTPUT -j limit-80 + inet6/filter/OUTPUT -j limit-80 + inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 88 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-81 + inet6/filter/FORWARD -j limit-81 + inet/filter/INPUT -j limit-81 + inet6/filter/INPUT -j limit-81 + inet/filter/OUTPUT -j limit-81 + inet6/filter/OUTPUT -j limit-81 + inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 89 {"flow-limit":{"count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-82 + inet6/filter/FORWARD -j limit-82 + inet/filter/INPUT -j limit-82 + inet6/filter/INPUT -j limit-82 + inet/filter/OUTPUT -j limit-82 + inet6/filter/OUTPUT -j limit-82 + inet/filter/limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 90 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-83 + inet6/filter/FORWARD -j limit-83 + inet/filter/INPUT -j limit-83 + inet6/filter/INPUT -j limit-83 + inet/filter/OUTPUT -j limit-83 + inet6/filter/OUTPUT -j limit-83 + inet/filter/limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 91 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-84 + inet6/filter/FORWARD -j limit-84 + inet/filter/INPUT -j limit-84 + inet6/filter/INPUT -j limit-84 + inet/filter/OUTPUT -j limit-84 + inet6/filter/OUTPUT -j limit-84 + inet/filter/limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-4 + inet6/filter/FORWARD -j logaccept-final-4 + inet/filter/INPUT -j logaccept-final-4 + inet6/filter/INPUT -j logaccept-final-4 + inet/filter/OUTPUT -j logaccept-final-4 + inet6/filter/OUTPUT -j logaccept-final-4 + inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-4 -j ACCEPT + inet6/filter/logaccept-final-4 -j ACCEPT + +Filter 92 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-85 + inet6/filter/FORWARD -j limit-85 + inet/filter/INPUT -j limit-85 + inet6/filter/INPUT -j limit-85 + inet/filter/OUTPUT -j limit-85 + inet6/filter/OUTPUT -j limit-85 + inet/filter/limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 93 {"flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-86 + inet6/filter/FORWARD -j limit-86 + inet/filter/INPUT -j limit-86 + inet6/filter/INPUT -j limit-86 + inet/filter/OUTPUT -j limit-86 + inet6/filter/OUTPUT -j limit-86 + inet/filter/limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 94 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-87 + inet6/filter/FORWARD -j limit-87 + inet/filter/INPUT -j limit-87 + inet6/filter/INPUT -j limit-87 + inet/filter/OUTPUT -j limit-87 + inet6/filter/OUTPUT -j limit-87 + inet/filter/limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 95 {"flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-88 + inet6/filter/FORWARD -j limit-88 + inet/filter/INPUT -j limit-88 + inet6/filter/INPUT -j limit-88 + inet/filter/OUTPUT -j limit-88 + inet6/filter/OUTPUT -j limit-88 + inet/filter/limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 96 {"action":"pass","flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-89 + inet6/filter/FORWARD -j limit-89 + inet/filter/INPUT -j limit-89 + inet6/filter/INPUT -j limit-89 + inet/filter/OUTPUT -j limit-89 + inet6/filter/OUTPUT -j limit-89 + inet/filter/limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 97 {"flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-90 + inet6/filter/FORWARD -j limit-90 + inet/filter/INPUT -j limit-90 + inet6/filter/INPUT -j limit-90 + inet/filter/OUTPUT -j limit-90 + inet6/filter/OUTPUT -j limit-90 + inet/filter/limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-5 + inet6/filter/FORWARD -j logaccept-final-5 + inet/filter/INPUT -j logaccept-final-5 + inet6/filter/INPUT -j logaccept-final-5 + inet/filter/OUTPUT -j logaccept-final-5 + inet6/filter/OUTPUT -j logaccept-final-5 + inet/filter/logaccept-final-5 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-5 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-5 -j ACCEPT + inet6/filter/logaccept-final-5 -j ACCEPT + +Filter 98 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-91 + inet6/filter/FORWARD -j limit-91 + inet/filter/INPUT -j limit-91 + inet6/filter/INPUT -j limit-91 + inet/filter/OUTPUT -j limit-91 + inet6/filter/OUTPUT -j limit-91 + inet/filter/limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 99 {"flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-92 + inet6/filter/FORWARD -j limit-92 + inet/filter/INPUT -j limit-92 + inet6/filter/INPUT -j limit-92 + inet/filter/OUTPUT -j limit-92 + inet6/filter/OUTPUT -j limit-92 + inet/filter/limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 100 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-93 + inet6/filter/FORWARD -j limit-93 + inet/filter/INPUT -j limit-93 + inet6/filter/INPUT -j limit-93 + inet/filter/OUTPUT -j limit-93 + inet6/filter/OUTPUT -j limit-93 + inet/filter/limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 101 {"flow-limit":{"count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-94 + inet6/filter/FORWARD -j limit-94 + inet/filter/INPUT -j limit-94 + inet6/filter/INPUT -j limit-94 + inet/filter/OUTPUT -j limit-94 + inet6/filter/OUTPUT -j limit-94 + inet/filter/limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 102 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -j limit-95 + inet6/filter/FORWARD -j limit-95 + inet/filter/INPUT -j limit-95 + inet6/filter/INPUT -j limit-95 + inet/filter/OUTPUT -j limit-95 + inet6/filter/OUTPUT -j limit-95 + inet/filter/limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 103 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-96 + inet6/filter/FORWARD -j limit-96 + inet/filter/INPUT -j limit-96 + inet6/filter/INPUT -j limit-96 + inet/filter/OUTPUT -j limit-96 + inet6/filter/OUTPUT -j limit-96 + inet/filter/limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-6 + inet6/filter/FORWARD -j logaccept-final-6 + inet/filter/INPUT -j logaccept-final-6 + inet6/filter/INPUT -j logaccept-final-6 + inet/filter/OUTPUT -j logaccept-final-6 + inet6/filter/OUTPUT -j logaccept-final-6 + inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-6 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-6 -j ACCEPT + inet6/filter/logaccept-final-6 -j ACCEPT + +Filter 104 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-97 + inet6/filter/FORWARD -j limit-97 + inet/filter/INPUT -j limit-97 + inet6/filter/INPUT -j limit-97 + inet/filter/OUTPUT -j limit-97 + inet6/filter/OUTPUT -j limit-97 + inet/filter/limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 105 {"flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-98 + inet6/filter/FORWARD -j limit-98 + inet/filter/INPUT -j limit-98 + inet6/filter/INPUT -j limit-98 + inet/filter/OUTPUT -j limit-98 + inet6/filter/OUTPUT -j limit-98 + inet/filter/limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 106 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-99 + inet6/filter/FORWARD -j limit-99 + inet/filter/INPUT -j limit-99 + inet6/filter/INPUT -j limit-99 + inet/filter/OUTPUT -j limit-99 + inet6/filter/OUTPUT -j limit-99 + inet/filter/limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 107 {"flow-limit":30} +(filter-limit) + inet/filter/FORWARD -j limit-100 + inet6/filter/FORWARD -j limit-100 + inet/filter/INPUT -j limit-100 + inet6/filter/INPUT -j limit-100 + inet/filter/OUTPUT -j limit-100 + inet6/filter/OUTPUT -j limit-100 + inet/filter/limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j RETURN + inet6/filter/limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j RETURN + inet/filter/limit-100 -m limit --limit 1/second -j LOG + inet6/filter/limit-100 -m limit --limit 1/second -j LOG + inet/filter/limit-100 -j DROP + inet6/filter/limit-100 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 108 {"action":"pass","flow-limit":30} +(filter-limit) + inet/filter/FORWARD -j limit-101 + inet6/filter/FORWARD -j limit-101 + inet/filter/INPUT -j limit-101 + inet6/filter/INPUT -j limit-101 + inet/filter/OUTPUT -j limit-101 + inet6/filter/OUTPUT -j limit-101 + inet/filter/limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN + inet6/filter/limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN + inet/filter/limit-101 -m limit --limit 1/second -j LOG + inet6/filter/limit-101 -m limit --limit 1/second -j LOG + inet/filter/limit-101 -j DROP + inet6/filter/limit-101 -j DROP + +Filter 109 {"flow-limit":30,"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-102 + inet6/filter/FORWARD -j limit-102 + inet/filter/INPUT -j limit-102 + inet6/filter/INPUT -j limit-102 + inet/filter/OUTPUT -j limit-102 + inet6/filter/OUTPUT -j limit-102 + inet/filter/limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j RETURN + inet6/filter/limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j RETURN + inet/filter/limit-102 -m limit --limit 1/second -j LOG + inet6/filter/limit-102 -m limit --limit 1/second -j LOG + inet/filter/limit-102 -j DROP + inet6/filter/limit-102 -j DROP + inet/filter/FORWARD -j logaccept-final-7 + inet6/filter/FORWARD -j logaccept-final-7 + inet/filter/INPUT -j logaccept-final-7 + inet6/filter/INPUT -j logaccept-final-7 + inet/filter/OUTPUT -j logaccept-final-7 + inet6/filter/OUTPUT -j logaccept-final-7 + inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-7 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-7 -j ACCEPT + inet6/filter/logaccept-final-7 -j ACCEPT + +Filter 110 {"flow-limit":30,"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-103 + inet6/filter/FORWARD -j limit-103 + inet/filter/INPUT -j limit-103 + inet6/filter/INPUT -j limit-103 + inet/filter/OUTPUT -j limit-103 + inet6/filter/OUTPUT -j limit-103 + inet/filter/limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j RETURN + inet6/filter/limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j RETURN + inet/filter/limit-103 -m limit --limit 1/second -j LOG + inet6/filter/limit-103 -m limit --limit 1/second -j LOG + inet/filter/limit-103 -j DROP + inet6/filter/limit-103 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 111 {"flow-limit":{"count":30}} +(filter-limit) + inet/filter/FORWARD -j limit-104 + inet6/filter/FORWARD -j limit-104 + inet/filter/INPUT -j limit-104 + inet6/filter/INPUT -j limit-104 + inet/filter/OUTPUT -j limit-104 + inet6/filter/OUTPUT -j limit-104 + inet/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j RETURN + inet6/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j RETURN + inet/filter/limit-104 -m limit --limit 1/second -j LOG + inet6/filter/limit-104 -m limit --limit 1/second -j LOG + inet/filter/limit-104 -j DROP + inet6/filter/limit-104 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 112 {"action":"pass","flow-limit":{"count":30}} +(filter-limit) + inet/filter/FORWARD -j limit-105 + inet6/filter/FORWARD -j limit-105 + inet/filter/INPUT -j limit-105 + inet6/filter/INPUT -j limit-105 + inet/filter/OUTPUT -j limit-105 + inet6/filter/OUTPUT -j limit-105 + inet/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN + inet6/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN + inet/filter/limit-105 -m limit --limit 1/second -j LOG + inet6/filter/limit-105 -m limit --limit 1/second -j LOG + inet/filter/limit-105 -j DROP + inet6/filter/limit-105 -j DROP + +Filter 113 {"flow-limit":{"count":30},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-106 + inet6/filter/FORWARD -j limit-106 + inet/filter/INPUT -j limit-106 + inet6/filter/INPUT -j limit-106 + inet/filter/OUTPUT -j limit-106 + inet6/filter/OUTPUT -j limit-106 + inet/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j RETURN + inet6/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j RETURN + inet/filter/limit-106 -m limit --limit 1/second -j LOG + inet6/filter/limit-106 -m limit --limit 1/second -j LOG + inet/filter/limit-106 -j DROP + inet6/filter/limit-106 -j DROP + inet/filter/FORWARD -j logaccept-final-8 + inet6/filter/FORWARD -j logaccept-final-8 + inet/filter/INPUT -j logaccept-final-8 + inet6/filter/INPUT -j logaccept-final-8 + inet/filter/OUTPUT -j logaccept-final-8 + inet6/filter/OUTPUT -j logaccept-final-8 + inet/filter/logaccept-final-8 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-8 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-8 -j ACCEPT + inet6/filter/logaccept-final-8 -j ACCEPT + +Filter 114 {"flow-limit":{"count":30},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-107 + inet6/filter/FORWARD -j limit-107 + inet/filter/INPUT -j limit-107 + inet6/filter/INPUT -j limit-107 + inet/filter/OUTPUT -j limit-107 + inet6/filter/OUTPUT -j limit-107 + inet/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j RETURN + inet6/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j RETURN + inet/filter/limit-107 -m limit --limit 1/second -j LOG + inet6/filter/limit-107 -m limit --limit 1/second -j LOG + inet/filter/limit-107 -j DROP + inet6/filter/limit-107 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 115 {"flow-limit":{"count":30,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-108 + inet6/filter/FORWARD -j limit-108 + inet/filter/INPUT -j limit-108 + inet6/filter/INPUT -j limit-108 + inet/filter/OUTPUT -j limit-108 + inet6/filter/OUTPUT -j limit-108 + inet/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j RETURN + inet6/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j RETURN + inet/filter/limit-108 -j DROP + inet6/filter/limit-108 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 116 {"action":"pass","flow-limit":{"count":30,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-109 + inet6/filter/FORWARD -j limit-109 + inet/filter/INPUT -j limit-109 + inet6/filter/INPUT -j limit-109 + inet/filter/OUTPUT -j limit-109 + inet6/filter/OUTPUT -j limit-109 + inet/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN + inet6/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN + inet/filter/limit-109 -j DROP + inet6/filter/limit-109 -j DROP + +Filter 117 {"flow-limit":{"count":30,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-110 + inet6/filter/FORWARD -j limit-110 + inet/filter/INPUT -j limit-110 + inet6/filter/INPUT -j limit-110 + inet/filter/OUTPUT -j limit-110 + inet6/filter/OUTPUT -j limit-110 + inet/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j RETURN + inet6/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j RETURN + inet/filter/limit-110 -j DROP + inet6/filter/limit-110 -j DROP + inet/filter/FORWARD -j logaccept-final-9 + inet6/filter/FORWARD -j logaccept-final-9 + inet/filter/INPUT -j logaccept-final-9 + inet6/filter/INPUT -j logaccept-final-9 + inet/filter/OUTPUT -j logaccept-final-9 + inet6/filter/OUTPUT -j logaccept-final-9 + inet/filter/logaccept-final-9 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-9 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-9 -j ACCEPT + inet6/filter/logaccept-final-9 -j ACCEPT + +Filter 118 {"flow-limit":{"count":30,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-111 + inet6/filter/FORWARD -j limit-111 + inet/filter/INPUT -j limit-111 + inet6/filter/INPUT -j limit-111 + inet/filter/OUTPUT -j limit-111 + inet6/filter/OUTPUT -j limit-111 + inet/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j RETURN + inet6/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j RETURN + inet/filter/limit-111 -j DROP + inet6/filter/limit-111 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 119 {"flow-limit":{"count":30,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-112 + inet6/filter/FORWARD -j limit-112 + inet/filter/INPUT -j limit-112 + inet6/filter/INPUT -j limit-112 + inet/filter/OUTPUT -j limit-112 + inet6/filter/OUTPUT -j limit-112 + inet/filter/limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j RETURN + inet6/filter/limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j RETURN + inet/filter/limit-112 -j DROP + inet6/filter/limit-112 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 120 {"action":"pass","flow-limit":{"count":30,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-113 + inet6/filter/FORWARD -j limit-113 + inet/filter/INPUT -j limit-113 + inet6/filter/INPUT -j limit-113 + inet/filter/OUTPUT -j limit-113 + inet6/filter/OUTPUT -j limit-113 + inet/filter/limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN + inet6/filter/limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN + inet/filter/limit-113 -j DROP + inet6/filter/limit-113 -j DROP + +Filter 121 {"flow-limit":{"count":30,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-114 + inet6/filter/FORWARD -j limit-114 + inet/filter/INPUT -j limit-114 + inet6/filter/INPUT -j limit-114 + inet/filter/OUTPUT -j limit-114 + inet6/filter/OUTPUT -j limit-114 + inet/filter/limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j RETURN + inet6/filter/limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j RETURN + inet/filter/limit-114 -j DROP + inet6/filter/limit-114 -j DROP + inet/filter/FORWARD -j logaccept-final-10 + inet6/filter/FORWARD -j logaccept-final-10 + inet/filter/INPUT -j logaccept-final-10 + inet6/filter/INPUT -j logaccept-final-10 + inet/filter/OUTPUT -j logaccept-final-10 + inet6/filter/OUTPUT -j logaccept-final-10 + inet/filter/logaccept-final-10 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-10 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-10 -j ACCEPT + inet6/filter/logaccept-final-10 -j ACCEPT + +Filter 122 {"flow-limit":{"count":30,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-115 + inet6/filter/FORWARD -j limit-115 + inet/filter/INPUT -j limit-115 + inet6/filter/INPUT -j limit-115 + inet/filter/OUTPUT -j limit-115 + inet6/filter/OUTPUT -j limit-115 + inet/filter/limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j RETURN + inet6/filter/limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j RETURN + inet/filter/limit-115 -j DROP + inet6/filter/limit-115 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 123 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-116 + inet6/filter/INPUT -i eth0 -j limit-116 + inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 + inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 + inet/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet/filter/logdrop-37 -j DROP + inet6/filter/logdrop-37 -j DROP + inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 124 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-117 + inet6/filter/INPUT -i eth0 -j limit-117 + inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 + inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 + inet/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet/filter/logdrop-38 -j DROP + inet6/filter/logdrop-38 -j DROP + inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 125 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-118 + inet6/filter/INPUT -i eth0 -j limit-118 + inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 + inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 + inet/filter/logdrop-39 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-39 -m limit --limit 1/second -j LOG + inet/filter/logdrop-39 -j DROP + inet6/filter/logdrop-39 -j DROP + inet/filter/limit-118 -m limit --limit 1/second -j LOG + inet6/filter/limit-118 -m limit --limit 1/second -j LOG + inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 126 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-119 + inet6/filter/INPUT -i eth0 -j limit-119 + inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 + inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 + inet/filter/logdrop-40 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-40 -m limit --limit 1/second -j LOG + inet/filter/logdrop-40 -j DROP + inet6/filter/logdrop-40 -j DROP + inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 127 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-120 + inet6/filter/INPUT -i eth0 -j limit-120 + inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 + inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 + inet/filter/logdrop-41 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-41 -m limit --limit 1/second -j LOG + inet/filter/logdrop-41 -j DROP + inet6/filter/logdrop-41 -j DROP + inet/filter/limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 128 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-121 + inet6/filter/INPUT -i eth0 -j limit-121 + inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 + inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 + inet/filter/logdrop-42 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-42 -m limit --limit 1/second -j LOG + inet/filter/logdrop-42 -j DROP + inet6/filter/logdrop-42 -j DROP + inet/filter/limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 129 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-122 + inet6/filter/INPUT -i eth0 -j limit-122 + inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 + inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 + inet/filter/logdrop-43 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-43 -m limit --limit 1/second -j LOG + inet/filter/logdrop-43 -j DROP + inet6/filter/logdrop-43 -j DROP + inet/filter/limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 130 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-123 + inet6/filter/INPUT -i eth0 -j limit-123 + inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 + inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 + inet/filter/logdrop-44 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG + inet/filter/logdrop-44 -j DROP + inet6/filter/logdrop-44 -j DROP + inet/filter/limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 131 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-124 + inet6/filter/INPUT -i eth0 -j limit-124 + inet/filter/limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 + inet6/filter/limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 + inet/filter/logdrop-45 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-45 -m limit --limit 1/second -j LOG + inet/filter/logdrop-45 -j DROP + inet6/filter/logdrop-45 -j DROP + inet/filter/limit-124 -m limit --limit 1/second -j LOG + inet6/filter/limit-124 -m limit --limit 1/second -j LOG + inet/filter/limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 132 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-125 + inet6/filter/INPUT -i eth0 -j limit-125 + inet/filter/limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 + inet6/filter/limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 + inet/filter/logdrop-46 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-46 -m limit --limit 1/second -j LOG + inet/filter/logdrop-46 -j DROP + inet6/filter/logdrop-46 -j DROP + inet/filter/limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 133 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-126 + inet6/filter/INPUT -i eth0 -j limit-126 + inet/filter/limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 + inet6/filter/limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 + inet/filter/logdrop-47 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-47 -m limit --limit 1/second -j LOG + inet/filter/logdrop-47 -j DROP + inet6/filter/logdrop-47 -j DROP + inet/filter/limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 134 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-127 + inet6/filter/INPUT -i eth0 -j limit-127 + inet/filter/limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 + inet6/filter/limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 + inet/filter/logdrop-48 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-48 -m limit --limit 1/second -j LOG + inet/filter/logdrop-48 -j DROP + inet6/filter/logdrop-48 -j DROP + inet/filter/limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 135 {"flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-128 + inet6/filter/INPUT -i eth0 -j limit-128 + inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 + inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 + inet/filter/logdrop-49 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-49 -m limit --limit 1/second -j LOG + inet/filter/logdrop-49 -j DROP + inet6/filter/logdrop-49 -j DROP + inet/filter/limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 136 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-129 + inet6/filter/INPUT -i eth0 -j limit-129 + inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 + inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 + inet/filter/logdrop-50 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-50 -m limit --limit 1/second -j LOG + inet/filter/logdrop-50 -j DROP + inet6/filter/logdrop-50 -j DROP + inet/filter/limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 137 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-130 + inet6/filter/INPUT -i eth0 -j limit-130 + inet/filter/limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 + inet6/filter/limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 + inet/filter/logdrop-51 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-51 -m limit --limit 1/second -j LOG + inet/filter/logdrop-51 -j DROP + inet6/filter/logdrop-51 -j DROP + inet/filter/limit-130 -m limit --limit 1/second -j LOG + inet6/filter/limit-130 -m limit --limit 1/second -j LOG + inet/filter/limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 138 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-131 + inet6/filter/INPUT -i eth0 -j limit-131 + inet/filter/limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 + inet6/filter/limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 + inet/filter/logdrop-52 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-52 -m limit --limit 1/second -j LOG + inet/filter/logdrop-52 -j DROP + inet6/filter/logdrop-52 -j DROP + inet/filter/limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 139 {"flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-132 + inet6/filter/INPUT -i eth0 -j limit-132 + inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 + inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 + inet/filter/logdrop-53 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-53 -m limit --limit 1/second -j LOG + inet/filter/logdrop-53 -j DROP + inet6/filter/logdrop-53 -j DROP + inet/filter/limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 140 {"action":"pass","flow-limit":{"count":1,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-133 + inet6/filter/INPUT -i eth0 -j limit-133 + inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 + inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 + inet/filter/logdrop-54 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-54 -m limit --limit 1/second -j LOG + inet/filter/logdrop-54 -j DROP + inet6/filter/logdrop-54 -j DROP + inet/filter/limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 141 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-134 + inet6/filter/INPUT -i eth0 -j limit-134 + inet/filter/limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 142 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-135 + inet6/filter/INPUT -i eth0 -j limit-135 + inet/filter/limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 143 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-136 + inet6/filter/INPUT -i eth0 -j limit-136 + inet/filter/limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-136 -m limit --limit 1/second -j LOG + inet6/filter/limit-136 -m limit --limit 1/second -j LOG + inet/filter/limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 144 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-137 + inet6/filter/INPUT -i eth0 -j limit-137 + inet/filter/limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 145 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-138 + inet6/filter/INPUT -i eth0 -j limit-138 + inet/filter/limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 146 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-139 + inet6/filter/INPUT -i eth0 -j limit-139 + inet/filter/limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 147 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-140 + inet6/filter/INPUT -i eth0 -j limit-140 + inet/filter/limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 148 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-141 + inet6/filter/INPUT -i eth0 -j limit-141 + inet/filter/limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 149 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-142 + inet6/filter/INPUT -i eth0 -j limit-142 + inet/filter/limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-142 -m limit --limit 1/second -j LOG + inet6/filter/limit-142 -m limit --limit 1/second -j LOG + inet/filter/limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 150 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-143 + inet6/filter/INPUT -i eth0 -j limit-143 + inet/filter/limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 151 {"flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-144 + inet6/filter/INPUT -i eth0 -j limit-144 + inet/filter/limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 152 {"action":"pass","flow-limit":{"count":1,"log":false,"name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-145 + inet6/filter/INPUT -i eth0 -j limit-145 + inet/filter/limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 153 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-146 + inet6/filter/INPUT -i eth0 -j limit-146 + inet/filter/limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 154 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-147 + inet6/filter/INPUT -i eth0 -j limit-147 + inet/filter/limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 155 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-148 + inet6/filter/INPUT -i eth0 -j limit-148 + inet/filter/limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-148 -m limit --limit 1/second -j LOG + inet6/filter/limit-148 -m limit --limit 1/second -j LOG + inet/filter/limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 156 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-149 + inet6/filter/INPUT -i eth0 -j limit-149 + inet/filter/limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 157 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-150 + inet6/filter/INPUT -i eth0 -j limit-150 + inet/filter/limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 158 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-151 + inet6/filter/INPUT -i eth0 -j limit-151 + inet/filter/limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 159 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-152 + inet6/filter/INPUT -i eth0 -j limit-152 + inet/filter/limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 160 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-153 + inet6/filter/INPUT -i eth0 -j limit-153 + inet/filter/limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 161 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-154 + inet6/filter/INPUT -i eth0 -j limit-154 + inet/filter/limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-154 -m limit --limit 1/second -j LOG + inet6/filter/limit-154 -m limit --limit 1/second -j LOG + inet/filter/limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 162 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-155 + inet6/filter/INPUT -i eth0 -j limit-155 + inet/filter/limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 163 {"flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-156 + inet6/filter/INPUT -i eth0 -j limit-156 + inet/filter/limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 164 {"action":"pass","flow-limit":{"count":1,"log":"none","name":"foo"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-157 + inet6/filter/INPUT -i eth0 -j limit-157 + inet/filter/limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 165 {"flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-158 + inet6/filter/INPUT -i eth0 -j limit-158 + inet/filter/limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-158 -j ACCEPT + inet6/filter/limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-158 -j ACCEPT + inet/filter/limit-158 -m limit --limit 1/second -j LOG + inet6/filter/limit-158 -m limit --limit 1/second -j LOG + inet/filter/limit-158 -j DROP + inet6/filter/limit-158 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 166 {"action":"pass","flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-159 + inet6/filter/INPUT -i eth0 -j limit-159 + inet/filter/limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-159 -j RETURN + inet6/filter/limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-159 -j RETURN + inet/filter/limit-159 -m limit --limit 1/second -j LOG + inet6/filter/limit-159 -m limit --limit 1/second -j LOG + inet/filter/limit-159 -j DROP + inet6/filter/limit-159 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 167 {"flow-limit":30,"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-160 + inet6/filter/INPUT -i eth0 -j limit-160 + inet/filter/limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-160 -j logaccept-4 + inet6/filter/limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-160 -j logaccept-4 + inet/filter/logaccept-4 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG + inet/filter/logaccept-4 -j ACCEPT + inet6/filter/logaccept-4 -j ACCEPT + inet/filter/limit-160 -m limit --limit 1/second -j LOG + inet6/filter/limit-160 -m limit --limit 1/second -j LOG + inet/filter/limit-160 -j DROP + inet6/filter/limit-160 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 168 {"flow-limit":30,"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-161 + inet6/filter/INPUT -i eth0 -j limit-161 + inet/filter/limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-161 -j ACCEPT + inet6/filter/limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-161 -j ACCEPT + inet/filter/limit-161 -m limit --limit 1/second -j LOG + inet6/filter/limit-161 -m limit --limit 1/second -j LOG + inet/filter/limit-161 -j DROP + inet6/filter/limit-161 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 169 {"flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-162 + inet6/filter/INPUT -i eth0 -j limit-162 + inet/filter/limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-162 -j ACCEPT + inet6/filter/limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-162 -j ACCEPT + inet/filter/limit-162 -m limit --limit 1/second -j LOG + inet6/filter/limit-162 -m limit --limit 1/second -j LOG + inet/filter/limit-162 -j DROP + inet6/filter/limit-162 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 170 {"action":"pass","flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-163 + inet6/filter/INPUT -i eth0 -j limit-163 + inet/filter/limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-163 -j RETURN + inet6/filter/limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-163 -j RETURN + inet/filter/limit-163 -m limit --limit 1/second -j LOG + inet6/filter/limit-163 -m limit --limit 1/second -j LOG + inet/filter/limit-163 -j DROP + inet6/filter/limit-163 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 171 {"flow-limit":{"count":30},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-164 + inet6/filter/INPUT -i eth0 -j limit-164 + inet/filter/limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-164 -j logaccept-5 + inet6/filter/limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-164 -j logaccept-5 + inet/filter/logaccept-5 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-5 -m limit --limit 1/second -j LOG + inet/filter/logaccept-5 -j ACCEPT + inet6/filter/logaccept-5 -j ACCEPT + inet/filter/limit-164 -m limit --limit 1/second -j LOG + inet6/filter/limit-164 -m limit --limit 1/second -j LOG + inet/filter/limit-164 -j DROP + inet6/filter/limit-164 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 172 {"flow-limit":{"count":30},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-165 + inet6/filter/INPUT -i eth0 -j limit-165 + inet/filter/limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-165 -j ACCEPT + inet6/filter/limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-165 -j ACCEPT + inet/filter/limit-165 -m limit --limit 1/second -j LOG + inet6/filter/limit-165 -m limit --limit 1/second -j LOG + inet/filter/limit-165 -j DROP + inet6/filter/limit-165 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 173 {"flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-166 + inet6/filter/INPUT -i eth0 -j limit-166 + inet/filter/limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-166 -j ACCEPT + inet6/filter/limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-166 -j ACCEPT + inet/filter/limit-166 -j DROP + inet6/filter/limit-166 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 174 {"action":"pass","flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-167 + inet6/filter/INPUT -i eth0 -j limit-167 + inet/filter/limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-167 -j RETURN + inet6/filter/limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-167 -j RETURN + inet/filter/limit-167 -j DROP + inet6/filter/limit-167 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 175 {"flow-limit":{"count":30,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-168 + inet6/filter/INPUT -i eth0 -j limit-168 + inet/filter/limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-168 -j logaccept-6 + inet6/filter/limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-168 -j logaccept-6 + inet/filter/logaccept-6 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG + inet/filter/logaccept-6 -j ACCEPT + inet6/filter/logaccept-6 -j ACCEPT + inet/filter/limit-168 -j DROP + inet6/filter/limit-168 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 176 {"flow-limit":{"count":30,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-169 + inet6/filter/INPUT -i eth0 -j limit-169 + inet/filter/limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-169 -j ACCEPT + inet6/filter/limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-169 -j ACCEPT + inet/filter/limit-169 -j DROP + inet6/filter/limit-169 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 177 {"flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-170 + inet6/filter/INPUT -i eth0 -j limit-170 + inet/filter/limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-170 -j ACCEPT + inet6/filter/limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-170 -j ACCEPT + inet/filter/limit-170 -j DROP + inet6/filter/limit-170 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 178 {"action":"pass","flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-171 + inet6/filter/INPUT -i eth0 -j limit-171 + inet/filter/limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-171 -j RETURN + inet6/filter/limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-171 -j RETURN + inet/filter/limit-171 -j DROP + inet6/filter/limit-171 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 179 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-172 + inet6/filter/INPUT -i eth0 -j limit-172 + inet/filter/limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-172 -j logaccept-7 + inet6/filter/limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-172 -j logaccept-7 + inet/filter/logaccept-7 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-7 -m limit --limit 1/second -j LOG + inet/filter/logaccept-7 -j ACCEPT + inet6/filter/logaccept-7 -j ACCEPT + inet/filter/limit-172 -j DROP + inet6/filter/limit-172 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 180 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-173 + inet6/filter/INPUT -i eth0 -j limit-173 + inet/filter/limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-173 -j ACCEPT + inet6/filter/limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-173 -j ACCEPT + inet/filter/limit-173 -j DROP + inet6/filter/limit-173 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 181 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet6/filter/INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 182 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet6/filter/INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 183 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet6/filter/INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set + inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 184 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} +(filter-limit) + inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet6/filter/INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set + inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 185 {} +(log) + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 186 {"action":"drop"} +(log) + inet/filter/FORWARD -j logdrop-55 + inet6/filter/FORWARD -j logdrop-55 + inet/filter/INPUT -j logdrop-55 + inet6/filter/INPUT -j logdrop-55 + inet/filter/OUTPUT -j logdrop-55 + inet6/filter/OUTPUT -j logdrop-55 + inet/filter/logdrop-55 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-55 -m limit --limit 1/second -j LOG + inet/filter/logdrop-55 -j DROP + inet6/filter/logdrop-55 -j DROP + +Filter 187 {"action":"pass"} +(log) + inet/filter/FORWARD + inet6/filter/FORWARD + inet/filter/INPUT + inet6/filter/INPUT + inet/filter/OUTPUT + inet6/filter/OUTPUT + +Filter 188 {"log":false} +(log) + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 189 {"action":"drop","log":false} +(log) + inet/filter/FORWARD -j DROP + inet6/filter/FORWARD -j DROP + inet/filter/INPUT -j DROP + inet6/filter/INPUT -j DROP + inet/filter/OUTPUT -j DROP + inet6/filter/OUTPUT -j DROP + +Filter 190 {"action":"pass","log":false} +(log) + inet/filter/FORWARD + inet6/filter/FORWARD + inet/filter/INPUT + inet6/filter/INPUT + inet/filter/OUTPUT + inet6/filter/OUTPUT + +Filter 191 {"log":true} +(log) + inet/filter/FORWARD -j logaccept-8 + inet6/filter/FORWARD -j logaccept-8 + inet/filter/INPUT -j logaccept-8 + inet6/filter/INPUT -j logaccept-8 + inet/filter/OUTPUT -j logaccept-8 + inet6/filter/OUTPUT -j logaccept-8 + inet/filter/logaccept-8 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-8 -m limit --limit 1/second -j LOG + inet/filter/logaccept-8 -j ACCEPT + inet6/filter/logaccept-8 -j ACCEPT + +Filter 192 {"action":"drop","log":true} +(log) + inet/filter/FORWARD -j logdrop-56 + inet6/filter/FORWARD -j logdrop-56 + inet/filter/INPUT -j logdrop-56 + inet6/filter/INPUT -j logdrop-56 + inet/filter/OUTPUT -j logdrop-56 + inet6/filter/OUTPUT -j logdrop-56 + inet/filter/logdrop-56 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG + inet/filter/logdrop-56 -j DROP + inet6/filter/logdrop-56 -j DROP + +Filter 193 {"action":"pass","log":true} +(log) + inet/filter/FORWARD -j logpass-0 + inet6/filter/FORWARD -j logpass-0 + inet/filter/INPUT -j logpass-0 + inet6/filter/INPUT -j logpass-0 + inet/filter/OUTPUT -j logpass-0 + inet6/filter/OUTPUT -j logpass-0 + inet/filter/logpass-0 -m limit --limit 1/second -j LOG + inet6/filter/logpass-0 -m limit --limit 1/second -j LOG + +Filter 194 {"log":"none"} +(log) + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 195 {"action":"drop","log":"none"} +(log) + inet/filter/FORWARD -j DROP + inet6/filter/FORWARD -j DROP + inet/filter/INPUT -j DROP + inet6/filter/INPUT -j DROP + inet/filter/OUTPUT -j DROP + inet6/filter/OUTPUT -j DROP + +Filter 196 {"action":"pass","log":"none"} +(log) + inet/filter/FORWARD + inet6/filter/FORWARD + inet/filter/INPUT + inet6/filter/INPUT + inet/filter/OUTPUT + inet6/filter/OUTPUT + +Filter 197 {"in":"_fw","no-track":true,"service":"http"} +(no-track) + inet/filter/OUTPUT -p tcp --dport 80 -j ACCEPT + inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT + inet/raw/OUTPUT -p tcp --dport 80 -j CT --notrack + inet6/raw/OUTPUT -p tcp --dport 80 -j CT --notrack + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack + inet/filter/INPUT -p tcp --sport 80 -j ACCEPT + inet6/filter/INPUT -p tcp --sport 80 -j ACCEPT + +Filter 198 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} +(no-track) + inet/filter/FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT + inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT + inet/filter/FORWARD -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT + inet/filter/INPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT + inet/filter/OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT + inet/filter/OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT + inet/raw/PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack + inet/raw/PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack + inet/raw/OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack + inet/raw/OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack + inet/raw/PREROUTING -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack + inet/raw/PREROUTING -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack + inet/raw/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack + inet/raw/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack + inet/filter/FORWARD -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT + inet/filter/INPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT + inet/filter/FORWARD -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT + inet/filter/INPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT + inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT + inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT + +Filter 199 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} +(no-track) + inet/filter/FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT + inet/filter/INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT + inet/filter/OUTPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT + inet/raw/PREROUTING -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack + inet/raw/OUTPUT -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack + inet/raw/PREROUTING -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack + inet/raw/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack + inet/filter/FORWARD -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT + inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT + inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT + +Filter 200 {"no-track":true,"out":"_fw","service":"ipsec"} +(no-track) + inet/filter/INPUT -p esp -j ACCEPT + inet6/filter/INPUT -p esp -j ACCEPT + inet/filter/INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT + inet6/filter/INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack + inet/raw/OUTPUT -p esp -j CT --notrack + inet6/raw/OUTPUT -p esp -j CT --notrack + inet/raw/OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack + inet6/raw/OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack + inet/filter/OUTPUT -p esp -j ACCEPT + inet6/filter/OUTPUT -p esp -j ACCEPT + inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT + inet6/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT + +Filter 201 {"in":["_fw","A"]} +(zone) + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + inet/filter/FORWARD -i eth0 -j ACCEPT + inet6/filter/FORWARD -i eth0 -j ACCEPT + inet/filter/INPUT -i eth0 -j ACCEPT + inet6/filter/INPUT -i eth0 -j ACCEPT + +Filter 202 {"in":"B","out":"C"} +(zone) + inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT + +Filter 203 {"out":["_fw","B"]} +(zone) + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT + +Filter 204 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} +(zone) + inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT + inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT + inet/filter/FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth0 -o eth3 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth0 -o eth4 -j ACCEPT + inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT + inet/filter/FORWARD -i eth0 -o eth5 -j ACCEPT + inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT + inet/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT + inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT + inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth0 -j ACCEPT + inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT + inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth4 -j ACCEPT + inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth5 -j ACCEPT + inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT + inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT + inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT + inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT + inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth0 -j ACCEPT + inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth0 -j ACCEPT + inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth4 -j ACCEPT + inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth5 -j ACCEPT + inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth4 -j ACCEPT + inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth5 -j ACCEPT + inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT + inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT + inet/filter/FORWARD -i eth4 -o eth0 -j ACCEPT + inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT + inet/filter/FORWARD -i eth5 -o eth0 -j ACCEPT + inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT + inet/filter/FORWARD -i eth4 -o eth1 -d 10.0.0.0/12 -j ACCEPT + inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT + inet/filter/FORWARD -i eth5 -o eth1 -d 10.0.0.0/12 -j ACCEPT + inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT + inet/filter/FORWARD -i eth4 -o eth2 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth4 -o eth3 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth5 -o eth2 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth5 -o eth3 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -i eth4 -o eth4 -j ACCEPT + inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT + inet/filter/FORWARD -i eth4 -o eth5 -j ACCEPT + inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT + inet/filter/FORWARD -i eth5 -o eth4 -j ACCEPT + inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT + inet/filter/FORWARD -i eth5 -o eth5 -j ACCEPT + inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT + inet/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT + inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT + inet/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT + inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT + inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT + inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT + inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d 10.0.0.0/12 -j ACCEPT + inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT + inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth2 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth3 -d 10.1.0.0/12 -j ACCEPT + inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT + inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT + inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT + inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT + inet/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT + inet6/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT Ipset awall-masquerade {"family":"inet","type":"hash:net"} @@ -2597,11 +3413,65 @@ hash:net family inet :limit-118 - [0:0] :limit-119 - [0:0] :limit-12 - [0:0] +:limit-120 - [0:0] +:limit-121 - [0:0] +:limit-122 - [0:0] +:limit-123 - [0:0] +:limit-124 - [0:0] +:limit-125 - [0:0] +:limit-126 - [0:0] +:limit-127 - [0:0] +:limit-128 - [0:0] +:limit-129 - [0:0] :limit-13 - [0:0] +:limit-130 - [0:0] +:limit-131 - [0:0] +:limit-132 - [0:0] +:limit-133 - [0:0] +:limit-134 - [0:0] +:limit-135 - [0:0] +:limit-136 - [0:0] +:limit-137 - [0:0] +:limit-138 - [0:0] +:limit-139 - [0:0] :limit-14 - [0:0] +:limit-140 - [0:0] +:limit-141 - [0:0] +:limit-142 - [0:0] +:limit-143 - [0:0] +:limit-144 - [0:0] +:limit-145 - [0:0] +:limit-146 - [0:0] +:limit-147 - [0:0] +:limit-148 - [0:0] +:limit-149 - [0:0] :limit-15 - [0:0] +:limit-150 - [0:0] +:limit-151 - [0:0] +:limit-152 - [0:0] +:limit-153 - [0:0] +:limit-154 - [0:0] +:limit-155 - [0:0] +:limit-156 - [0:0] +:limit-157 - [0:0] +:limit-158 - [0:0] +:limit-159 - [0:0] :limit-16 - [0:0] +:limit-160 - [0:0] +:limit-161 - [0:0] +:limit-162 - [0:0] +:limit-163 - [0:0] +:limit-164 - [0:0] +:limit-165 - [0:0] +:limit-166 - [0:0] +:limit-167 - [0:0] +:limit-168 - [0:0] +:limit-169 - [0:0] :limit-17 - [0:0] +:limit-170 - [0:0] +:limit-171 - [0:0] +:limit-172 - [0:0] +:limit-173 - [0:0] :limit-18 - [0:0] :limit-19 - [0:0] :limit-2 - [0:0] @@ -2703,12 +3573,15 @@ hash:net family inet :logaccept-8 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] +:logaccept-final-10 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] :logaccept-final-6 - [0:0] :logaccept-final-7 - [0:0] +:logaccept-final-8 - [0:0] +:logaccept-final-9 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] @@ -2742,8 +3615,26 @@ hash:net family inet :logdrop-36 - [0:0] :logdrop-37 - [0:0] :logdrop-38 - [0:0] +:logdrop-39 - [0:0] :logdrop-4 - [0:0] +:logdrop-40 - [0:0] +:logdrop-41 - [0:0] +:logdrop-42 - [0:0] +:logdrop-43 - [0:0] +:logdrop-44 - [0:0] +:logdrop-45 - [0:0] +:logdrop-46 - [0:0] +:logdrop-47 - [0:0] +:logdrop-48 - [0:0] +:logdrop-49 - [0:0] :logdrop-5 - [0:0] +:logdrop-50 - [0:0] +:logdrop-51 - [0:0] +:logdrop-52 - [0:0] +:logdrop-53 - [0:0] +:logdrop-54 - [0:0] +:logdrop-55 - [0:0] +:logdrop-56 - [0:0] :logdrop-6 - [0:0] :logdrop-7 - [0:0] :logdrop-8 - [0:0] @@ -2754,6 +3645,42 @@ hash:net family inet :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-115 +-A FORWARD -j limit-114 +-A FORWARD -j limit-113 +-A FORWARD -j limit-112 +-A FORWARD -j limit-111 +-A FORWARD -j limit-110 +-A FORWARD -j limit-109 +-A FORWARD -j limit-108 +-A FORWARD -j limit-107 +-A FORWARD -j limit-106 +-A FORWARD -j limit-105 +-A FORWARD -j limit-104 +-A FORWARD -j limit-103 +-A FORWARD -j limit-102 +-A FORWARD -j limit-101 +-A FORWARD -j limit-100 +-A FORWARD -j limit-99 +-A FORWARD -j limit-98 +-A FORWARD -j limit-97 +-A FORWARD -j limit-96 +-A FORWARD -j limit-95 +-A FORWARD -j limit-94 +-A FORWARD -j limit-93 +-A FORWARD -j limit-92 +-A FORWARD -j limit-91 +-A FORWARD -j limit-90 +-A FORWARD -j limit-89 +-A FORWARD -j limit-88 +-A FORWARD -j limit-87 +-A FORWARD -j limit-86 +-A FORWARD -j limit-85 +-A FORWARD -j limit-84 +-A FORWARD -j limit-83 +-A FORWARD -j limit-82 +-A FORWARD -j limit-81 +-A FORWARD -j limit-80 -A FORWARD -j limit-79 -A FORWARD -j limit-78 -A FORWARD -j limit-77 @@ -2776,24 +3703,6 @@ hash:net family inet -A FORWARD -j limit-60 -A FORWARD -j limit-59 -A FORWARD -j limit-58 --A FORWARD -j limit-57 --A FORWARD -j limit-56 --A FORWARD -j limit-55 --A FORWARD -j limit-54 --A FORWARD -j limit-53 --A FORWARD -j limit-52 --A FORWARD -j limit-51 --A FORWARD -j limit-50 --A FORWARD -j limit-49 --A FORWARD -j limit-48 --A FORWARD -j limit-47 --A FORWARD -j limit-46 --A FORWARD -j limit-45 --A FORWARD -j limit-44 --A FORWARD -j limit-43 --A FORWARD -j limit-42 --A FORWARD -j limit-41 --A FORWARD -j limit-40 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -2841,6 +3750,24 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-45 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-46 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-47 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-48 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-49 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-50 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-51 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -2865,16 +3792,25 @@ hash:net family inet -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-7 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-8 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-9 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-10 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-37 +-A FORWARD -j logdrop-55 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-38 +-A FORWARD -j logdrop-56 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -2937,6 +3873,42 @@ hash:net family inet -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-115 +-A INPUT -j limit-114 +-A INPUT -j limit-113 +-A INPUT -j limit-112 +-A INPUT -j limit-111 +-A INPUT -j limit-110 +-A INPUT -j limit-109 +-A INPUT -j limit-108 +-A INPUT -j limit-107 +-A INPUT -j limit-106 +-A INPUT -j limit-105 +-A INPUT -j limit-104 +-A INPUT -j limit-103 +-A INPUT -j limit-102 +-A INPUT -j limit-101 +-A INPUT -j limit-100 +-A INPUT -j limit-99 +-A INPUT -j limit-98 +-A INPUT -j limit-97 +-A INPUT -j limit-96 +-A INPUT -j limit-95 +-A INPUT -j limit-94 +-A INPUT -j limit-93 +-A INPUT -j limit-92 +-A INPUT -j limit-91 +-A INPUT -j limit-90 +-A INPUT -j limit-89 +-A INPUT -j limit-88 +-A INPUT -j limit-87 +-A INPUT -j limit-86 +-A INPUT -j limit-85 +-A INPUT -j limit-84 +-A INPUT -j limit-83 +-A INPUT -j limit-82 +-A INPUT -j limit-81 +-A INPUT -j limit-80 -A INPUT -j limit-79 -A INPUT -j limit-78 -A INPUT -j limit-77 @@ -2959,24 +3931,6 @@ hash:net family inet -A INPUT -j limit-60 -A INPUT -j limit-59 -A INPUT -j limit-58 --A INPUT -j limit-57 --A INPUT -j limit-56 --A INPUT -j limit-55 --A INPUT -j limit-54 --A INPUT -j limit-53 --A INPUT -j limit-52 --A INPUT -j limit-51 --A INPUT -j limit-50 --A INPUT -j limit-49 --A INPUT -j limit-48 --A INPUT -j limit-47 --A INPUT -j limit-46 --A INPUT -j limit-45 --A INPUT -j limit-44 --A INPUT -j limit-43 --A INPUT -j limit-42 --A INPUT -j limit-41 --A INPUT -j limit-40 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -3009,56 +3963,83 @@ hash:net family inet -A INPUT -j ACCEPT -A INPUT -j logaccept-final-7 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-80 --A INPUT -i eth0 -j limit-81 --A INPUT -i eth0 -j limit-82 --A INPUT -i eth0 -j limit-83 --A INPUT -i eth0 -j limit-84 --A INPUT -i eth0 -j limit-85 --A INPUT -i eth0 -j limit-86 --A INPUT -i eth0 -j limit-87 --A INPUT -i eth0 -j limit-88 --A INPUT -i eth0 -j limit-89 --A INPUT -i eth0 -j limit-90 --A INPUT -i eth0 -j limit-91 --A INPUT -i eth0 -j limit-92 --A INPUT -i eth0 -j limit-93 --A INPUT -i eth0 -j limit-94 --A INPUT -i eth0 -j limit-95 --A INPUT -i eth0 -j limit-96 --A INPUT -i eth0 -j limit-97 --A INPUT -i eth0 -j limit-98 --A INPUT -i eth0 -j limit-99 --A INPUT -i eth0 -j limit-100 --A INPUT -i eth0 -j limit-101 --A INPUT -i eth0 -j limit-102 --A INPUT -i eth0 -j limit-103 --A INPUT -i eth0 -j limit-104 --A INPUT -i eth0 -j limit-105 --A INPUT -i eth0 -j limit-106 --A INPUT -i eth0 -j limit-107 --A INPUT -i eth0 -j limit-108 --A INPUT -i eth0 -j limit-109 --A INPUT -i eth0 -j limit-110 --A INPUT -i eth0 -j limit-111 --A INPUT -i eth0 -j limit-112 --A INPUT -i eth0 -j limit-113 --A INPUT -i eth0 -j limit-114 --A INPUT -i eth0 -j limit-115 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-8 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-9 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-10 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-116 -A INPUT -i eth0 -j limit-117 -A INPUT -i eth0 -j limit-118 -A INPUT -i eth0 -j limit-119 +-A INPUT -i eth0 -j limit-120 +-A INPUT -i eth0 -j limit-121 +-A INPUT -i eth0 -j limit-122 +-A INPUT -i eth0 -j limit-123 +-A INPUT -i eth0 -j limit-124 +-A INPUT -i eth0 -j limit-125 +-A INPUT -i eth0 -j limit-126 +-A INPUT -i eth0 -j limit-127 +-A INPUT -i eth0 -j limit-128 +-A INPUT -i eth0 -j limit-129 +-A INPUT -i eth0 -j limit-130 +-A INPUT -i eth0 -j limit-131 +-A INPUT -i eth0 -j limit-132 +-A INPUT -i eth0 -j limit-133 +-A INPUT -i eth0 -j limit-134 +-A INPUT -i eth0 -j limit-135 +-A INPUT -i eth0 -j limit-136 +-A INPUT -i eth0 -j limit-137 +-A INPUT -i eth0 -j limit-138 +-A INPUT -i eth0 -j limit-139 +-A INPUT -i eth0 -j limit-140 +-A INPUT -i eth0 -j limit-141 +-A INPUT -i eth0 -j limit-142 +-A INPUT -i eth0 -j limit-143 +-A INPUT -i eth0 -j limit-144 +-A INPUT -i eth0 -j limit-145 +-A INPUT -i eth0 -j limit-146 +-A INPUT -i eth0 -j limit-147 +-A INPUT -i eth0 -j limit-148 +-A INPUT -i eth0 -j limit-149 +-A INPUT -i eth0 -j limit-150 +-A INPUT -i eth0 -j limit-151 +-A INPUT -i eth0 -j limit-152 +-A INPUT -i eth0 -j limit-153 +-A INPUT -i eth0 -j limit-154 +-A INPUT -i eth0 -j limit-155 +-A INPUT -i eth0 -j limit-156 +-A INPUT -i eth0 -j limit-157 +-A INPUT -i eth0 -j limit-158 +-A INPUT -i eth0 -j limit-159 +-A INPUT -i eth0 -j limit-160 +-A INPUT -i eth0 -j limit-161 +-A INPUT -i eth0 -j limit-162 +-A INPUT -i eth0 -j limit-163 +-A INPUT -i eth0 -j limit-164 +-A INPUT -i eth0 -j limit-165 +-A INPUT -i eth0 -j limit-166 +-A INPUT -i eth0 -j limit-167 +-A INPUT -i eth0 -j limit-168 +-A INPUT -i eth0 -j limit-169 +-A INPUT -i eth0 -j limit-170 +-A INPUT -i eth0 -j limit-171 +-A INPUT -i eth0 -j limit-172 +-A INPUT -i eth0 -j limit-173 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-37 +-A INPUT -j logdrop-55 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-38 +-A INPUT -j logdrop-56 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -3077,6 +4058,42 @@ hash:net family inet -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-115 +-A OUTPUT -j limit-114 +-A OUTPUT -j limit-113 +-A OUTPUT -j limit-112 +-A OUTPUT -j limit-111 +-A OUTPUT -j limit-110 +-A OUTPUT -j limit-109 +-A OUTPUT -j limit-108 +-A OUTPUT -j limit-107 +-A OUTPUT -j limit-106 +-A OUTPUT -j limit-105 +-A OUTPUT -j limit-104 +-A OUTPUT -j limit-103 +-A OUTPUT -j limit-102 +-A OUTPUT -j limit-101 +-A OUTPUT -j limit-100 +-A OUTPUT -j limit-99 +-A OUTPUT -j limit-98 +-A OUTPUT -j limit-97 +-A OUTPUT -j limit-96 +-A OUTPUT -j limit-95 +-A OUTPUT -j limit-94 +-A OUTPUT -j limit-93 +-A OUTPUT -j limit-92 +-A OUTPUT -j limit-91 +-A OUTPUT -j limit-90 +-A OUTPUT -j limit-89 +-A OUTPUT -j limit-88 +-A OUTPUT -j limit-87 +-A OUTPUT -j limit-86 +-A OUTPUT -j limit-85 +-A OUTPUT -j limit-84 +-A OUTPUT -j limit-83 +-A OUTPUT -j limit-82 +-A OUTPUT -j limit-81 +-A OUTPUT -j limit-80 -A OUTPUT -j limit-79 -A OUTPUT -j limit-78 -A OUTPUT -j limit-77 @@ -3099,24 +4116,6 @@ hash:net family inet -A OUTPUT -j limit-60 -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 --A OUTPUT -j limit-57 --A OUTPUT -j limit-56 --A OUTPUT -j limit-55 --A OUTPUT -j limit-54 --A OUTPUT -j limit-53 --A OUTPUT -j limit-52 --A OUTPUT -j limit-51 --A OUTPUT -j limit-50 --A OUTPUT -j limit-49 --A OUTPUT -j limit-48 --A OUTPUT -j limit-47 --A OUTPUT -j limit-46 --A OUTPUT -j limit-45 --A OUTPUT -j limit-44 --A OUTPUT -j limit-43 --A OUTPUT -j limit-42 --A OUTPUT -j limit-41 --A OUTPUT -j limit-40 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -3165,6 +4164,24 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-45 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-46 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-47 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-48 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-49 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-50 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-51 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -3189,6 +4206,24 @@ hash:net family inet -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-7 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-8 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-9 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-10 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -3216,13 +4251,13 @@ hash:net family inet -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-37 +-A OUTPUT -j logdrop-55 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-38 +-A OUTPUT -j logdrop-56 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -3248,70 +4283,192 @@ hash:net family inet -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j RETURN -A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set --A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT +-A limit-100 -j DROP +-A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN +-A limit-101 -m limit --limit 1/second -j LOG +-A limit-101 -j DROP +-A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j RETURN +-A limit-102 -m limit --limit 1/second -j LOG +-A limit-102 -j DROP +-A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j RETURN +-A limit-103 -m limit --limit 1/second -j LOG +-A limit-103 -j DROP +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j RETURN -A limit-104 -m limit --limit 1/second -j LOG -A limit-104 -j DROP -A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN -A limit-105 -m limit --limit 1/second -j LOG -A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-4 +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j RETURN -A limit-106 -m limit --limit 1/second -j LOG -A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j RETURN -A limit-107 -m limit --limit 1/second -j LOG -A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT --A limit-108 -m limit --limit 1/second -j LOG +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j RETURN -A limit-108 -j DROP -A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN --A limit-109 -m limit --limit 1/second -j LOG -A limit-109 -j DROP -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set --A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-5 --A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j RETURN -A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT --A limit-111 -m limit --limit 1/second -j LOG +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j RETURN -A limit-111 -j DROP --A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j ACCEPT +-A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j RETURN -A limit-112 -j DROP -A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN -A limit-113 -j DROP --A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j logaccept-6 +-A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j RETURN -A limit-114 -j DROP --A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j ACCEPT +-A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j RETURN -A limit-115 -j DROP --A limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-116 -j ACCEPT --A limit-116 -j DROP --A limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-117 -j RETURN --A limit-117 -j DROP --A limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-118 -j logaccept-7 --A limit-118 -j DROP --A limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-119 -j ACCEPT --A limit-119 -j DROP --A limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --set --A limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-118 -m limit --limit 1/second -j LOG +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 +-A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set +-A limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 +-A limit-124 -m limit --limit 1/second -j LOG +-A limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 +-A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 +-A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 +-A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 +-A limit-130 -m limit --limit 1/second -j LOG +-A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 +-A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --set +-A limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-136 -m limit --limit 1/second -j LOG +-A limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --set +-A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG --A limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --set +-A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-142 -m limit --limit 1/second -j LOG +-A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --set +-A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-148 -m limit --limit 1/second -j LOG +-A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 +-A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set +-A limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-154 -m limit --limit 1/second -j LOG +-A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-158 -j ACCEPT +-A limit-158 -m limit --limit 1/second -j LOG +-A limit-158 -j DROP +-A limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-159 -j RETURN +-A limit-159 -m limit --limit 1/second -j LOG +-A limit-159 -j DROP +-A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 +-A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-160 -j logaccept-4 +-A limit-160 -m limit --limit 1/second -j LOG +-A limit-160 -j DROP +-A limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-161 -j ACCEPT +-A limit-161 -m limit --limit 1/second -j LOG +-A limit-161 -j DROP +-A limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-162 -j ACCEPT +-A limit-162 -m limit --limit 1/second -j LOG +-A limit-162 -j DROP +-A limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-163 -j RETURN +-A limit-163 -m limit --limit 1/second -j LOG +-A limit-163 -j DROP +-A limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-164 -j logaccept-5 +-A limit-164 -m limit --limit 1/second -j LOG +-A limit-164 -j DROP +-A limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-165 -j ACCEPT +-A limit-165 -m limit --limit 1/second -j LOG +-A limit-165 -j DROP +-A limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-166 -j ACCEPT +-A limit-166 -j DROP +-A limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-167 -j RETURN +-A limit-167 -j DROP +-A limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-168 -j logaccept-6 +-A limit-168 -j DROP +-A limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-169 -j ACCEPT +-A limit-169 -j DROP +-A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 +-A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-170 -j ACCEPT +-A limit-170 -j DROP +-A limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-171 -j RETURN +-A limit-171 -j DROP +-A limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-172 -j logaccept-7 +-A limit-172 -j DROP +-A limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-173 -j ACCEPT +-A limit-173 -j DROP -A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP @@ -3328,192 +4485,184 @@ hash:net family inet -A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set --A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j ACCEPT --A limit-24 -m limit --limit 1/second -j LOG --A limit-24 -j DROP --A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j RETURN --A limit-25 -m limit --limit 1/second -j LOG --A limit-25 -j DROP --A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j logaccept-0 +-A limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -j DROP --A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j ACCEPT --A limit-27 -m limit --limit 1/second -j LOG --A limit-27 -j DROP --A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j ACCEPT --A limit-28 -m limit --limit 1/second -j LOG --A limit-28 -j DROP --A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j RETURN --A limit-29 -m limit --limit 1/second -j LOG --A limit-29 -j DROP +-A limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-30 -j logaccept-1 --A limit-30 -m limit --limit 1/second -j LOG --A limit-30 -j DROP --A limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-31 -j ACCEPT --A limit-31 -m limit --limit 1/second -j LOG --A limit-31 -j DROP --A limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-32 -j ACCEPT --A limit-32 -j DROP --A limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-33 -j RETURN --A limit-33 -j DROP --A limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-34 -j logaccept-2 --A limit-34 -j DROP --A limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-35 -j ACCEPT --A limit-35 -j DROP --A limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-36 -j ACCEPT --A limit-36 -j DROP --A limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-37 -j RETURN --A limit-37 -j DROP --A limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-38 -j logaccept-3 --A limit-38 -j DROP --A limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-39 -j ACCEPT --A limit-39 -j DROP +-A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set +-A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-32 -m limit --limit 1/second -j LOG +-A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set +-A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-38 -m limit --limit 1/second -j LOG +-A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 --A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set --A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 --A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set --A limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 --A limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --set --A limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 --A limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-42 -j ACCEPT +-A limit-42 -m limit --limit 1/second -j LOG +-A limit-42 -j DROP +-A limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-43 -j RETURN +-A limit-43 -m limit --limit 1/second -j LOG +-A limit-43 -j DROP +-A limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-44 -j logaccept-0 +-A limit-44 -m limit --limit 1/second -j LOG +-A limit-44 -j DROP +-A limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-45 -j ACCEPT +-A limit-45 -m limit --limit 1/second -j LOG +-A limit-45 -j DROP +-A limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-46 -j ACCEPT +-A limit-46 -m limit --limit 1/second -j LOG +-A limit-46 -j DROP +-A limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-47 -j RETURN +-A limit-47 -m limit --limit 1/second -j LOG +-A limit-47 -j DROP +-A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j logaccept-1 +-A limit-48 -m limit --limit 1/second -j LOG +-A limit-48 -j DROP +-A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j ACCEPT +-A limit-49 -m limit --limit 1/second -j LOG +-A limit-49 -j DROP -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set --A limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 --A limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --set --A limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 --A limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --set --A limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --set --A limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --set --A limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --set --A limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --set --A limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --set --A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j ACCEPT +-A limit-50 -j DROP +-A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN +-A limit-51 -j DROP +-A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j logaccept-2 +-A limit-52 -j DROP +-A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j ACCEPT +-A limit-53 -j DROP +-A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j ACCEPT +-A limit-54 -j DROP +-A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN +-A limit-55 -j DROP +-A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j logaccept-3 +-A limit-56 -j DROP +-A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j ACCEPT +-A limit-57 -j DROP +-A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 -A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set --A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 -A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 -A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 -A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 -A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 -A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set --A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j RETURN --A limit-64 -m limit --limit 1/second -j LOG --A limit-64 -j DROP --A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN --A limit-65 -m limit --limit 1/second -j LOG --A limit-65 -j DROP --A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j RETURN --A limit-66 -m limit --limit 1/second -j LOG --A limit-66 -j DROP --A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j RETURN --A limit-67 -m limit --limit 1/second -j LOG --A limit-67 -j DROP --A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j RETURN --A limit-68 -m limit --limit 1/second -j LOG --A limit-68 -j DROP --A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN --A limit-69 -m limit --limit 1/second -j LOG --A limit-69 -j DROP +-A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set +-A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set +-A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 +-A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set +-A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set +-A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set --A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j RETURN --A limit-70 -m limit --limit 1/second -j LOG --A limit-70 -j DROP --A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j RETURN --A limit-71 -m limit --limit 1/second -j LOG --A limit-71 -j DROP --A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j RETURN --A limit-72 -j DROP --A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN --A limit-73 -j DROP --A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j RETURN --A limit-74 -j DROP --A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j RETURN --A limit-75 -j DROP --A limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-76 -j RETURN --A limit-76 -j DROP --A limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-77 -j RETURN --A limit-77 -j DROP --A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j RETURN --A limit-78 -j DROP --A limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-79 -j RETURN --A limit-79 -j DROP +-A limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set +-A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set +-A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set +-A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set +-A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set --A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-82 -m limit --limit 1/second -j LOG --A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set --A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set --A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-88 -m limit --limit 1/second -j LOG --A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set +-A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set +-A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set +-A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set -A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set --A limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-94 -m limit --limit 1/second -j LOG --A limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set --A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set +-A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -3536,6 +4685,8 @@ hash:net family inet -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG -A logaccept-final-1 -j ACCEPT +-A logaccept-final-10 -m limit --limit 1/second -j LOG +-A logaccept-final-10 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -3548,6 +4699,10 @@ hash:net family inet -A logaccept-final-6 -j ACCEPT -A logaccept-final-7 -m limit --limit 1/second -j LOG -A logaccept-final-7 -j ACCEPT +-A logaccept-final-8 -m limit --limit 1/second -j LOG +-A logaccept-final-8 -j ACCEPT +-A logaccept-final-9 -m limit --limit 1/second -j LOG +-A logaccept-final-9 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG @@ -3614,10 +4769,46 @@ hash:net family inet -A logdrop-37 -j DROP -A logdrop-38 -m limit --limit 1/second -j LOG -A logdrop-38 -j DROP +-A logdrop-39 -m limit --limit 1/second -j LOG +-A logdrop-39 -j DROP -A logdrop-4 -m limit --limit 1/second -j LOG -A logdrop-4 -j DROP +-A logdrop-40 -m limit --limit 1/second -j LOG +-A logdrop-40 -j DROP +-A logdrop-41 -m limit --limit 1/second -j LOG +-A logdrop-41 -j DROP +-A logdrop-42 -m limit --limit 1/second -j LOG +-A logdrop-42 -j DROP +-A logdrop-43 -m limit --limit 1/second -j LOG +-A logdrop-43 -j DROP +-A logdrop-44 -m limit --limit 1/second -j LOG +-A logdrop-44 -j DROP +-A logdrop-45 -m limit --limit 1/second -j LOG +-A logdrop-45 -j DROP +-A logdrop-46 -m limit --limit 1/second -j LOG +-A logdrop-46 -j DROP +-A logdrop-47 -m limit --limit 1/second -j LOG +-A logdrop-47 -j DROP +-A logdrop-48 -m limit --limit 1/second -j LOG +-A logdrop-48 -j DROP +-A logdrop-49 -m limit --limit 1/second -j LOG +-A logdrop-49 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG -A logdrop-5 -j DROP +-A logdrop-50 -m limit --limit 1/second -j LOG +-A logdrop-50 -j DROP +-A logdrop-51 -m limit --limit 1/second -j LOG +-A logdrop-51 -j DROP +-A logdrop-52 -m limit --limit 1/second -j LOG +-A logdrop-52 -j DROP +-A logdrop-53 -m limit --limit 1/second -j LOG +-A logdrop-53 -j DROP +-A logdrop-54 -m limit --limit 1/second -j LOG +-A logdrop-54 -j DROP +-A logdrop-55 -m limit --limit 1/second -j LOG +-A logdrop-55 -j DROP +-A logdrop-56 -m limit --limit 1/second -j LOG +-A logdrop-56 -j DROP -A logdrop-6 -m limit --limit 1/second -j LOG -A logdrop-6 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG @@ -3689,6 +4880,15 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -3740,6 +4940,24 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -3785,11 +5003,65 @@ COMMIT :limit-118 - [0:0] :limit-119 - [0:0] :limit-12 - [0:0] +:limit-120 - [0:0] +:limit-121 - [0:0] +:limit-122 - [0:0] +:limit-123 - [0:0] +:limit-124 - [0:0] +:limit-125 - [0:0] +:limit-126 - [0:0] +:limit-127 - [0:0] +:limit-128 - [0:0] +:limit-129 - [0:0] :limit-13 - [0:0] +:limit-130 - [0:0] +:limit-131 - [0:0] +:limit-132 - [0:0] +:limit-133 - [0:0] +:limit-134 - [0:0] +:limit-135 - [0:0] +:limit-136 - [0:0] +:limit-137 - [0:0] +:limit-138 - [0:0] +:limit-139 - [0:0] :limit-14 - [0:0] +:limit-140 - [0:0] +:limit-141 - [0:0] +:limit-142 - [0:0] +:limit-143 - [0:0] +:limit-144 - [0:0] +:limit-145 - [0:0] +:limit-146 - [0:0] +:limit-147 - [0:0] +:limit-148 - [0:0] +:limit-149 - [0:0] :limit-15 - [0:0] +:limit-150 - [0:0] +:limit-151 - [0:0] +:limit-152 - [0:0] +:limit-153 - [0:0] +:limit-154 - [0:0] +:limit-155 - [0:0] +:limit-156 - [0:0] +:limit-157 - [0:0] +:limit-158 - [0:0] +:limit-159 - [0:0] :limit-16 - [0:0] +:limit-160 - [0:0] +:limit-161 - [0:0] +:limit-162 - [0:0] +:limit-163 - [0:0] +:limit-164 - [0:0] +:limit-165 - [0:0] +:limit-166 - [0:0] +:limit-167 - [0:0] +:limit-168 - [0:0] +:limit-169 - [0:0] :limit-17 - [0:0] +:limit-170 - [0:0] +:limit-171 - [0:0] +:limit-172 - [0:0] +:limit-173 - [0:0] :limit-18 - [0:0] :limit-19 - [0:0] :limit-2 - [0:0] @@ -3891,12 +5163,15 @@ COMMIT :logaccept-8 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] +:logaccept-final-10 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] :logaccept-final-6 - [0:0] :logaccept-final-7 - [0:0] +:logaccept-final-8 - [0:0] +:logaccept-final-9 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] @@ -3930,8 +5205,26 @@ COMMIT :logdrop-36 - [0:0] :logdrop-37 - [0:0] :logdrop-38 - [0:0] +:logdrop-39 - [0:0] :logdrop-4 - [0:0] +:logdrop-40 - [0:0] +:logdrop-41 - [0:0] +:logdrop-42 - [0:0] +:logdrop-43 - [0:0] +:logdrop-44 - [0:0] +:logdrop-45 - [0:0] +:logdrop-46 - [0:0] +:logdrop-47 - [0:0] +:logdrop-48 - [0:0] +:logdrop-49 - [0:0] :logdrop-5 - [0:0] +:logdrop-50 - [0:0] +:logdrop-51 - [0:0] +:logdrop-52 - [0:0] +:logdrop-53 - [0:0] +:logdrop-54 - [0:0] +:logdrop-55 - [0:0] +:logdrop-56 - [0:0] :logdrop-6 - [0:0] :logdrop-7 - [0:0] :logdrop-8 - [0:0] @@ -3942,6 +5235,42 @@ COMMIT :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-115 +-A FORWARD -j limit-114 +-A FORWARD -j limit-113 +-A FORWARD -j limit-112 +-A FORWARD -j limit-111 +-A FORWARD -j limit-110 +-A FORWARD -j limit-109 +-A FORWARD -j limit-108 +-A FORWARD -j limit-107 +-A FORWARD -j limit-106 +-A FORWARD -j limit-105 +-A FORWARD -j limit-104 +-A FORWARD -j limit-103 +-A FORWARD -j limit-102 +-A FORWARD -j limit-101 +-A FORWARD -j limit-100 +-A FORWARD -j limit-99 +-A FORWARD -j limit-98 +-A FORWARD -j limit-97 +-A FORWARD -j limit-96 +-A FORWARD -j limit-95 +-A FORWARD -j limit-94 +-A FORWARD -j limit-93 +-A FORWARD -j limit-92 +-A FORWARD -j limit-91 +-A FORWARD -j limit-90 +-A FORWARD -j limit-89 +-A FORWARD -j limit-88 +-A FORWARD -j limit-87 +-A FORWARD -j limit-86 +-A FORWARD -j limit-85 +-A FORWARD -j limit-84 +-A FORWARD -j limit-83 +-A FORWARD -j limit-82 +-A FORWARD -j limit-81 +-A FORWARD -j limit-80 -A FORWARD -j limit-79 -A FORWARD -j limit-78 -A FORWARD -j limit-77 @@ -3964,24 +5293,6 @@ COMMIT -A FORWARD -j limit-60 -A FORWARD -j limit-59 -A FORWARD -j limit-58 --A FORWARD -j limit-57 --A FORWARD -j limit-56 --A FORWARD -j limit-55 --A FORWARD -j limit-54 --A FORWARD -j limit-53 --A FORWARD -j limit-52 --A FORWARD -j limit-51 --A FORWARD -j limit-50 --A FORWARD -j limit-49 --A FORWARD -j limit-48 --A FORWARD -j limit-47 --A FORWARD -j limit-46 --A FORWARD -j limit-45 --A FORWARD -j limit-44 --A FORWARD -j limit-43 --A FORWARD -j limit-42 --A FORWARD -j limit-41 --A FORWARD -j limit-40 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -4029,6 +5340,24 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-37 -A FORWARD -o eth1 -d fc00::/7 -j limit-38 -A FORWARD -o eth1 -d fc00::/7 -j limit-39 +-A FORWARD -o eth1 -d fc00::/7 -j limit-40 +-A FORWARD -o eth1 -d fc00::/7 -j limit-41 +-A FORWARD -o eth1 -d fc00::/7 -j limit-42 +-A FORWARD -o eth1 -d fc00::/7 -j limit-43 +-A FORWARD -o eth1 -d fc00::/7 -j limit-44 +-A FORWARD -o eth1 -d fc00::/7 -j limit-45 +-A FORWARD -o eth1 -d fc00::/7 -j limit-46 +-A FORWARD -o eth1 -d fc00::/7 -j limit-47 +-A FORWARD -o eth1 -d fc00::/7 -j limit-48 +-A FORWARD -o eth1 -d fc00::/7 -j limit-49 +-A FORWARD -o eth1 -d fc00::/7 -j limit-50 +-A FORWARD -o eth1 -d fc00::/7 -j limit-51 +-A FORWARD -o eth1 -d fc00::/7 -j limit-52 +-A FORWARD -o eth1 -d fc00::/7 -j limit-53 +-A FORWARD -o eth1 -d fc00::/7 -j limit-54 +-A FORWARD -o eth1 -d fc00::/7 -j limit-55 +-A FORWARD -o eth1 -d fc00::/7 -j limit-56 +-A FORWARD -o eth1 -d fc00::/7 -j limit-57 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -4053,16 +5382,25 @@ COMMIT -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-7 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-8 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-9 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-10 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-37 +-A FORWARD -j logdrop-55 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-38 +-A FORWARD -j logdrop-56 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -4095,6 +5433,42 @@ COMMIT -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-115 +-A INPUT -j limit-114 +-A INPUT -j limit-113 +-A INPUT -j limit-112 +-A INPUT -j limit-111 +-A INPUT -j limit-110 +-A INPUT -j limit-109 +-A INPUT -j limit-108 +-A INPUT -j limit-107 +-A INPUT -j limit-106 +-A INPUT -j limit-105 +-A INPUT -j limit-104 +-A INPUT -j limit-103 +-A INPUT -j limit-102 +-A INPUT -j limit-101 +-A INPUT -j limit-100 +-A INPUT -j limit-99 +-A INPUT -j limit-98 +-A INPUT -j limit-97 +-A INPUT -j limit-96 +-A INPUT -j limit-95 +-A INPUT -j limit-94 +-A INPUT -j limit-93 +-A INPUT -j limit-92 +-A INPUT -j limit-91 +-A INPUT -j limit-90 +-A INPUT -j limit-89 +-A INPUT -j limit-88 +-A INPUT -j limit-87 +-A INPUT -j limit-86 +-A INPUT -j limit-85 +-A INPUT -j limit-84 +-A INPUT -j limit-83 +-A INPUT -j limit-82 +-A INPUT -j limit-81 +-A INPUT -j limit-80 -A INPUT -j limit-79 -A INPUT -j limit-78 -A INPUT -j limit-77 @@ -4117,24 +5491,6 @@ COMMIT -A INPUT -j limit-60 -A INPUT -j limit-59 -A INPUT -j limit-58 --A INPUT -j limit-57 --A INPUT -j limit-56 --A INPUT -j limit-55 --A INPUT -j limit-54 --A INPUT -j limit-53 --A INPUT -j limit-52 --A INPUT -j limit-51 --A INPUT -j limit-50 --A INPUT -j limit-49 --A INPUT -j limit-48 --A INPUT -j limit-47 --A INPUT -j limit-46 --A INPUT -j limit-45 --A INPUT -j limit-44 --A INPUT -j limit-43 --A INPUT -j limit-42 --A INPUT -j limit-41 --A INPUT -j limit-40 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -4167,56 +5523,83 @@ COMMIT -A INPUT -j ACCEPT -A INPUT -j logaccept-final-7 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-80 --A INPUT -i eth0 -j limit-81 --A INPUT -i eth0 -j limit-82 --A INPUT -i eth0 -j limit-83 --A INPUT -i eth0 -j limit-84 --A INPUT -i eth0 -j limit-85 --A INPUT -i eth0 -j limit-86 --A INPUT -i eth0 -j limit-87 --A INPUT -i eth0 -j limit-88 --A INPUT -i eth0 -j limit-89 --A INPUT -i eth0 -j limit-90 --A INPUT -i eth0 -j limit-91 --A INPUT -i eth0 -j limit-92 --A INPUT -i eth0 -j limit-93 --A INPUT -i eth0 -j limit-94 --A INPUT -i eth0 -j limit-95 --A INPUT -i eth0 -j limit-96 --A INPUT -i eth0 -j limit-97 --A INPUT -i eth0 -j limit-98 --A INPUT -i eth0 -j limit-99 --A INPUT -i eth0 -j limit-100 --A INPUT -i eth0 -j limit-101 --A INPUT -i eth0 -j limit-102 --A INPUT -i eth0 -j limit-103 --A INPUT -i eth0 -j limit-104 --A INPUT -i eth0 -j limit-105 --A INPUT -i eth0 -j limit-106 --A INPUT -i eth0 -j limit-107 --A INPUT -i eth0 -j limit-108 --A INPUT -i eth0 -j limit-109 --A INPUT -i eth0 -j limit-110 --A INPUT -i eth0 -j limit-111 --A INPUT -i eth0 -j limit-112 --A INPUT -i eth0 -j limit-113 --A INPUT -i eth0 -j limit-114 --A INPUT -i eth0 -j limit-115 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-8 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-9 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-10 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-116 -A INPUT -i eth0 -j limit-117 -A INPUT -i eth0 -j limit-118 -A INPUT -i eth0 -j limit-119 +-A INPUT -i eth0 -j limit-120 +-A INPUT -i eth0 -j limit-121 +-A INPUT -i eth0 -j limit-122 +-A INPUT -i eth0 -j limit-123 +-A INPUT -i eth0 -j limit-124 +-A INPUT -i eth0 -j limit-125 +-A INPUT -i eth0 -j limit-126 +-A INPUT -i eth0 -j limit-127 +-A INPUT -i eth0 -j limit-128 +-A INPUT -i eth0 -j limit-129 +-A INPUT -i eth0 -j limit-130 +-A INPUT -i eth0 -j limit-131 +-A INPUT -i eth0 -j limit-132 +-A INPUT -i eth0 -j limit-133 +-A INPUT -i eth0 -j limit-134 +-A INPUT -i eth0 -j limit-135 +-A INPUT -i eth0 -j limit-136 +-A INPUT -i eth0 -j limit-137 +-A INPUT -i eth0 -j limit-138 +-A INPUT -i eth0 -j limit-139 +-A INPUT -i eth0 -j limit-140 +-A INPUT -i eth0 -j limit-141 +-A INPUT -i eth0 -j limit-142 +-A INPUT -i eth0 -j limit-143 +-A INPUT -i eth0 -j limit-144 +-A INPUT -i eth0 -j limit-145 +-A INPUT -i eth0 -j limit-146 +-A INPUT -i eth0 -j limit-147 +-A INPUT -i eth0 -j limit-148 +-A INPUT -i eth0 -j limit-149 +-A INPUT -i eth0 -j limit-150 +-A INPUT -i eth0 -j limit-151 +-A INPUT -i eth0 -j limit-152 +-A INPUT -i eth0 -j limit-153 +-A INPUT -i eth0 -j limit-154 +-A INPUT -i eth0 -j limit-155 +-A INPUT -i eth0 -j limit-156 +-A INPUT -i eth0 -j limit-157 +-A INPUT -i eth0 -j limit-158 +-A INPUT -i eth0 -j limit-159 +-A INPUT -i eth0 -j limit-160 +-A INPUT -i eth0 -j limit-161 +-A INPUT -i eth0 -j limit-162 +-A INPUT -i eth0 -j limit-163 +-A INPUT -i eth0 -j limit-164 +-A INPUT -i eth0 -j limit-165 +-A INPUT -i eth0 -j limit-166 +-A INPUT -i eth0 -j limit-167 +-A INPUT -i eth0 -j limit-168 +-A INPUT -i eth0 -j limit-169 +-A INPUT -i eth0 -j limit-170 +-A INPUT -i eth0 -j limit-171 +-A INPUT -i eth0 -j limit-172 +-A INPUT -i eth0 -j limit-173 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-37 +-A INPUT -j logdrop-55 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-38 +-A INPUT -j logdrop-56 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -4229,6 +5612,42 @@ COMMIT -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-115 +-A OUTPUT -j limit-114 +-A OUTPUT -j limit-113 +-A OUTPUT -j limit-112 +-A OUTPUT -j limit-111 +-A OUTPUT -j limit-110 +-A OUTPUT -j limit-109 +-A OUTPUT -j limit-108 +-A OUTPUT -j limit-107 +-A OUTPUT -j limit-106 +-A OUTPUT -j limit-105 +-A OUTPUT -j limit-104 +-A OUTPUT -j limit-103 +-A OUTPUT -j limit-102 +-A OUTPUT -j limit-101 +-A OUTPUT -j limit-100 +-A OUTPUT -j limit-99 +-A OUTPUT -j limit-98 +-A OUTPUT -j limit-97 +-A OUTPUT -j limit-96 +-A OUTPUT -j limit-95 +-A OUTPUT -j limit-94 +-A OUTPUT -j limit-93 +-A OUTPUT -j limit-92 +-A OUTPUT -j limit-91 +-A OUTPUT -j limit-90 +-A OUTPUT -j limit-89 +-A OUTPUT -j limit-88 +-A OUTPUT -j limit-87 +-A OUTPUT -j limit-86 +-A OUTPUT -j limit-85 +-A OUTPUT -j limit-84 +-A OUTPUT -j limit-83 +-A OUTPUT -j limit-82 +-A OUTPUT -j limit-81 +-A OUTPUT -j limit-80 -A OUTPUT -j limit-79 -A OUTPUT -j limit-78 -A OUTPUT -j limit-77 @@ -4251,24 +5670,6 @@ COMMIT -A OUTPUT -j limit-60 -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 --A OUTPUT -j limit-57 --A OUTPUT -j limit-56 --A OUTPUT -j limit-55 --A OUTPUT -j limit-54 --A OUTPUT -j limit-53 --A OUTPUT -j limit-52 --A OUTPUT -j limit-51 --A OUTPUT -j limit-50 --A OUTPUT -j limit-49 --A OUTPUT -j limit-48 --A OUTPUT -j limit-47 --A OUTPUT -j limit-46 --A OUTPUT -j limit-45 --A OUTPUT -j limit-44 --A OUTPUT -j limit-43 --A OUTPUT -j limit-42 --A OUTPUT -j limit-41 --A OUTPUT -j limit-40 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -4317,6 +5718,24 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-37 -A OUTPUT -o eth1 -d fc00::/7 -j limit-38 -A OUTPUT -o eth1 -d fc00::/7 -j limit-39 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-40 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-41 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-42 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-43 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-44 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-45 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-46 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-47 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-48 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-49 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-50 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-51 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-52 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-53 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-54 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-55 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-56 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-57 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -4341,6 +5760,24 @@ COMMIT -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-7 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-8 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-9 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-10 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -4368,13 +5805,13 @@ COMMIT -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-37 +-A OUTPUT -j logdrop-55 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-38 +-A OUTPUT -j logdrop-56 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -4395,70 +5832,192 @@ COMMIT -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j RETURN -A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT +-A limit-100 -j DROP +-A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN +-A limit-101 -m limit --limit 1/second -j LOG +-A limit-101 -j DROP +-A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j RETURN +-A limit-102 -m limit --limit 1/second -j LOG +-A limit-102 -j DROP +-A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j RETURN +-A limit-103 -m limit --limit 1/second -j LOG +-A limit-103 -j DROP +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j RETURN -A limit-104 -m limit --limit 1/second -j LOG -A limit-104 -j DROP -A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN -A limit-105 -m limit --limit 1/second -j LOG -A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-4 +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j RETURN -A limit-106 -m limit --limit 1/second -j LOG -A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j RETURN -A limit-107 -m limit --limit 1/second -j LOG -A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT --A limit-108 -m limit --limit 1/second -j LOG +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j RETURN -A limit-108 -j DROP -A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN --A limit-109 -m limit --limit 1/second -j LOG -A limit-109 -j DROP -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-5 --A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j RETURN -A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT --A limit-111 -m limit --limit 1/second -j LOG +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j RETURN -A limit-111 -j DROP --A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j ACCEPT +-A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j RETURN -A limit-112 -j DROP -A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN -A limit-113 -j DROP --A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j logaccept-6 +-A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j RETURN -A limit-114 -j DROP --A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j ACCEPT +-A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j RETURN -A limit-115 -j DROP --A limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-116 -j ACCEPT --A limit-116 -j DROP --A limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-117 -j RETURN --A limit-117 -j DROP --A limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-118 -j logaccept-7 --A limit-118 -j DROP --A limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-119 -j ACCEPT --A limit-119 -j DROP --A limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-118 -m limit --limit 1/second -j LOG +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 +-A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 +-A limit-124 -m limit --limit 1/second -j LOG +-A limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 +-A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 +-A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 +-A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 +-A limit-130 -m limit --limit 1/second -j LOG +-A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 +-A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-136 -m limit --limit 1/second -j LOG +-A limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG --A limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-142 -m limit --limit 1/second -j LOG +-A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-148 -m limit --limit 1/second -j LOG +-A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 +-A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-154 -m limit --limit 1/second -j LOG +-A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-158 -j ACCEPT +-A limit-158 -m limit --limit 1/second -j LOG +-A limit-158 -j DROP +-A limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-159 -j RETURN +-A limit-159 -m limit --limit 1/second -j LOG +-A limit-159 -j DROP +-A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 +-A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-160 -j logaccept-4 +-A limit-160 -m limit --limit 1/second -j LOG +-A limit-160 -j DROP +-A limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-161 -j ACCEPT +-A limit-161 -m limit --limit 1/second -j LOG +-A limit-161 -j DROP +-A limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-162 -j ACCEPT +-A limit-162 -m limit --limit 1/second -j LOG +-A limit-162 -j DROP +-A limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-163 -j RETURN +-A limit-163 -m limit --limit 1/second -j LOG +-A limit-163 -j DROP +-A limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-164 -j logaccept-5 +-A limit-164 -m limit --limit 1/second -j LOG +-A limit-164 -j DROP +-A limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-165 -j ACCEPT +-A limit-165 -m limit --limit 1/second -j LOG +-A limit-165 -j DROP +-A limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-166 -j ACCEPT +-A limit-166 -j DROP +-A limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-167 -j RETURN +-A limit-167 -j DROP +-A limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-168 -j logaccept-6 +-A limit-168 -j DROP +-A limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-169 -j ACCEPT +-A limit-169 -j DROP +-A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 +-A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-170 -j ACCEPT +-A limit-170 -j DROP +-A limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-171 -j RETURN +-A limit-171 -j DROP +-A limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-172 -j logaccept-7 +-A limit-172 -j DROP +-A limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-173 -j ACCEPT +-A limit-173 -j DROP -A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP @@ -4475,192 +6034,184 @@ COMMIT -A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j ACCEPT --A limit-24 -m limit --limit 1/second -j LOG --A limit-24 -j DROP --A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j RETURN --A limit-25 -m limit --limit 1/second -j LOG --A limit-25 -j DROP --A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j logaccept-0 +-A limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -j DROP --A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j ACCEPT --A limit-27 -m limit --limit 1/second -j LOG --A limit-27 -j DROP --A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j ACCEPT --A limit-28 -m limit --limit 1/second -j LOG --A limit-28 -j DROP --A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j RETURN --A limit-29 -m limit --limit 1/second -j LOG --A limit-29 -j DROP +-A limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-30 -j logaccept-1 --A limit-30 -m limit --limit 1/second -j LOG --A limit-30 -j DROP --A limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-31 -j ACCEPT --A limit-31 -m limit --limit 1/second -j LOG --A limit-31 -j DROP --A limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-32 -j ACCEPT --A limit-32 -j DROP --A limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-33 -j RETURN --A limit-33 -j DROP --A limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-34 -j logaccept-2 --A limit-34 -j DROP --A limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-35 -j ACCEPT --A limit-35 -j DROP --A limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-36 -j ACCEPT --A limit-36 -j DROP --A limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-37 -j RETURN --A limit-37 -j DROP --A limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-38 -j logaccept-3 --A limit-38 -j DROP --A limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-39 -j ACCEPT --A limit-39 -j DROP +-A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-32 -m limit --limit 1/second -j LOG +-A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-38 -m limit --limit 1/second -j LOG +-A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 --A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 --A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 --A limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 --A limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-42 -j ACCEPT +-A limit-42 -m limit --limit 1/second -j LOG +-A limit-42 -j DROP +-A limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-43 -j RETURN +-A limit-43 -m limit --limit 1/second -j LOG +-A limit-43 -j DROP +-A limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-44 -j logaccept-0 +-A limit-44 -m limit --limit 1/second -j LOG +-A limit-44 -j DROP +-A limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-45 -j ACCEPT +-A limit-45 -m limit --limit 1/second -j LOG +-A limit-45 -j DROP +-A limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-46 -j ACCEPT +-A limit-46 -m limit --limit 1/second -j LOG +-A limit-46 -j DROP +-A limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-47 -j RETURN +-A limit-47 -m limit --limit 1/second -j LOG +-A limit-47 -j DROP +-A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j logaccept-1 +-A limit-48 -m limit --limit 1/second -j LOG +-A limit-48 -j DROP +-A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j ACCEPT +-A limit-49 -m limit --limit 1/second -j LOG +-A limit-49 -j DROP -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 --A limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 --A limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j ACCEPT +-A limit-50 -j DROP +-A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN +-A limit-51 -j DROP +-A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j logaccept-2 +-A limit-52 -j DROP +-A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j ACCEPT +-A limit-53 -j DROP +-A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j ACCEPT +-A limit-54 -j DROP +-A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN +-A limit-55 -j DROP +-A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j logaccept-3 +-A limit-56 -j DROP +-A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j ACCEPT +-A limit-57 -j DROP +-A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 -A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 -A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 -A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 -A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 -A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 -A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j RETURN --A limit-64 -m limit --limit 1/second -j LOG --A limit-64 -j DROP --A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN --A limit-65 -m limit --limit 1/second -j LOG --A limit-65 -j DROP --A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j RETURN --A limit-66 -m limit --limit 1/second -j LOG --A limit-66 -j DROP --A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j RETURN --A limit-67 -m limit --limit 1/second -j LOG --A limit-67 -j DROP --A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j RETURN --A limit-68 -m limit --limit 1/second -j LOG --A limit-68 -j DROP --A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN --A limit-69 -m limit --limit 1/second -j LOG --A limit-69 -j DROP +-A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 +-A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j RETURN --A limit-70 -m limit --limit 1/second -j LOG --A limit-70 -j DROP --A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j RETURN --A limit-71 -m limit --limit 1/second -j LOG --A limit-71 -j DROP --A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j RETURN --A limit-72 -j DROP --A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN --A limit-73 -j DROP --A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j RETURN --A limit-74 -j DROP --A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j RETURN --A limit-75 -j DROP --A limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-76 -j RETURN --A limit-76 -j DROP --A limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-77 -j RETURN --A limit-77 -j DROP --A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j RETURN --A limit-78 -j DROP --A limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-79 -j RETURN --A limit-79 -j DROP +-A limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-82 -m limit --limit 1/second -j LOG --A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-88 -m limit --limit 1/second -j LOG --A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-94 -m limit --limit 1/second -j LOG --A limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -4683,6 +6234,8 @@ COMMIT -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG -A logaccept-final-1 -j ACCEPT +-A logaccept-final-10 -m limit --limit 1/second -j LOG +-A logaccept-final-10 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -4695,6 +6248,10 @@ COMMIT -A logaccept-final-6 -j ACCEPT -A logaccept-final-7 -m limit --limit 1/second -j LOG -A logaccept-final-7 -j ACCEPT +-A logaccept-final-8 -m limit --limit 1/second -j LOG +-A logaccept-final-8 -j ACCEPT +-A logaccept-final-9 -m limit --limit 1/second -j LOG +-A logaccept-final-9 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG @@ -4761,10 +6318,46 @@ COMMIT -A logdrop-37 -j DROP -A logdrop-38 -m limit --limit 1/second -j LOG -A logdrop-38 -j DROP +-A logdrop-39 -m limit --limit 1/second -j LOG +-A logdrop-39 -j DROP -A logdrop-4 -m limit --limit 1/second -j LOG -A logdrop-4 -j DROP +-A logdrop-40 -m limit --limit 1/second -j LOG +-A logdrop-40 -j DROP +-A logdrop-41 -m limit --limit 1/second -j LOG +-A logdrop-41 -j DROP +-A logdrop-42 -m limit --limit 1/second -j LOG +-A logdrop-42 -j DROP +-A logdrop-43 -m limit --limit 1/second -j LOG +-A logdrop-43 -j DROP +-A logdrop-44 -m limit --limit 1/second -j LOG +-A logdrop-44 -j DROP +-A logdrop-45 -m limit --limit 1/second -j LOG +-A logdrop-45 -j DROP +-A logdrop-46 -m limit --limit 1/second -j LOG +-A logdrop-46 -j DROP +-A logdrop-47 -m limit --limit 1/second -j LOG +-A logdrop-47 -j DROP +-A logdrop-48 -m limit --limit 1/second -j LOG +-A logdrop-48 -j DROP +-A logdrop-49 -m limit --limit 1/second -j LOG +-A logdrop-49 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG -A logdrop-5 -j DROP +-A logdrop-50 -m limit --limit 1/second -j LOG +-A logdrop-50 -j DROP +-A logdrop-51 -m limit --limit 1/second -j LOG +-A logdrop-51 -j DROP +-A logdrop-52 -m limit --limit 1/second -j LOG +-A logdrop-52 -j DROP +-A logdrop-53 -m limit --limit 1/second -j LOG +-A logdrop-53 -j DROP +-A logdrop-54 -m limit --limit 1/second -j LOG +-A logdrop-54 -j DROP +-A logdrop-55 -m limit --limit 1/second -j LOG +-A logdrop-55 -j DROP +-A logdrop-56 -m limit --limit 1/second -j LOG +-A logdrop-56 -j DROP -A logdrop-6 -m limit --limit 1/second -j LOG -A logdrop-6 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG @@ -4819,6 +6412,15 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -4864,6 +6466,24 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack diff --git a/test/output/rules-save b/test/output/rules-save index 791540e..5a38be1 100644 --- a/test/output/rules-save +++ b/test/output/rules-save @@ -29,11 +29,65 @@ :limit-118 - [0:0] :limit-119 - [0:0] :limit-12 - [0:0] +:limit-120 - [0:0] +:limit-121 - [0:0] +:limit-122 - [0:0] +:limit-123 - [0:0] +:limit-124 - [0:0] +:limit-125 - [0:0] +:limit-126 - [0:0] +:limit-127 - [0:0] +:limit-128 - [0:0] +:limit-129 - [0:0] :limit-13 - [0:0] +:limit-130 - [0:0] +:limit-131 - [0:0] +:limit-132 - [0:0] +:limit-133 - [0:0] +:limit-134 - [0:0] +:limit-135 - [0:0] +:limit-136 - [0:0] +:limit-137 - [0:0] +:limit-138 - [0:0] +:limit-139 - [0:0] :limit-14 - [0:0] +:limit-140 - [0:0] +:limit-141 - [0:0] +:limit-142 - [0:0] +:limit-143 - [0:0] +:limit-144 - [0:0] +:limit-145 - [0:0] +:limit-146 - [0:0] +:limit-147 - [0:0] +:limit-148 - [0:0] +:limit-149 - [0:0] :limit-15 - [0:0] +:limit-150 - [0:0] +:limit-151 - [0:0] +:limit-152 - [0:0] +:limit-153 - [0:0] +:limit-154 - [0:0] +:limit-155 - [0:0] +:limit-156 - [0:0] +:limit-157 - [0:0] +:limit-158 - [0:0] +:limit-159 - [0:0] :limit-16 - [0:0] +:limit-160 - [0:0] +:limit-161 - [0:0] +:limit-162 - [0:0] +:limit-163 - [0:0] +:limit-164 - [0:0] +:limit-165 - [0:0] +:limit-166 - [0:0] +:limit-167 - [0:0] +:limit-168 - [0:0] +:limit-169 - [0:0] :limit-17 - [0:0] +:limit-170 - [0:0] +:limit-171 - [0:0] +:limit-172 - [0:0] +:limit-173 - [0:0] :limit-18 - [0:0] :limit-19 - [0:0] :limit-2 - [0:0] @@ -135,12 +189,15 @@ :logaccept-8 