diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 12:05:24 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-10-07 12:05:24 +0300 |
| commit | d172644f178113b315da1ea06e4fc954b9e4f771 (patch) | |
| tree | f3ea34c27efc900310aefb3600432958541cceb6 /test | |
| parent | cdd8944be37ca857a9f23eb45b15346df834238a (diff) | |
| download | awall-d172644f178113b315da1ea06e4fc954b9e4f771.tar.bz2 awall-d172644f178113b315da1ea06e4fc954b9e4f771.tar.xz | |
test: filter-limit: make conn and flow limit outputs differ
Diffstat (limited to 'test')
| -rw-r--r-- | test/mandatory/filter-limit.lua | 2 | ||||
| -rw-r--r-- | test/output/dump | 662 | ||||
| -rw-r--r-- | test/output/rules-save | 150 | ||||
| -rw-r--r-- | test/output/rules6-save | 150 |
4 files changed, 392 insertions, 572 deletions
diff --git a/test/mandatory/filter-limit.lua b/test/mandatory/filter-limit.lua index e1b96eb..45fd704 100644 --- a/test/mandatory/filter-limit.lua +++ b/test/mandatory/filter-limit.lua @@ -29,7 +29,7 @@ function add(limit_type, base) end end -add('conn') +add('conn', {out='B'}) add('flow') add('flow', {['in']='A', out='_fw', ['no-track']=true}) diff --git a/test/output/dump b/test/output/dump index d6754dc..aa4058e 100644 --- a/test/output/dump +++ b/test/output/dump @@ -78,14 +78,12 @@ Filter 6 {"action":"tarpit"} inet/raw/OUTPUT -j CT --notrack inet6/raw/OUTPUT -j CT --notrack -Filter 7 {"conn-limit":1} -(filter-limit) - inet/filter/FORWARD -j limit-0 - inet6/filter/FORWARD -j limit-0 - inet/filter/INPUT -j limit-0 - inet6/filter/INPUT -j limit-0 - inet/filter/OUTPUT -j limit-0 - inet6/filter/OUTPUT -j limit-0 +Filter 7 {"conn-limit":1,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-0 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-0 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-0 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-0 inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-1 inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-1 inet/filter/logdrop-1 -m limit --limit 1/second -j LOG @@ -95,14 +93,12 @@ Filter 7 {"conn-limit":1} inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 8 {"action":"pass","conn-limit":1} +Filter 8 {"action":"pass","conn-limit":1,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-1 - inet6/filter/FORWARD -j limit-1 - inet/filter/INPUT -j limit-1 - inet6/filter/INPUT -j limit-1 - inet/filter/OUTPUT -j limit-1 - inet6/filter/OUTPUT -j limit-1 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-1 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-1 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-1 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-1 inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-2 inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2 inet/filter/logdrop-2 -m limit --limit 1/second -j LOG @@ -112,14 +108,12 @@ Filter 8 {"action":"pass","conn-limit":1} inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 9 {"conn-limit":1,"log":true} +Filter 9 {"conn-limit":1,"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-2 - inet6/filter/FORWARD -j limit-2 - inet/filter/INPUT -j limit-2 - inet6/filter/INPUT -j limit-2 - inet/filter/OUTPUT -j limit-2 - inet6/filter/OUTPUT -j limit-2 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-2 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-2 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-2 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-2 inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 inet/filter/logdrop-3 -m limit --limit 1/second -j LOG @@ -131,14 +125,12 @@ Filter 9 {"conn-limit":1,"log":true} inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 10 {"action":"pass","conn-limit":1,"log":true} +Filter 10 {"action":"pass","conn-limit":1,"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-3 - inet6/filter/FORWARD -j limit-3 - inet/filter/INPUT -j limit-3 - inet6/filter/INPUT -j limit-3 - inet/filter/OUTPUT -j limit-3 - inet6/filter/OUTPUT -j limit-3 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-3 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-3 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-3 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-3 inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 inet/filter/logdrop-4 -m limit --limit 1/second -j LOG @@ -148,14 +140,12 @@ Filter 10 {"action":"pass","conn-limit":1,"log":true} inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 11 {"conn-limit":1,"log":"none"} +Filter 11 {"conn-limit":1,"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-4 - inet6/filter/FORWARD -j limit-4 - inet/filter/INPUT -j limit-4 - inet6/filter/INPUT -j limit-4 - inet/filter/OUTPUT -j limit-4 - inet6/filter/OUTPUT -j limit-4 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-4 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-4 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-4 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-4 inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 inet/filter/logdrop-5 -m limit --limit 1/second -j LOG @@ -165,14 +155,12 @@ Filter 11 {"conn-limit":1,"log":"none"} inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 12 {"action":"pass","conn-limit":1,"log":"none"} +Filter 12 {"action":"pass","conn-limit":1,"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-5 - inet6/filter/FORWARD -j limit-5 - inet/filter/INPUT -j limit-5 - inet6/filter/INPUT -j limit-5 - inet/filter/OUTPUT -j limit-5 - inet6/filter/OUTPUT -j limit-5 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-5 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-5 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-5 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-5 inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 inet/filter/logdrop-6 -m limit --limit 1/second -j LOG @@ -182,40 +170,34 @@ Filter 12 {"action":"pass","conn-limit":1,"log":"none"} inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 13 {"conn-limit":{"count":1,"log":false}} +Filter 13 {"conn-limit":{"count":1,"log":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-6 - inet6/filter/FORWARD -j limit-6 - inet/filter/INPUT -j limit-6 - inet6/filter/INPUT -j limit-6 - inet/filter/OUTPUT -j limit-6 - inet6/filter/OUTPUT -j limit-6 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-6 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-6 inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 14 {"action":"pass","conn-limit":{"count":1,"log":false}} +Filter 14 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-7 - inet6/filter/FORWARD -j limit-7 - inet/filter/INPUT -j limit-7 - inet6/filter/INPUT -j limit-7 - inet/filter/OUTPUT -j limit-7 - inet6/filter/OUTPUT -j limit-7 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-7 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-7 inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 15 {"conn-limit":{"count":1,"log":false},"log":true} +Filter 15 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-8 - inet6/filter/FORWARD -j limit-8 - inet/filter/INPUT -j limit-8 - inet6/filter/INPUT -j limit-8 - inet/filter/OUTPUT -j limit-8 - inet6/filter/OUTPUT -j limit-8 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-8 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-8 inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-8 -m limit --limit 1/second -j LOG @@ -223,79 +205,67 @@ Filter 15 {"conn-limit":{"count":1,"log":false},"log":tr inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 16 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true} +Filter 16 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-9 - inet6/filter/FORWARD -j limit-9 - inet/filter/INPUT -j limit-9 - inet6/filter/INPUT -j limit-9 - inet/filter/OUTPUT -j limit-9 - inet6/filter/OUTPUT -j limit-9 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-9 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-9 inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 17 {"conn-limit":{"count":1,"log":false},"log":"none"} +Filter 17 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-10 - inet6/filter/FORWARD -j limit-10 - inet/filter/INPUT -j limit-10 - inet6/filter/INPUT -j limit-10 - inet/filter/OUTPUT -j limit-10 - inet6/filter/OUTPUT -j limit-10 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-10 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-10 inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 18 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none"} +Filter 18 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-11 - inet6/filter/FORWARD -j limit-11 - inet/filter/INPUT -j limit-11 - inet6/filter/INPUT -j limit-11 - inet/filter/OUTPUT -j limit-11 - inet6/filter/OUTPUT -j limit-11 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-11 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-11 inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 19 {"conn-limit":{"count":1,"log":"none"}} +Filter 19 {"conn-limit":{"count":1,"log":"none"},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-12 - inet6/filter/FORWARD -j limit-12 - inet/filter/INPUT -j limit-12 - inet6/filter/INPUT -j limit-12 - inet/filter/OUTPUT -j limit-12 - inet6/filter/OUTPUT -j limit-12 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-12 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-12 inet/filter/limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 20 {"action":"pass","conn-limit":{"count":1,"log":"none"}} +Filter 20 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-13 - inet6/filter/FORWARD -j limit-13 - inet/filter/INPUT -j limit-13 - inet6/filter/INPUT -j limit-13 - inet/filter/OUTPUT -j limit-13 - inet6/filter/OUTPUT -j limit-13 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-13 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-13 inet/filter/limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --set inet6/filter/limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 21 {"conn-limit":{"count":1,"log":"none"},"log":true} +Filter 21 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-14 - inet6/filter/FORWARD -j limit-14 - inet/filter/INPUT -j limit-14 - inet6/filter/INPUT -j limit-14 - inet/filter/OUTPUT -j limit-14 - inet6/filter/OUTPUT -j limit-14 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-14 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-14 inet/filter/limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-14 -m limit --limit 1/second -j LOG @@ -303,53 +273,45 @@ Filter 21 {"conn-limit":{"count":1,"log":"none"},"log":t inet/filter/limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 22 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true} +Filter 22 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-15 - inet6/filter/FORWARD -j limit-15 - inet/filter/INPUT -j limit-15 - inet6/filter/INPUT -j limit-15 - inet/filter/OUTPUT -j limit-15 - inet6/filter/OUTPUT -j limit-15 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-15 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-15 inet/filter/limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG inet6/filter/limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 23 {"conn-limit":{"count":1,"log":"none"},"log":"none"} +Filter 23 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-16 - inet6/filter/FORWARD -j limit-16 - inet/filter/INPUT -j limit-16 - inet6/filter/INPUT -j limit-16 - inet/filter/OUTPUT -j limit-16 - inet6/filter/OUTPUT -j limit-16 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-16 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-16 inet/filter/limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 24 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none"} +Filter 24 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-17 - inet6/filter/FORWARD -j limit-17 - inet/filter/INPUT -j limit-17 - inet6/filter/INPUT -j limit-17 - inet/filter/OUTPUT -j limit-17 - inet6/filter/OUTPUT -j limit-17 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-17 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-17 inet/filter/limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP inet6/filter/limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --set inet6/filter/limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 25 {"conn-limit":30} +Filter 25 {"conn-limit":30,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-18 - inet6/filter/FORWARD -j limit-18 - inet/filter/INPUT -j limit-18 - inet6/filter/INPUT -j limit-18 - inet/filter/OUTPUT -j limit-18 - inet6/filter/OUTPUT -j limit-18 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-18 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-18 inet/filter/limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-18 -j ACCEPT inet6/filter/limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-18 -j ACCEPT inet/filter/limit-18 -m limit --limit 1/second -j LOG @@ -357,14 +319,12 @@ Filter 25 {"conn-limit":30} inet/filter/limit-18 -j DROP inet6/filter/limit-18 -j DROP -Filter 26 {"action":"pass","conn-limit":30} +Filter 26 {"action":"pass","conn-limit":30,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-19 - inet6/filter/FORWARD -j limit-19 - inet/filter/INPUT -j limit-19 - inet6/filter/INPUT -j limit-19 - inet/filter/OUTPUT -j limit-19 - inet6/filter/OUTPUT -j limit-19 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-19 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-19 inet/filter/limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-19 -j RETURN