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] +:logaccept-final-10 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] :logaccept-final-6 - [0:0] :logaccept-final-7 - [0:0] +:logaccept-final-8 - [0:0] +:logaccept-final-9 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] @@ -174,8 +231,26 @@ :logdrop-36 - [0:0] :logdrop-37 - [0:0] :logdrop-38 - [0:0] +:logdrop-39 - [0:0] :logdrop-4 - [0:0] +:logdrop-40 - [0:0] +:logdrop-41 - [0:0] +:logdrop-42 - [0:0] +:logdrop-43 - [0:0] +:logdrop-44 - [0:0] +:logdrop-45 - [0:0] +:logdrop-46 - [0:0] +:logdrop-47 - [0:0] +:logdrop-48 - [0:0] +:logdrop-49 - [0:0] :logdrop-5 - [0:0] +:logdrop-50 - [0:0] +:logdrop-51 - [0:0] +:logdrop-52 - [0:0] +:logdrop-53 - [0:0] +:logdrop-54 - [0:0] +:logdrop-55 - [0:0] +:logdrop-56 - [0:0] :logdrop-6 - [0:0] :logdrop-7 - [0:0] :logdrop-8 - [0:0] @@ -186,6 +261,42 @@ :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-115 +-A FORWARD -j limit-114 +-A FORWARD -j limit-113 +-A FORWARD -j limit-112 +-A FORWARD -j limit-111 +-A FORWARD -j limit-110 +-A FORWARD -j limit-109 +-A FORWARD -j limit-108 +-A FORWARD -j limit-107 +-A FORWARD -j limit-106 +-A FORWARD -j limit-105 +-A FORWARD -j limit-104 +-A FORWARD -j limit-103 +-A FORWARD -j limit-102 +-A FORWARD -j limit-101 +-A FORWARD -j limit-100 +-A FORWARD -j limit-99 +-A FORWARD -j limit-98 +-A FORWARD -j limit-97 +-A FORWARD -j limit-96 +-A FORWARD -j limit-95 +-A FORWARD -j limit-94 +-A FORWARD -j limit-93 +-A FORWARD -j limit-92 +-A FORWARD -j limit-91 +-A FORWARD -j limit-90 +-A FORWARD -j limit-89 +-A FORWARD -j limit-88 +-A FORWARD -j limit-87 +-A FORWARD -j limit-86 +-A FORWARD -j limit-85 +-A FORWARD -j limit-84 +-A FORWARD -j limit-83 +-A FORWARD -j limit-82 +-A FORWARD -j limit-81 +-A FORWARD -j limit-80 -A FORWARD -j limit-79 -A FORWARD -j limit-78 -A FORWARD -j limit-77 @@ -208,24 +319,6 @@ -A FORWARD -j limit-60 -A FORWARD -j limit-59 -A FORWARD -j limit-58 --A FORWARD -j limit-57 --A FORWARD -j limit-56 --A FORWARD -j limit-55 --A FORWARD -j limit-54 --A FORWARD -j limit-53 --A FORWARD -j limit-52 --A FORWARD -j limit-51 --A FORWARD -j limit-50 --A FORWARD -j limit-49 --A FORWARD -j limit-48 --A FORWARD -j limit-47 --A FORWARD -j limit-46 --A FORWARD -j limit-45 --A FORWARD -j limit-44 --A FORWARD -j limit-43 --A FORWARD -j limit-42 --A FORWARD -j limit-41 --A FORWARD -j limit-40 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -273,6 +366,24 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-45 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-46 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-47 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-48 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-49 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-50 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-51 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -297,16 +408,25 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-7 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-8 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-9 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-10 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-37 +-A FORWARD -j logdrop-55 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-38 +-A FORWARD -j logdrop-56 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -369,6 +489,42 @@ -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-115 +-A INPUT -j limit-114 +-A INPUT -j limit-113 +-A INPUT -j limit-112 +-A INPUT -j limit-111 +-A INPUT -j limit-110 +-A INPUT -j limit-109 +-A INPUT -j limit-108 +-A INPUT -j limit-107 +-A INPUT -j limit-106 +-A INPUT -j limit-105 +-A INPUT -j limit-104 +-A INPUT -j limit-103 +-A INPUT -j limit-102 +-A INPUT -j limit-101 +-A INPUT -j limit-100 +-A INPUT -j limit-99 +-A INPUT -j limit-98 +-A INPUT -j limit-97 +-A INPUT -j limit-96 +-A INPUT -j limit-95 +-A INPUT -j limit-94 +-A INPUT -j limit-93 +-A INPUT -j limit-92 +-A INPUT -j limit-91 +-A INPUT -j limit-90 +-A INPUT -j limit-89 +-A INPUT -j limit-88 +-A INPUT -j limit-87 +-A INPUT -j limit-86 +-A INPUT -j limit-85 +-A INPUT -j limit-84 +-A INPUT -j limit-83 +-A INPUT -j limit-82 +-A INPUT -j limit-81 +-A INPUT -j limit-80 -A INPUT -j limit-79 -A INPUT -j limit-78 -A INPUT -j limit-77 @@ -391,24 +547,6 @@ -A INPUT -j limit-60 -A INPUT -j limit-59 -A INPUT -j limit-58 --A INPUT -j limit-57 --A INPUT -j limit-56 --A INPUT -j limit-55 --A INPUT -j limit-54 --A INPUT -j limit-53 --A INPUT -j limit-52 --A INPUT -j limit-51 --A INPUT -j limit-50 --A INPUT -j limit-49 --A INPUT -j limit-48 --A INPUT -j limit-47 --A INPUT -j limit-46 --A INPUT -j limit-45 --A INPUT -j limit-44 --A INPUT -j limit-43 --A INPUT -j limit-42 --A INPUT -j limit-41 --A INPUT -j limit-40 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -441,56 +579,83 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-7 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-80 --A INPUT -i eth0 -j limit-81 --A INPUT -i eth0 -j limit-82 --A INPUT -i eth0 -j limit-83 --A INPUT -i eth0 -j limit-84 --A INPUT -i eth0 -j limit-85 --A INPUT -i eth0 -j limit-86 --A INPUT -i eth0 -j limit-87 --A INPUT -i eth0 -j limit-88 --A INPUT -i eth0 -j limit-89 --A INPUT -i eth0 -j limit-90 --A INPUT -i eth0 -j limit-91 --A INPUT -i eth0 -j limit-92 --A INPUT -i eth0 -j limit-93 --A INPUT -i eth0 -j limit-94 --A INPUT -i eth0 -j limit-95 --A INPUT -i eth0 -j limit-96 --A INPUT -i eth0 -j limit-97 --A INPUT -i eth0 -j limit-98 --A INPUT -i eth0 -j limit-99 --A INPUT -i eth0 -j limit-100 --A INPUT -i eth0 -j limit-101 --A INPUT -i eth0 -j limit-102 --A INPUT -i eth0 -j limit-103 --A INPUT -i eth0 -j limit-104 --A INPUT -i eth0 -j limit-105 --A INPUT -i eth0 -j limit-106 --A INPUT -i eth0 -j limit-107 --A INPUT -i eth0 -j limit-108 --A INPUT -i eth0 -j limit-109 --A INPUT -i eth0 -j limit-110 --A INPUT -i eth0 -j limit-111 --A INPUT -i eth0 -j limit-112 --A INPUT -i eth0 -j limit-113 --A INPUT -i eth0 -j limit-114 --A INPUT -i eth0 -j limit-115 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-8 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-9 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-10 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-116 -A INPUT -i eth0 -j limit-117 -A INPUT -i eth0 -j limit-118 -A INPUT -i eth0 -j limit-119 +-A INPUT -i eth0 -j limit-120 +-A INPUT -i eth0 -j limit-121 +-A INPUT -i eth0 -j limit-122 +-A INPUT -i eth0 -j limit-123 +-A INPUT -i eth0 -j limit-124 +-A INPUT -i eth0 -j limit-125 +-A INPUT -i eth0 -j limit-126 +-A INPUT -i eth0 -j limit-127 +-A INPUT -i eth0 -j limit-128 +-A INPUT -i eth0 -j limit-129 +-A INPUT -i eth0 -j limit-130 +-A INPUT -i eth0 -j limit-131 +-A INPUT -i eth0 -j limit-132 +-A INPUT -i eth0 -j limit-133 +-A INPUT -i eth0 -j limit-134 +-A INPUT -i eth0 -j limit-135 +-A INPUT -i eth0 -j limit-136 +-A INPUT -i eth0 -j limit-137 +-A INPUT -i eth0 -j limit-138 +-A INPUT -i eth0 -j limit-139 +-A INPUT -i eth0 -j limit-140 +-A INPUT -i eth0 -j limit-141 +-A INPUT -i eth0 -j limit-142 +-A INPUT -i eth0 -j limit-143 +-A INPUT -i eth0 -j limit-144 +-A INPUT -i eth0 -j limit-145 +-A INPUT -i eth0 -j limit-146 +-A INPUT -i eth0 -j limit-147 +-A INPUT -i eth0 -j limit-148 +-A INPUT -i eth0 -j limit-149 +-A INPUT -i eth0 -j limit-150 +-A INPUT -i eth0 -j limit-151 +-A INPUT -i eth0 -j limit-152 +-A INPUT -i eth0 -j limit-153 +-A INPUT -i eth0 -j limit-154 +-A INPUT -i eth0 -j limit-155 +-A INPUT -i eth0 -j limit-156 +-A INPUT -i eth0 -j limit-157 +-A INPUT -i eth0 -j limit-158 +-A INPUT -i eth0 -j limit-159 +-A INPUT -i eth0 -j limit-160 +-A INPUT -i eth0 -j limit-161 +-A INPUT -i eth0 -j limit-162 +-A INPUT -i eth0 -j limit-163 +-A INPUT -i eth0 -j limit-164 +-A INPUT -i eth0 -j limit-165 +-A INPUT -i eth0 -j limit-166 +-A INPUT -i eth0 -j limit-167 +-A INPUT -i eth0 -j limit-168 +-A INPUT -i eth0 -j limit-169 +-A INPUT -i eth0 -j limit-170 +-A INPUT -i eth0 -j limit-171 +-A INPUT -i eth0 -j limit-172 +-A INPUT -i eth0 -j limit-173 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-37 +-A INPUT -j logdrop-55 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-38 +-A INPUT -j logdrop-56 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -509,6 +674,42 @@ -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-115 +-A OUTPUT -j limit-114 +-A OUTPUT -j limit-113 +-A OUTPUT -j limit-112 +-A OUTPUT -j limit-111 +-A OUTPUT -j limit-110 +-A OUTPUT -j limit-109 +-A OUTPUT -j limit-108 +-A OUTPUT -j limit-107 +-A OUTPUT -j limit-106 +-A OUTPUT -j limit-105 +-A OUTPUT -j limit-104 +-A OUTPUT -j limit-103 +-A OUTPUT -j limit-102 +-A OUTPUT -j limit-101 +-A OUTPUT -j limit-100 +-A OUTPUT -j limit-99 +-A OUTPUT -j limit-98 +-A OUTPUT -j limit-97 +-A OUTPUT -j limit-96 +-A OUTPUT -j limit-95 +-A OUTPUT -j limit-94 +-A OUTPUT -j limit-93 +-A OUTPUT -j limit-92 +-A OUTPUT -j limit-91 +-A OUTPUT -j limit-90 +-A OUTPUT -j limit-89 +-A OUTPUT -j limit-88 +-A OUTPUT -j limit-87 +-A OUTPUT -j limit-86 +-A OUTPUT -j limit-85 +-A OUTPUT -j limit-84 +-A OUTPUT -j limit-83 +-A OUTPUT -j limit-82 +-A OUTPUT -j limit-81 +-A OUTPUT -j limit-80 -A OUTPUT -j limit-79 -A OUTPUT -j limit-78 -A OUTPUT -j limit-77 @@ -531,24 +732,6 @@ -A OUTPUT -j limit-60 -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 --A OUTPUT -j limit-57 --A OUTPUT -j limit-56 --A OUTPUT -j limit-55 --A OUTPUT -j limit-54 --A OUTPUT -j limit-53 --A OUTPUT -j limit-52 --A OUTPUT -j limit-51 --A OUTPUT -j limit-50 --A OUTPUT -j limit-49 --A OUTPUT -j limit-48 --A OUTPUT -j limit-47 --A OUTPUT -j limit-46 --A OUTPUT -j limit-45 --A OUTPUT -j limit-44 --A OUTPUT -j limit-43 --A OUTPUT -j limit-42 --A OUTPUT -j limit-41 --A OUTPUT -j limit-40 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -597,6 +780,24 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-45 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-46 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-47 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-48 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-49 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-50 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-51 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -621,6 +822,24 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-7 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-8 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-9 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-10 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -648,13 +867,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-37 +-A OUTPUT -j logdrop-55 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-38 +-A OUTPUT -j logdrop-56 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -680,70 +899,192 @@ -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-100 -j RETURN -A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set --A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT +-A limit-100 -j DROP +-A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-101 -j RETURN +-A limit-101 -m limit --limit 1/second -j LOG +-A limit-101 -j DROP +-A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-102 -j RETURN +-A limit-102 -m limit --limit 1/second -j LOG +-A limit-102 -j DROP +-A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-103 -j RETURN +-A limit-103 -m limit --limit 1/second -j LOG +-A limit-103 -j DROP +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j RETURN -A limit-104 -m limit --limit 1/second -j LOG -A limit-104 -j DROP -A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN -A limit-105 -m limit --limit 1/second -j LOG -A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-4 +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j RETURN -A limit-106 -m limit --limit 1/second -j LOG -A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j RETURN -A limit-107 -m limit --limit 1/second -j LOG -A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT --A limit-108 -m limit --limit 1/second -j LOG +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j RETURN -A limit-108 -j DROP -A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN --A limit-109 -m limit --limit 1/second -j LOG -A limit-109 -j DROP -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set --A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-5 --A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j RETURN -A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT --A limit-111 -m limit --limit 1/second -j LOG +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j RETURN -A limit-111 -j DROP --A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j ACCEPT +-A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j RETURN -A limit-112 -j DROP -A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN -A limit-113 -j DROP --A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j logaccept-6 +-A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j RETURN -A limit-114 -j DROP --A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j ACCEPT +-A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j RETURN -A limit-115 -j DROP --A limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-116 -j ACCEPT --A limit-116 -j DROP --A limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-117 -j RETURN --A limit-117 -j DROP --A limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-118 -j logaccept-7 --A limit-118 -j DROP --A limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-119 -j ACCEPT --A limit-119 -j DROP --A limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --set --A limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-118 -m limit --limit 1/second -j LOG +-A limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 +-A limit-12 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-120 -m recent --name limit-120 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-121 -m recent --name limit-121 --rsource --mask 255.255.255.255 --set +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-43 +-A limit-122 -m recent --name limit-122 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-123 -m recent --name limit-123 --rsource --mask 255.255.255.255 --set +-A limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-45 +-A limit-124 -m limit --limit 1/second -j LOG +-A limit-124 -m recent --name limit-124 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-125 -m recent --name limit-125 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-47 +-A limit-126 -m recent --name limit-126 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-48 +-A limit-127 -m recent --name limit-127 --rsource --mask 255.255.255.255 --set +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-49 +-A limit-128 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-129 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 +-A limit-13 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-51 +-A limit-130 -m limit --limit 1/second -j LOG +-A limit-130 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-52 +-A limit-131 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-53 +-A limit-132 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-54 +-A limit-133 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-134 -m recent --name limit-134 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-135 -m recent --name limit-135 --rsource --mask 255.255.255.255 --set +-A limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-136 -m limit --limit 1/second -j LOG +-A limit-136 -m recent --name limit-136 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-137 -m recent --name limit-137 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-138 -m recent --name limit-138 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-139 -m recent --name limit-139 --rsource --mask 255.255.255.255 --set +-A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG --A limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --set +-A limit-14 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-140 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-141 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-142 -m limit --limit 1/second -j LOG +-A limit-142 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-143 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-144 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-145 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-146 -m recent --name limit-146 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-147 -m recent --name limit-147 --rsource --mask 255.255.255.255 --set +-A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-148 -m limit --limit 1/second -j LOG +-A limit-148 -m recent --name limit-148 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-149 -m recent --name limit-149 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 +-A limit-15 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m recent --name limit-150 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-151 -m recent --name limit-151 --rsource --mask 255.255.255.255 --set +-A limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-152 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-153 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-154 -m limit --limit 1/second -j LOG +-A limit-154 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-155 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-156 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-157 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-158 -j ACCEPT +-A limit-158 -m limit --limit 1/second -j LOG +-A limit-158 -j DROP +-A limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-159 -j RETURN +-A limit-159 -m limit --limit 1/second -j LOG +-A limit-159 -j DROP +-A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 +-A limit-16 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-160 -j logaccept-4 +-A limit-160 -m limit --limit 1/second -j LOG +-A limit-160 -j DROP +-A limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-161 -j ACCEPT +-A limit-161 -m limit --limit 1/second -j LOG +-A limit-161 -j DROP +-A limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-162 -j ACCEPT +-A limit-162 -m limit --limit 1/second -j LOG +-A limit-162 -j DROP +-A limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-163 -j RETURN +-A limit-163 -m limit --limit 1/second -j LOG +-A limit-163 -j DROP +-A limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-164 -j logaccept-5 +-A limit-164 -m limit --limit 1/second -j LOG +-A limit-164 -j DROP +-A limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-165 -j ACCEPT +-A limit-165 -m limit --limit 1/second -j LOG +-A limit-165 -j DROP +-A limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-166 -j ACCEPT +-A limit-166 -j DROP +-A limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-167 -j RETURN +-A limit-167 -j DROP +-A limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-168 -j logaccept-6 +-A limit-168 -j DROP +-A limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-169 -j ACCEPT +-A limit-169 -j DROP +-A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 +-A limit-17 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-170 -j ACCEPT +-A limit-170 -j DROP +-A limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-171 -j RETURN +-A limit-171 -j DROP +-A limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-172 -j logaccept-7 +-A limit-172 -j DROP +-A limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-173 -j ACCEPT +-A limit-173 -j DROP -A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP @@ -760,192 +1101,184 @@ -A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set --A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j ACCEPT --A limit-24 -m limit --limit 1/second -j LOG --A limit-24 -j DROP --A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j RETURN --A limit-25 -m limit --limit 1/second -j LOG --A limit-25 -j DROP --A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j logaccept-0 +-A limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-24 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-25 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -j DROP --A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j ACCEPT --A limit-27 -m limit --limit 1/second -j LOG --A limit-27 -j DROP --A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j ACCEPT --A limit-28 -m limit --limit 1/second -j LOG --A limit-28 -j DROP --A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j RETURN --A limit-29 -m limit --limit 1/second -j LOG --A limit-29 -j DROP +-A limit-26 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-27 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-28 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-29 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-30 -j logaccept-1 --A limit-30 -m limit --limit 1/second -j LOG --A limit-30 -j DROP --A limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-31 -j ACCEPT --A limit-31 -m limit --limit 1/second -j LOG --A limit-31 -j DROP --A limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-32 -j ACCEPT --A limit-32 -j DROP --A limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-33 -j RETURN --A limit-33 -j DROP --A limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-34 -j logaccept-2 --A limit-34 -j DROP --A limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-35 -j ACCEPT --A limit-35 -j DROP --A limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-36 -j ACCEPT --A limit-36 -j DROP --A limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-37 -j RETURN --A limit-37 -j DROP --A limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-38 -j logaccept-3 --A limit-38 -j DROP --A limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-39 -j ACCEPT --A limit-39 -j DROP +-A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set +-A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-32 -m limit --limit 1/second -j LOG +-A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set +-A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-36 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-37 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-38 -m limit --limit 1/second -j LOG +-A limit-38 