inet6/filter/limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-19 -j RETURN inet/filter/limit-19 -m limit --limit 1/second -j LOG @@ -372,14 +332,12 @@ Filter 26 {"action":"pass","conn-limit":30} inet/filter/limit-19 -j DROP inet6/filter/limit-19 -j DROP -Filter 27 {"conn-limit":30,"log":true} +Filter 27 {"conn-limit":30,"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-20 - inet6/filter/FORWARD -j limit-20 - inet/filter/INPUT -j limit-20 - inet6/filter/INPUT -j limit-20 - inet/filter/OUTPUT -j limit-20 - inet6/filter/OUTPUT -j limit-20 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-20 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-20 inet/filter/limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-20 -j logaccept-0 inet6/filter/limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-20 -j logaccept-0 inet/filter/logaccept-0 -m limit --limit 1/second -j LOG @@ -391,14 +349,12 @@ Filter 27 {"conn-limit":30,"log":true} inet/filter/limit-20 -j DROP inet6/filter/limit-20 -j DROP -Filter 28 {"conn-limit":30,"log":"none"} +Filter 28 {"conn-limit":30,"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-21 - inet6/filter/FORWARD -j limit-21 - inet/filter/INPUT -j limit-21 - inet6/filter/INPUT -j limit-21 - inet/filter/OUTPUT -j limit-21 - inet6/filter/OUTPUT -j limit-21 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-21 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-21 inet/filter/limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-21 -j ACCEPT inet6/filter/limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-21 -j ACCEPT inet/filter/limit-21 -m limit --limit 1/second -j LOG @@ -406,40 +362,34 @@ Filter 28 {"conn-limit":30,"log":"none"} inet/filter/limit-21 -j DROP inet6/filter/limit-21 -j DROP -Filter 29 {"conn-limit":{"count":30,"log":false}} +Filter 29 {"conn-limit":{"count":30,"log":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-22 - inet6/filter/FORWARD -j limit-22 - inet/filter/INPUT -j limit-22 - inet6/filter/INPUT -j limit-22 - inet/filter/OUTPUT -j limit-22 - inet6/filter/OUTPUT -j limit-22 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-22 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-22 inet/filter/limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-22 -j ACCEPT inet6/filter/limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-22 -j ACCEPT inet/filter/limit-22 -j DROP inet6/filter/limit-22 -j DROP -Filter 30 {"action":"pass","conn-limit":{"count":30,"log":false}} +Filter 30 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-23 - inet6/filter/FORWARD -j limit-23 - inet/filter/INPUT -j limit-23 - inet6/filter/INPUT -j limit-23 - inet/filter/OUTPUT -j limit-23 - inet6/filter/OUTPUT -j limit-23 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-23 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-23 inet/filter/limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-23 -j RETURN inet6/filter/limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-23 -j RETURN inet/filter/limit-23 -j DROP inet6/filter/limit-23 -j DROP -Filter 31 {"conn-limit":{"count":30,"log":false},"log":true} +Filter 31 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-24 - inet6/filter/FORWARD -j limit-24 - inet/filter/INPUT -j limit-24 - inet6/filter/INPUT -j limit-24 - inet/filter/OUTPUT -j limit-24 - inet6/filter/OUTPUT -j limit-24 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-24 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-24 inet/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j logaccept-1 inet6/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j logaccept-1 inet/filter/logaccept-1 -m limit --limit 1/second -j LOG @@ -449,53 +399,45 @@ Filter 31 {"conn-limit":{"count":30,"log":false},"log":t inet/filter/limit-24 -j DROP inet6/filter/limit-24 -j DROP -Filter 32 {"conn-limit":{"count":30,"log":false},"log":"none"} +Filter 32 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-25 - inet6/filter/FORWARD -j limit-25 - inet/filter/INPUT -j limit-25 - inet6/filter/INPUT -j limit-25 - inet/filter/OUTPUT -j limit-25 - inet6/filter/OUTPUT -j limit-25 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-25 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-25 inet/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j ACCEPT inet6/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j ACCEPT inet/filter/limit-25 -j DROP inet6/filter/limit-25 -j DROP -Filter 33 {"conn-limit":{"count":30,"log":"none"}} +Filter 33 {"conn-limit":{"count":30,"log":"none"},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-26 - inet6/filter/FORWARD -j limit-26 - inet/filter/INPUT -j limit-26 - inet6/filter/INPUT -j limit-26 - inet/filter/OUTPUT -j limit-26 - inet6/filter/OUTPUT -j limit-26 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26 inet/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j ACCEPT inet6/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j ACCEPT inet/filter/limit-26 -j DROP inet6/filter/limit-26 -j DROP -Filter 34 {"action":"pass","conn-limit":{"count":30,"log":"none"}} +Filter 34 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-27 - inet6/filter/FORWARD -j limit-27 - inet/filter/INPUT -j limit-27 - inet6/filter/INPUT -j limit-27 - inet/filter/OUTPUT -j limit-27 - inet6/filter/OUTPUT -j limit-27 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-27 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-27 inet/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j RETURN inet6/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j RETURN inet/filter/limit-27 -j DROP inet6/filter/limit-27 -j DROP -Filter 35 {"conn-limit":{"count":30,"log":"none"},"log":true} +Filter 35 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-28 - inet6/filter/FORWARD -j limit-28 - inet/filter/INPUT -j limit-28 - inet6/filter/INPUT -j limit-28 - inet/filter/OUTPUT -j limit-28 - inet6/filter/OUTPUT -j limit-28 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-28 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-28 inet/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j logaccept-2 inet6/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j logaccept-2 inet/filter/logaccept-2 -m limit --limit 1/second -j LOG @@ -505,14 +447,12 @@ Filter 35 {"conn-limit":{"count":30,"log":"none"},"log": inet/filter/limit-28 -j DROP inet6/filter/limit-28 -j DROP -Filter 36 {"conn-limit":{"count":30,"log":"none"},"log":"none"} +Filter 36 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-29 - inet6/filter/FORWARD -j limit-29 - inet/filter/INPUT -j limit-29 - inet6/filter/INPUT -j limit-29 - inet/filter/OUTPUT -j limit-29 - inet6/filter/OUTPUT -j limit-29 + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-29 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-29 inet/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j ACCEPT inet6/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j ACCEPT inet/filter/limit-29 -j DROP @@ -2273,36 +2213,36 @@ hash:net family inet -A FORWARD -A FORWARD -j logreject-0 -A FORWARD -j logtarpit-0 --A FORWARD -j limit-0 --A FORWARD -j limit-1 --A FORWARD -j limit-2 --A FORWARD -j limit-3 --A FORWARD -j limit-4 --A FORWARD -j limit-5 --A FORWARD -j limit-6 --A FORWARD -j limit-7 --A FORWARD -j limit-8 --A FORWARD -j limit-9 --A FORWARD -j limit-10 --A FORWARD -j limit-11 --A FORWARD -j limit-12 --A FORWARD -j limit-13 --A FORWARD -j limit-14 --A FORWARD -j limit-15 --A FORWARD -j limit-16 --A FORWARD -j limit-17 --A FORWARD -j limit-18 --A FORWARD -j limit-19 --A FORWARD -j limit-20 --A FORWARD -j limit-21 --A FORWARD -j limit-22 --A FORWARD -j limit-23 --A FORWARD -j limit-24 --A FORWARD -j limit-25 --A FORWARD -j limit-26 --A FORWARD -j limit-27 --A FORWARD -j limit-28 --A FORWARD -j limit-29 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-0 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-1 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-2 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-3 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-4 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-5 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -2431,36 +2371,6 @@ hash:net family inet -A INPUT -A INPUT -j logreject-0 -A INPUT -j logtarpit-0 --A INPUT -j limit-0 --A INPUT -j limit-1 --A INPUT -j limit-2 --A INPUT -j limit-3 --A INPUT -j limit-4 --A INPUT -j limit-5 --A INPUT -j limit-6 --A INPUT -j limit-7 --A INPUT -j limit-8 --A INPUT -j limit-9 --A INPUT -j limit-10 --A INPUT -j limit-11 --A INPUT -j limit-12 --A INPUT -j limit-13 --A INPUT -j limit-14 --A INPUT -j limit-15 --A INPUT -j limit-16 --A INPUT -j limit-17 --A INPUT -j limit-18 --A INPUT -j limit-19 --A INPUT -j limit-20 --A INPUT -j limit-21 --A INPUT -j limit-22 --A INPUT -j limit-23 --A INPUT -j limit-24 --A INPUT -j limit-25 --A INPUT -j limit-26 --A INPUT -j limit-27 --A INPUT -j limit-28 --A INPUT -j limit-29 -A INPUT -j ACCEPT -A INPUT -j logaccept-final-0 -A INPUT -j ACCEPT @@ -2575,36 +2485,36 @@ hash:net family inet -A OUTPUT -A OUTPUT -j logreject-0 -A OUTPUT -j logtarpit-0 --A OUTPUT -j limit-0 --A OUTPUT -j limit-1 --A OUTPUT -j limit-2 --A OUTPUT -j limit-3 --A OUTPUT -j limit-4 --A OUTPUT -j limit-5 --A OUTPUT -j limit-6 --A OUTPUT -j limit-7 --A OUTPUT -j limit-8 --A OUTPUT -j limit-9 --A OUTPUT -j limit-10 --A OUTPUT -j limit-11 --A OUTPUT -j limit-12 --A OUTPUT -j limit-13 --A OUTPUT -j limit-14 --A OUTPUT -j limit-15 --A OUTPUT -j limit-16 --A OUTPUT -j limit-17 --A OUTPUT -j limit-18 --A OUTPUT -j limit-19 --A OUTPUT -j limit-20 --A OUTPUT -j limit-21 --A OUTPUT -j limit-22 --A OUTPUT -j limit-23 --A OUTPUT -j limit-24 --A OUTPUT -j limit-25 --A OUTPUT -j limit-26 --A OUTPUT -j limit-27 --A OUTPUT -j limit-28 --A OUTPUT -j limit-29 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-0 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-1 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-2 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-3 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-4 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-5 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -3221,36 +3131,36 @@ COMMIT -A FORWARD -A FORWARD -j logreject-0 -A FORWARD -j logtarpit-0 --A FORWARD -j limit-0 --A FORWARD -j limit-1 --A FORWARD -j limit-2 --A FORWARD -j limit-3 --A FORWARD -j limit-4 --A FORWARD -j limit-5 --A FORWARD -j limit-6 --A FORWARD -j limit-7 --A FORWARD -j limit-8 --A FORWARD -j limit-9 --A FORWARD -j limit-10 --A FORWARD -j limit-11 --A FORWARD -j limit-12 --A FORWARD -j limit-13 --A FORWARD -j limit-14 --A FORWARD -j limit-15 --A FORWARD -j limit-16 --A FORWARD -j limit-17 --A FORWARD -j limit-18 --A FORWARD -j limit-19 --A FORWARD -j limit-20 --A FORWARD -j limit-21 --A FORWARD -j limit-22 --A FORWARD -j limit-23 --A FORWARD -j limit-24 --A FORWARD -j limit-25 --A FORWARD -j limit-26 --A FORWARD -j limit-27 --A FORWARD -j limit-28 --A FORWARD -j limit-29 +-A FORWARD -o eth1 -d fc00::/7 -j limit-0 +-A FORWARD -o eth1 -d fc00::/7 -j limit-1 +-A FORWARD -o eth1 -d fc00::/7 -j limit-2 +-A FORWARD -o eth1 -d fc00::/7 -j limit-3 +-A FORWARD -o eth1 -d fc00::/7 -j limit-4 +-A FORWARD -o eth1 -d fc00::/7 -j limit-5 +-A FORWARD -o eth1 -d fc00::/7 -j limit-6 +-A FORWARD -o eth1 -d fc00::/7 -j limit-7 +-A FORWARD -o eth1 -d fc00::/7 -j limit-8 +-A FORWARD -o eth1 -d fc00::/7 -j limit-9 +-A FORWARD -o eth1 -d fc00::/7 -j limit-10 +-A FORWARD -o eth1 -d fc00::/7 -j limit-11 +-A FORWARD -o eth1 -d fc00::/7 -j limit-12 +-A FORWARD -o eth1 -d fc00::/7 -j limit-13 +-A FORWARD -o eth1 -d fc00::/7 -j limit-14 +-A FORWARD -o eth1 -d fc00::/7 -j limit-15 +-A FORWARD -o eth1 -d fc00::/7 -j limit-16 +-A FORWARD -o eth1 -d fc00::/7 -j limit-17 +-A FORWARD -o eth1 -d fc00::/7 -j limit-18 +-A FORWARD -o eth1 -d fc00::/7 -j limit-19 +-A FORWARD -o eth1 -d fc00::/7 -j limit-20 +-A FORWARD -o eth1 -d fc00::/7 -j limit-21 +-A FORWARD -o eth1 -d fc00::/7 -j limit-22 +-A FORWARD -o eth1 -d fc00::/7 -j limit-23 +-A FORWARD -o eth1 -d fc00::/7 -j limit-24 +-A FORWARD -o eth1 -d fc00::/7 -j limit-25 +-A FORWARD -o eth1 -d fc00::/7 -j limit-26 +-A FORWARD -o eth1 -d fc00::/7 -j limit-27 +-A FORWARD -o eth1 -d fc00::/7 -j limit-28 +-A FORWARD -o eth1 -d fc00::/7 -j limit-29 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -3349,36 +3259,6 @@ COMMIT -A INPUT -A INPUT -j logreject-0 -A INPUT -j logtarpit-0 --A INPUT -j limit-0 --A INPUT -j limit-1 --A INPUT -j limit-2 --A INPUT -j limit-3 --A INPUT -j limit-4 --A INPUT -j limit-5 --A INPUT -j limit-6 --A INPUT -j limit-7 --A INPUT -j limit-8 --A INPUT -j limit-9 --A INPUT -j limit-10 --A INPUT -j limit-11 --A INPUT -j limit-12 --A INPUT -j limit-13 --A INPUT -j limit-14 --A INPUT -j limit-15 --A INPUT -j limit-16 --A INPUT -j limit-17 --A INPUT -j limit-18 --A INPUT -j limit-19 --A INPUT -j limit-20 --A INPUT -j limit-21 --A INPUT -j limit-22 --A INPUT -j limit-23 --A INPUT -j limit-24 --A INPUT -j limit-25 --A INPUT -j limit-26 --A INPUT -j limit-27 --A INPUT -j limit-28 --A INPUT -j limit-29 -A INPUT -j ACCEPT -A INPUT -j logaccept-final-0 -A INPUT -j ACCEPT @@ -3487,36 +3367,36 @@ COMMIT -A OUTPUT -A OUTPUT -j logreject-0 -A OUTPUT -j logtarpit-0 --A OUTPUT -j limit-0 --A OUTPUT -j limit-1 --A OUTPUT -j limit-2 --A OUTPUT -j limit-3 --A OUTPUT -j limit-4 --A OUTPUT -j limit-5 --A OUTPUT -j limit-6 --A OUTPUT -j limit-7 --A OUTPUT -j limit-8 --A OUTPUT -j limit-9 --A OUTPUT -j limit-10 --A OUTPUT -j limit-11 --A OUTPUT -j limit-12 --A OUTPUT -j limit-13 --A OUTPUT -j