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 --A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set --A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 --A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set --A limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 --A limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --set --A limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 --A limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-42 -j ACCEPT +-A limit-42 -m limit --limit 1/second -j LOG +-A limit-42 -j DROP +-A limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-43 -j RETURN +-A limit-43 -m limit --limit 1/second -j LOG +-A limit-43 -j DROP +-A limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-44 -j logaccept-0 +-A limit-44 -m limit --limit 1/second -j LOG +-A limit-44 -j DROP +-A limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-45 -j ACCEPT +-A limit-45 -m limit --limit 1/second -j LOG +-A limit-45 -j DROP +-A limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-46 -j ACCEPT +-A limit-46 -m limit --limit 1/second -j LOG +-A limit-46 -j DROP +-A limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-47 -j RETURN +-A limit-47 -m limit --limit 1/second -j LOG +-A limit-47 -j DROP +-A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j logaccept-1 +-A limit-48 -m limit --limit 1/second -j LOG +-A limit-48 -j DROP +-A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j ACCEPT +-A limit-49 -m limit --limit 1/second -j LOG +-A limit-49 -j DROP -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set --A limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 --A limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --set --A limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 --A limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --set --A limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --set --A limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --set --A limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --set --A limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --set --A limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --set --A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j ACCEPT +-A limit-50 -j DROP +-A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN +-A limit-51 -j DROP +-A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j logaccept-2 +-A limit-52 -j DROP +-A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j ACCEPT +-A limit-53 -j DROP +-A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j ACCEPT +-A limit-54 -j DROP +-A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN +-A limit-55 -j DROP +-A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j logaccept-3 +-A limit-56 -j DROP +-A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j ACCEPT +-A limit-57 -j DROP +-A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 -A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set --A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 -A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 -A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 -A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 -A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 -A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set --A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j RETURN --A limit-64 -m limit --limit 1/second -j LOG --A limit-64 -j DROP --A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN --A limit-65 -m limit --limit 1/second -j LOG --A limit-65 -j DROP --A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j RETURN --A limit-66 -m limit --limit 1/second -j LOG --A limit-66 -j DROP --A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j RETURN --A limit-67 -m limit --limit 1/second -j LOG --A limit-67 -j DROP --A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j RETURN --A limit-68 -m limit --limit 1/second -j LOG --A limit-68 -j DROP --A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN --A limit-69 -m limit --limit 1/second -j LOG --A limit-69 -j DROP +-A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set +-A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set +-A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 +-A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set +-A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set +-A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set --A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j RETURN --A limit-70 -m limit --limit 1/second -j LOG --A limit-70 -j DROP --A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j RETURN --A limit-71 -m limit --limit 1/second -j LOG --A limit-71 -j DROP --A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j RETURN --A limit-72 -j DROP --A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN --A limit-73 -j DROP --A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j RETURN --A limit-74 -j DROP --A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j RETURN --A limit-75 -j DROP --A limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-76 -j RETURN --A limit-76 -j DROP --A limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-77 -j RETURN --A limit-77 -j DROP --A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j RETURN --A limit-78 -j DROP --A limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-79 -j RETURN --A limit-79 -j DROP +-A limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-70 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-71 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-72 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-73 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-74 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-75 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set +-A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set +-A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-78 -m recent --name limit-78 --rsource --mask 255.255.255.255 --set +-A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-79 -m recent --name limit-79 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set +-A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set --A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-82 -m limit --limit 1/second -j LOG --A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set --A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set --A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-88 -m limit --limit 1/second -j LOG --A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-82 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-83 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-84 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-85 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-86 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-87 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set +-A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set +-A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set +-A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set -A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set --A limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-94 -m limit --limit 1/second -j LOG --A limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set --A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set +-A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-94 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-95 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-96 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-97 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-98 -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-99 -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -968,6 +1301,8 @@ -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG -A logaccept-final-1 -j ACCEPT +-A logaccept-final-10 -m limit --limit 1/second -j LOG +-A logaccept-final-10 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -980,6 +1315,10 @@ -A logaccept-final-6 -j ACCEPT -A logaccept-final-7 -m limit --limit 1/second -j LOG -A logaccept-final-7 -j ACCEPT +-A logaccept-final-8 -m limit --limit 1/second -j LOG +-A logaccept-final-8 -j ACCEPT +-A logaccept-final-9 -m limit --limit 1/second -j LOG +-A logaccept-final-9 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG @@ -1046,10 +1385,46 @@ -A logdrop-37 -j DROP -A logdrop-38 -m limit --limit 1/second -j LOG -A logdrop-38 -j DROP +-A logdrop-39 -m limit --limit 1/second -j LOG +-A logdrop-39 -j DROP -A logdrop-4 -m limit --limit 1/second -j LOG -A logdrop-4 -j DROP +-A logdrop-40 -m limit --limit 1/second -j LOG +-A logdrop-40 -j DROP +-A logdrop-41 -m limit --limit 1/second -j LOG +-A logdrop-41 -j DROP +-A logdrop-42 -m limit --limit 1/second -j LOG +-A logdrop-42 -j DROP +-A logdrop-43 -m limit --limit 1/second -j LOG +-A logdrop-43 -j DROP +-A logdrop-44 -m limit --limit 1/second -j LOG +-A logdrop-44 -j DROP +-A logdrop-45 -m limit --limit 1/second -j LOG +-A logdrop-45 -j DROP +-A logdrop-46 -m limit --limit 1/second -j LOG +-A logdrop-46 -j DROP +-A logdrop-47 -m limit --limit 1/second -j LOG +-A logdrop-47 -j DROP +-A logdrop-48 -m limit --limit 1/second -j LOG +-A logdrop-48 -j DROP +-A logdrop-49 -m limit --limit 1/second -j LOG +-A logdrop-49 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG -A logdrop-5 -j DROP +-A logdrop-50 -m limit --limit 1/second -j LOG +-A logdrop-50 -j DROP +-A logdrop-51 -m limit --limit 1/second -j LOG +-A logdrop-51 -j DROP +-A logdrop-52 -m limit --limit 1/second -j LOG +-A logdrop-52 -j DROP +-A logdrop-53 -m limit --limit 1/second -j LOG +-A logdrop-53 -j DROP +-A logdrop-54 -m limit --limit 1/second -j LOG +-A logdrop-54 -j DROP +-A logdrop-55 -m limit --limit 1/second -j LOG +-A logdrop-55 -j DROP +-A logdrop-56 -m limit --limit 1/second -j LOG +-A logdrop-56 -j DROP -A logdrop-6 -m limit --limit 1/second -j LOG -A logdrop-6 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG @@ -1121,6 +1496,15 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -1172,6 +1556,24 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack diff --git a/test/output/rules6-save b/test/output/rules6-save index 4843615..a3fe183 100644 --- a/test/output/rules6-save +++ b/test/output/rules6-save @@ -29,11 +29,65 @@ :limit-118 - [0:0] :limit-119 - [0:0] :limit-12 - [0:0] +:limit-120 - [0:0] +:limit-121 - [0:0] +:limit-122 - [0:0] +:limit-123 - [0:0] +:limit-124 - [0:0] +:limit-125 - [0:0] +:limit-126 - [0:0] +:limit-127 - [0:0] +:limit-128 - [0:0] +:limit-129 - [0:0] :limit-13 - [0:0] +:limit-130 - [0:0] +:limit-131 - [0:0] +:limit-132 - [0:0] +:limit-133 - [0:0] +:limit-134 - [0:0] +:limit-135 - [0:0] +:limit-136 - [0:0] +:limit-137 - [0:0] +:limit-138 - [0:0] +:limit-139 - [0:0] :limit-14 - [0:0] +:limit-140 - [0:0] +:limit-141 - [0:0] +:limit-142 - [0:0] +:limit-143 - [0:0] +:limit-144 - [0:0] +:limit-145 - [0:0] +:limit-146 - [0:0] +:limit-147 - [0:0] +:limit-148 - [0:0] +:limit-149 - [0:0] :limit-15 - [0:0] +:limit-150 - [0:0] +:limit-151 - [0:0] +:limit-152 - [0:0] +:limit-153 - [0:0] +:limit-154 - [0:0] +:limit-155 - [0:0] +:limit-156 - [0:0] +:limit-157 - [0:0] +:limit-158 - [0:0] +:limit-159 - [0:0] :limit-16 - [0:0] +:limit-160 - [0:0] +:limit-161 - [0:0] +:limit-162 - [0:0] +:limit-163 - [0:0] +:limit-164 - [0:0] +:limit-165 - [0:0] +:limit-166 - [0:0] +:limit-167 - [0:0] +:limit-168 - [0:0] +:limit-169 - [0:0] :limit-17 - [0:0] +:limit-170 - [0:0] +:limit-171 - [0:0] +:limit-172 - [0:0] +:limit-173 - [0:0] :limit-18 - [0:0] :limit-19 - [0:0] :limit-2 - [0:0] @@ -135,12 +189,15 @@ :logaccept-8 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] +:logaccept-final-10 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] :logaccept-final-6 - [0:0] :logaccept-final-7 - [0:0] +:logaccept-final-8 - [0:0] +:logaccept-final-9 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] @@ -174,8 +231,26 @@ :logdrop-36 - [0:0] :logdrop-37 - [0:0] :logdrop-38 - [0:0] +:logdrop-39 - [0:0] :logdrop-4 - [0:0] +:logdrop-40 - [0:0] +:logdrop-41 - [0:0] +:logdrop-42 - [0:0] +:logdrop-43 - [0:0] +:logdrop-44 - [0:0] +:logdrop-45 - [0:0] +:logdrop-46 - [0:0] +:logdrop-47 - [0:0] +:logdrop-48 - [0:0] +:logdrop-49 - [0:0] :logdrop-5 - [0:0] +:logdrop-50 - [0:0] +:logdrop-51 - [0:0] +:logdrop-52 - [0:0] +:logdrop-53 - [0:0] +:logdrop-54 - [0:0] +:logdrop-55 - [0:0] +:logdrop-56 - [0:0] :logdrop-6 - [0:0] :logdrop-7 - [0:0] :logdrop-8 - [0:0] @@ -186,6 +261,42 @@ :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-115 +-A FORWARD -j limit-114 +-A FORWARD -j limit-113 +-A FORWARD -j limit-112 +-A FORWARD -j limit-111 +-A FORWARD -j limit-110 +-A FORWARD -j limit-109 +-A FORWARD -j limit-108 +-A FORWARD -j limit-107 +-A FORWARD -j limit-106 +-A FORWARD -j limit-105 +-A FORWARD -j limit-104 +-A FORWARD -j limit-103 +-A FORWARD -j limit-102 +-A FORWARD -j limit-101 +-A FORWARD -j limit-100 +-A FORWARD -j limit-99 +-A FORWARD -j limit-98 +-A FORWARD -j limit-97 +-A FORWARD -j limit-96 +-A FORWARD -j limit-95 +-A FORWARD -j limit-94 +-A FORWARD -j limit-93 +-A FORWARD -j limit-92 +-A FORWARD -j limit-91 +-A FORWARD -j limit-90 +-A FORWARD -j limit-89 +-A FORWARD -j limit-88 +-A FORWARD -j limit-87 +-A FORWARD -j limit-86 +-A FORWARD -j limit-85 +-A FORWARD -j limit-84 +-A FORWARD -j limit-83 +-A FORWARD -j limit-82 +-A FORWARD -j limit-81 +-A FORWARD -j limit-80 -A FORWARD -j limit-79 -A FORWARD -j limit-78 -A FORWARD -j limit-77 @@ -208,24 +319,6 @@ -A FORWARD -j limit-60 -A FORWARD -j limit-59 -A FORWARD -j limit-58 --A FORWARD -j limit-57 --A FORWARD -j limit-56 --A FORWARD -j limit-55 --A FORWARD -j limit-54 --A FORWARD -j limit-53 --A FORWARD -j limit-52 --A FORWARD -j limit-51 --A FORWARD -j limit-50 --A FORWARD -j limit-49 --A FORWARD -j limit-48 --A FORWARD -j limit-47 --A FORWARD -j limit-46 --A FORWARD -j limit-45 --A FORWARD -j limit-44 --A FORWARD -j limit-43 --A FORWARD -j limit-42 --A FORWARD -j limit-41 --A FORWARD -j limit-40 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -273,6 +366,24 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-37 -A FORWARD -o eth1 -d fc00::/7 -j limit-38 -A FORWARD -o eth1 -d fc00::/7 -j limit-39 +-A FORWARD -o eth1 -d fc00::/7 -j limit-40 +-A FORWARD -o eth1 -d fc00::/7 -j limit-41 +-A FORWARD -o eth1 -d fc00::/7 -j limit-42 +-A FORWARD -o eth1 -d fc00::/7 -j limit-43 +-A FORWARD -o eth1 -d fc00::/7 -j limit-44 +-A FORWARD -o eth1 -d fc00::/7 -j limit-45 +-A FORWARD -o eth1 -d fc00::/7 -j limit-46 +-A FORWARD -o eth1 -d fc00::/7 -j limit-47 +-A FORWARD -o eth1 -d fc00::/7 -j limit-48 +-A FORWARD -o eth1 -d fc00::/7 -j limit-49 +-A FORWARD -o eth1 -d fc00::/7 -j limit-50 +-A FORWARD -o eth1 -d fc00::/7 -j limit-51 +-A FORWARD -o eth1 -d fc00::/7 -j limit-52 +-A FORWARD -o eth1 -d fc00::/7 -j limit-53 +-A FORWARD -o eth1 -d fc00::/7 -j limit-54 +-A FORWARD -o eth1 -d fc00::/7 -j limit-55 +-A FORWARD -o eth1 -d fc00::/7 -j limit-56 +-A FORWARD -o eth1 -d fc00::/7 -j limit-57 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -297,16 +408,25 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-7 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-8 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-9 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-10 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-37 +-A FORWARD -j logdrop-55 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD -A FORWARD -j logaccept-8 --A FORWARD -j logdrop-38 +-A FORWARD -j logdrop-56 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -339,6 +459,42 @@ -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-115 +-A INPUT -j limit-114 +-A INPUT -j limit-113 +-A INPUT -j limit-112 +-A INPUT -j limit-111 +-A INPUT -j limit-110 +-A INPUT -j limit-109 +-A INPUT -j limit-108 +-A INPUT -j limit-107 +-A INPUT -j limit-106 +-A INPUT -j limit-105 +-A INPUT -j limit-104 +-A INPUT -j limit-103 +-A INPUT -j limit-102 +-A INPUT -j limit-101 +-A INPUT -j limit-100 +-A INPUT -j limit-99 +-A INPUT -j limit-98 +-A INPUT -j limit-97 +-A INPUT -j limit-96 +-A INPUT -j limit-95 +-A INPUT -j limit-94 +-A INPUT -j limit-93 +-A INPUT -j limit-92 +-A INPUT -j limit-91 +-A INPUT -j limit-90 +-A INPUT -j limit-89 +-A INPUT -j limit-88 +-A INPUT -j limit-87 +-A INPUT -j limit-86 +-A INPUT -j limit-85 +-A INPUT -j limit-84 +-A INPUT -j limit-83 +-A INPUT -j limit-82 +-A INPUT -j limit-81 +-A INPUT -j limit-80 -A INPUT -j limit-79 -A INPUT -j limit-78 -A INPUT -j limit-77 @@ -361,24 +517,6 @@ -A INPUT -j limit-60 -A INPUT -j limit-59 -A INPUT -j limit-58 --A INPUT -j limit-57 --A INPUT -j limit-56 --A INPUT -j limit-55 --A INPUT -j limit-54 --A INPUT -j limit-53 --A INPUT -j limit-52 --A INPUT -j limit-51 --A INPUT -j limit-50 --A INPUT -j limit-49 --A INPUT -j limit-48 --A INPUT -j limit-47 --A INPUT -j limit-46 --A INPUT -j limit-45 --A INPUT -j limit-44 --A INPUT -j limit-43 --A INPUT -j limit-42 --A INPUT -j limit-41 --A INPUT -j limit-40 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -411,56 +549,83 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-7 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-80 --A INPUT -i eth0 -j limit-81 --A INPUT -i eth0 -j limit-82 --A INPUT -i eth0 -j limit-83 --A INPUT -i eth0 -j limit-84 --A INPUT -i eth0 -j limit-85 --A INPUT -i eth0 -j limit-86 --A INPUT -i eth0 -j limit-87 --A INPUT -i eth0 -j limit-88 --A INPUT -i eth0 -j limit-89 --A INPUT -i eth0 -j limit-90 --A INPUT -i eth0 -j limit-91 --A INPUT -i eth0 -j limit-92 --A INPUT -i eth0 -j limit-93 --A INPUT -i eth0 -j limit-94 --A INPUT -i eth0 -j limit-95 --A INPUT -i eth0 -j limit-96 --A INPUT -i eth0 -j limit-97 --A INPUT -i eth0 -j limit-98 --A INPUT -i eth0 -j limit-99 --A INPUT -i eth0 -j limit-100 --A INPUT -i eth0 -j limit-101 --A INPUT -i eth0 -j limit-102 --A INPUT -i eth0 -j limit-103 --A INPUT -i eth0 -j limit-104 --A INPUT -i eth0 -j limit-105 --A INPUT -i eth0 -j limit-106 --A INPUT -i eth0 -j limit-107 --A INPUT -i eth0 -j limit-108 --A INPUT -i eth0 -j limit-109 --A INPUT -i eth0 -j limit-110 --A INPUT -i eth0 -j limit-111 --A INPUT -i eth0 -j limit-112 --A INPUT -i eth0 -j limit-113 --A INPUT -i eth0 -j limit-114 --A INPUT -i eth0 -j limit-115 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-8 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-9 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-10 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-116 -A INPUT -i eth0 -j limit-117 -A INPUT -i eth0 -j limit-118 -A INPUT -i eth0 -j limit-119 +-A INPUT -i eth0 -j limit-120 +-A INPUT -i eth0 -j limit-121 +-A INPUT -i eth0 -j limit-122 +-A INPUT -i eth0 -j limit-123 +-A INPUT -i eth0 -j limit-124 +-A INPUT -i eth0 -j limit-125 +-A INPUT -i eth0 -j limit-126 +-A INPUT -i eth0 -j limit-127 +-A INPUT -i eth0 -j limit-128 +-A INPUT -i eth0 -j limit-129 +-A INPUT -i eth0 -j limit-130 +-A INPUT -i eth0 -j limit-131 +-A INPUT -i eth0 -j limit-132 +-A INPUT -i eth0 -j limit-133 +-A INPUT -i eth0 -j limit-134 +-A INPUT -i eth0 -j limit-135 +-A INPUT -i eth0 -j limit-136 +-A INPUT -i eth0 -j limit-137 +-A INPUT -i eth0 -j limit-138 +-A INPUT -i eth0 -j limit-139 +-A INPUT -i eth0 -j limit-140 +-A INPUT -i eth0 -j limit-141 +-A INPUT -i eth0 -j limit-142 +-A INPUT -i eth0 -j limit-143 +-A INPUT -i eth0 -j limit-144 +-A INPUT -i eth0 -j limit-145 +-A INPUT -i eth0 -j limit-146 +-A INPUT -i eth0 -j limit-147 +-A INPUT -i eth0 -j limit-148 +-A INPUT -i eth0 -j limit-149 +-A INPUT -i eth0 -j limit-150 +-A INPUT -i eth0 -j limit-151 +-A INPUT -i eth0 -j limit-152 +-A INPUT -i eth0 -j limit-153 +-A INPUT -i eth0 -j limit-154 +-A INPUT -i eth0 -j limit-155 +-A INPUT -i eth0 -j limit-156 +-A INPUT -i eth0 -j limit-157 +-A INPUT -i eth0 -j limit-158 +-A INPUT -i eth0 -j limit-159 +-A INPUT -i eth0 -j limit-160 +-A INPUT -i eth0 -j limit-161 +-A INPUT -i eth0 -j limit-162 +-A INPUT -i eth0 -j limit-163 +-A INPUT -i eth0 -j limit-164 +-A INPUT -i eth0 -j limit-165 +-A INPUT -i eth0 -j limit-166 +-A INPUT -i eth0 -j limit-167 +-A INPUT -i eth0 -j limit-168 +-A INPUT -i eth0 -j limit-169 +-A INPUT -i eth0 -j limit-170 +-A INPUT -i eth0 -j limit-171 +-A INPUT -i eth0 -j limit-172 +-A INPUT -i eth0 -j limit-173 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-37 +-A INPUT -j logdrop-55 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT -A INPUT -j logaccept-8 --A INPUT -j logdrop-38 +-A INPUT -j logdrop-56 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -473,6 +638,42 @@ -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-115 +-A OUTPUT -j limit-114 +-A OUTPUT -j limit-113 +-A OUTPUT -j limit-112 +-A OUTPUT -j limit-111 +-A OUTPUT -j limit-110 +-A OUTPUT -j limit-109 +-A OUTPUT -j limit-108 +-A OUTPUT -j limit-107 +-A OUTPUT -j limit-106 +-A OUTPUT -j limit-105 +-A OUTPUT -j limit-104 +-A OUTPUT -j limit-103 +-A OUTPUT -j limit-102 +-A OUTPUT -j limit-101 +-A OUTPUT -j limit-100 +-A OUTPUT -j limit-99 +-A OUTPUT -j limit-98 +-A OUTPUT -j limit-97 +-A OUTPUT -j limit-96 +-A OUTPUT -j limit-95 +-A OUTPUT -j limit-94 +-A OUTPUT -j limit-93 +-A OUTPUT -j limit-92 +-A OUTPUT -j limit-91 +-A OUTPUT -j limit-90 +-A OUTPUT -j limit-89 +-A OUTPUT -j limit-88 +-A OUTPUT -j limit-87 +-A OUTPUT -j limit-86 +-A OUTPUT -j limit-85 +-A OUTPUT -j limit-84 +-A OUTPUT -j limit-83 +-A OUTPUT -j limit-82 +-A OUTPUT -j limit-81 +-A OUTPUT -j limit-80 -A OUTPUT -j limit-79 -A OUTPUT -j limit-78 -A OUTPUT -j limit-77 @@ -495,24 +696,6 @@ -A OUTPUT -j limit-60 -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 --A OUTPUT -j limit-57 --A OUTPUT -j limit-56 --A OUTPUT -j limit-55 --A OUTPUT -j limit-54 --A OUTPUT -j limit-53 --A OUTPUT -j limit-52 --A OUTPUT -j limit-51 --A OUTPUT -j limit-50 --A OUTPUT -j limit-49 --A OUTPUT -j limit-48 --A OUTPUT -j limit-47 --A OUTPUT -j limit-46 --A OUTPUT -j limit-45 --A OUTPUT -j limit-44 --A OUTPUT -j limit-43 --A OUTPUT -j limit-42 --A OUTPUT -j limit-41 --A OUTPUT -j limit-40 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -561,6 +744,24 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-37 -A OUTPUT -o eth1 -d fc00::/7 -j limit-38 -A OUTPUT -o eth1 -d fc00::/7 -j limit-39 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-40 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-41 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-42 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-43 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-44 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-45 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-46 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-47 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-48 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-49 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-50 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-51 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-52 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-53 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-54 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-55 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-56 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-57 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -585,6 +786,24 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-7 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-8 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-9 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-10 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -612,13 +831,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-37 +-A OUTPUT -j logdrop-55 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT -A OUTPUT -j logaccept-8 --A OUTPUT -j logdrop-38 +-A OUTPUT -j logdrop-56 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -639,70 +858,192 @@ -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-100 -j RETURN -A limit-100 -m limit --limit 1/second -j LOG --A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT +-A limit-100 -j DROP +-A limit-101 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-101 -j RETURN +-A limit-101 -m limit --limit 1/second -j LOG +-A limit-101 -j DROP +-A limit-102 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-102 -j RETURN +-A limit-102 -m limit --limit 1/second -j LOG +-A limit-102 -j DROP +-A limit-103 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-103 -j RETURN +-A limit-103 -m limit --limit 1/second -j LOG +-A limit-103 -j DROP +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j RETURN -A limit-104 -m limit --limit 1/second -j LOG -A limit-104 -j DROP -A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN -A limit-105 -m limit --limit 1/second -j LOG -A limit-105 -j DROP --A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-4 +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j RETURN -A limit-106 -m limit --limit 1/second -j LOG -A limit-106 -j DROP --A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j RETURN -A limit-107 -m limit --limit 1/second -j LOG -A limit-107 -j DROP --A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT --A limit-108 -m limit --limit 1/second -j LOG +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j RETURN -A limit-108 -j DROP -A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN --A limit-109 -m limit --limit 1/second -j LOG -A limit-109 -j DROP -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-5 --A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j RETURN -A limit-110 -j DROP --A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT --A limit-111 -m limit --limit 1/second -j LOG +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j RETURN -A limit-111 -j DROP --A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j ACCEPT +-A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j RETURN -A limit-112 -j DROP -A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN -A limit-113 -j DROP --A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j logaccept-6 +-A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j RETURN -A limit-114 -j DROP --A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j ACCEPT +-A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j RETURN -A limit-115 -j DROP --A limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-116 -j ACCEPT --A limit-116 -j DROP --A limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-117 -j RETURN --A limit-117 -j DROP --A limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-118 -j logaccept-7 --A limit-118 -j DROP --A limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-119 -j ACCEPT --A limit-119 -j DROP --A limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-37 +-A limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-38 +-A limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-39 +-A limit-118 -m limit --limit 1/second -j LOG +-A limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-40 +-A limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 +-A limit-12 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-41 +-A limit-120 -m recent --name limit-120 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-42 +-A limit-121 -m recent --name limit-121 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-43 +-A limit-122 -m recent --name limit-122 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-44 +-A limit-123 -m recent --name limit-123 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-45 +-A limit-124 -m limit --limit 1/second -j LOG +-A limit-124 -m recent --name limit-124 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-46 +-A limit-125 -m recent --name limit-125 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-47 +-A limit-126 -m recent --name limit-126 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-48 +-A limit-127 -m recent --name limit-127 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-49 +-A limit-128 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-50 +-A limit-129 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 +-A limit-13 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-51 +-A limit-130 -m limit --limit 1/second -j LOG +-A limit-130 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-52 +-A limit-131 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-53 +-A limit-132 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-54 +-A limit-133 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-134 -m recent --name limit-134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-135 -m recent --name limit-135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-136 -m limit --limit 1/second -j LOG +-A limit-136 -m recent --name limit-136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-137 -m recent --name limit-137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-138 -m recent --name limit-138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-139 -m recent --name limit-139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-14 -m limit --limit 1/second -j LOG --A limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-14 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-140 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-141 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-142 -m limit --limit 1/second -j LOG +-A limit-142 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-143 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-144 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-145 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-146 -m recent --name limit-146 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-147 -m recent --name limit-147 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-148 -m limit --limit 1/second -j LOG +-A limit-148 -m recent --name limit-148 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-149 -m recent --name limit-149 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 +-A limit-15 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-150 -m recent --name limit-150 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-151 -m recent --name limit-151 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-152 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-153 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-154 -m limit --limit 1/second -j LOG +-A limit-154 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-155 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-156 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-157 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-158 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-158 -j ACCEPT +-A limit-158 -m limit --limit 1/second -j LOG +-A limit-158 -j DROP +-A limit-159 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-159 -j RETURN +-A limit-159 -m limit --limit 1/second -j LOG +-A limit-159 -j DROP +-A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 +-A limit-16 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-160 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-160 -j logaccept-4 +-A limit-160 -m limit --limit 1/second -j LOG +-A limit-160 -j DROP +-A limit-161 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-161 -j ACCEPT +-A limit-161 -m limit --limit 1/second -j LOG +-A limit-161 -j DROP +-A limit-162 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-162 -j ACCEPT +-A limit-162 -m limit --limit 1/second -j LOG +-A limit-162 -j DROP +-A limit-163 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-163 -j RETURN +-A limit-163 -m limit --limit 1/second -j LOG +-A limit-163 -j DROP +-A limit-164 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-164 -j logaccept-5 +-A limit-164 -m limit --limit 1/second -j LOG +-A limit-164 -j DROP +-A limit-165 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-165 -j ACCEPT +-A limit-165 -m limit --limit 1/second -j LOG +-A limit-165 -j DROP +-A limit-166 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-166 -j ACCEPT +-A limit-166 -j DROP +-A limit-167 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-167 -j RETURN +-A limit-167 -j DROP +-A limit-168 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-168 -j logaccept-6 +-A limit-168 -j DROP +-A limit-169 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-169 -j ACCEPT +-A limit-169 -j DROP +-A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 +-A limit-17 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-170 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-170 -j ACCEPT +-A limit-170 -j DROP +-A limit-171 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-171 -j RETURN +-A limit-171 -j DROP +-A limit-172 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-172 -j logaccept-7 +-A limit-172 -j DROP +-A limit-173 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-173 -j ACCEPT +-A limit-173 -j DROP -A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP @@ -719,192 +1060,184 @@ -A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j ACCEPT --A limit-24 -m limit --limit 1/second -j LOG --A limit-24 -j DROP --A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j RETURN --A limit-25 -m limit --limit 1/second -j LOG --A limit-25 -j DROP --A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j logaccept-0 +-A limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-24 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-25 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-26 -m limit --limit 1/second -j LOG --A limit-26 -j DROP --A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j ACCEPT --A limit-27 -m limit --limit 1/second -j LOG --A limit-27 -j DROP --A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j ACCEPT --A limit-28 -m limit --limit 1/second -j LOG --A limit-28 -j DROP --A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j RETURN --A limit-29 -m limit --limit 1/second -j LOG --A limit-29 -j DROP +-A limit-26 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-27 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-28 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-29 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-30 -j logaccept-1 --A limit-30 -m limit --limit 1/second -j LOG --A limit-30 -j DROP --A limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-31 -j ACCEPT --A limit-31 -m limit --limit 1/second -j LOG --A limit-31 -j DROP --A limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-32 -j ACCEPT --A limit-32 -j DROP --A limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-33 -j RETURN --A limit-33 -j DROP --A limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-34 -j logaccept-2 --A limit-34 -j DROP --A limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-35 -j ACCEPT --A limit-35 -j DROP --A limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-36 -j ACCEPT --A limit-36 -j DROP --A limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-37 -j RETURN --A limit-37 -j DROP --A limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-38 -j logaccept-3 --A limit-38 -j DROP --A limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-39 -j ACCEPT --A limit-39 -j DROP +-A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-32 -m limit --limit 1/second -j LOG +-A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-36 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-37 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-38 -m limit --limit 1/second -j LOG +-A limit-38 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-39 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 --A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 --A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 --A limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 --A limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-42 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-42 -j ACCEPT +-A limit-42 -m limit --limit 1/second -j LOG +-A limit-42 -j DROP +-A limit-43 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-43 -j RETURN +-A limit-43 -m limit --limit 1/second -j LOG +-A limit-43 -j DROP +-A limit-44 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-44 -j logaccept-0 +-A limit-44 -m limit --limit 1/second -j LOG +-A limit-44 -j DROP +-A limit-45 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-45 -j ACCEPT +-A limit-45 -m limit --limit 1/second -j LOG +-A limit-45 -j DROP +-A limit-46 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-46 -j ACCEPT +-A limit-46 -m limit --limit 1/second -j LOG +-A limit-46 -j DROP +-A limit-47 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-47 -j RETURN +-A limit-47 -m limit --limit 1/second -j LOG +-A limit-47 -j DROP +-A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j logaccept-1 +-A limit-48 -m limit --limit 1/second -j LOG +-A limit-48 -j DROP +-A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j ACCEPT +-A limit-49 -m limit --limit 1/second -j LOG +-A limit-49 -j DROP -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 --A limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 --A limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j ACCEPT +-A limit-50 -j DROP +-A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN +-A limit-51 -j DROP +-A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j logaccept-2 +-A limit-52 -j DROP +-A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j ACCEPT +-A limit-53 -j DROP +-A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j ACCEPT +-A limit-54 -j DROP +-A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN +-A limit-55 -j DROP +-A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j logaccept-3 +-A limit-56 -j DROP +-A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j ACCEPT +-A limit-57 -j DROP +-A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 -A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 -A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 -A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 -A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 -A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 -A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j RETURN --A limit-64 -m limit --limit 1/second -j LOG --A limit-64 -j DROP --A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN --A limit-65 -m limit --limit 1/second -j LOG --A limit-65 -j DROP --A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j RETURN --A limit-66 -m limit --limit 1/second -j LOG --A limit-66 -j DROP --A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j RETURN --A limit-67 -m limit --limit 1/second -j LOG --A limit-67 -j DROP --A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j RETURN --A limit-68 -m limit --limit 1/second -j LOG --A limit-68 -j DROP --A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN --A limit-69 -m limit --limit 1/second -j LOG --A limit-69 -j DROP +-A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 +-A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j RETURN --A limit-70 -m limit --limit 1/second -j LOG --A limit-70 -j DROP --A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j RETURN --A limit-71 -m limit --limit 1/second -j LOG --A limit-71 -j DROP --A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j RETURN --A limit-72 -j DROP --A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN --A limit-73 -j DROP --A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j RETURN --A limit-74 -j DROP --A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j RETURN --A limit-75 -j DROP --A limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-76 -j RETURN --A limit-76 -j DROP --A limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-77 -j RETURN --A limit-77 -j DROP --A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j RETURN --A limit-78 -j DROP --A limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-79 -j RETURN --A limit-79 -j DROP +-A limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-70 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-71 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-72 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-73 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-74 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-75 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-78 -m recent --name limit-78 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-79 -m recent --name limit-79 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 --A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 --A limit-82 -m limit --limit 1/second -j LOG --A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 --A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 --A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 --A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 --A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 --A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 --A limit-88 -m limit --limit 1/second -j LOG --A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 --A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-82 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-83 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-84 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-85 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-86 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-87 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 --A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 --A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-94 -m limit --limit 1/second -j LOG --A limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-94 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-95 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-96 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-97 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-98 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-99 -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -927,6 +1260,8 @@ -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG -A logaccept-final-1 -j ACCEPT +-A logaccept-final-10 -m limit --limit 1/second -j LOG +-A logaccept-final-10 -j ACCEPT -A logaccept-final-2 -m limit --limit 1/second -j LOG -A logaccept-final-2 -j ACCEPT -A logaccept-final-3 -m limit --limit 1/second -j LOG @@ -939,6 +1274,10 @@ -A logaccept-final-6 -j ACCEPT -A logaccept-final-7 -m limit --limit 1/second -j LOG -A logaccept-final-7 -j ACCEPT +-A logaccept-final-8 -m limit --limit 1/second -j LOG +-A logaccept-final-8 -j ACCEPT +-A logaccept-final-9 -m limit --limit 1/second -j LOG +-A logaccept-final-9 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG @@ -1005,10 +1344,46 @@ -A logdrop-37 -j DROP -A logdrop-38 -m limit --limit 1/second -j LOG -A logdrop-38 -j DROP +-A logdrop-39 -m limit --limit 1/second -j LOG +-A logdrop-39 -j DROP -A logdrop-4 -m limit --limit 1/second -j LOG -A logdrop-4 -j DROP +-A logdrop-40 -m limit --limit 1/second -j LOG +-A logdrop-40 -j DROP +-A logdrop-41 -m limit --limit 1/second -j LOG +-A logdrop-41 -j DROP +-A logdrop-42 -m limit --limit 1/second -j LOG +-A logdrop-42 -j DROP +-A logdrop-43 -m limit --limit 1/second -j LOG +-A logdrop-43 -j DROP +-A logdrop-44 -m limit --limit 1/second -j LOG +-A logdrop-44 -j DROP +-A logdrop-45 -m limit --limit 1/second -j LOG +-A logdrop-45 -j DROP +-A logdrop-46 -m limit --limit 1/second -j LOG +-A logdrop-46 -j DROP +-A logdrop-47 -m limit --limit 1/second -j LOG +-A logdrop-47 -j DROP +-A logdrop-48 -m limit --limit 1/second -j LOG +-A logdrop-48 -j DROP +-A logdrop-49 -m limit --limit 1/second -j LOG +-A logdrop-49 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG -A logdrop-5 -j DROP +-A logdrop-50 -m limit --limit 1/second -j LOG +-A logdrop-50 -j DROP +-A logdrop-51 -m limit --limit 1/second -j LOG +-A logdrop-51 -j DROP +-A logdrop-52 -m limit --limit 1/second -j LOG +-A logdrop-52 -j DROP +-A logdrop-53 -m limit --limit 1/second -j LOG +-A logdrop-53 -j DROP +-A logdrop-54 -m limit --limit 1/second -j LOG +-A logdrop-54 -j DROP +-A logdrop-55 -m limit --limit 1/second -j LOG +-A logdrop-55 -j DROP +-A logdrop-56 -m limit --limit 1/second -j LOG +-A logdrop-56 -j DROP -A logdrop-6 -m limit --limit 1/second -j LOG -A logdrop-6 -j DROP -A logdrop-7 -m limit --limit 1/second -j LOG @@ -1063,6 +1438,15 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -1108,6 +1492,24 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack |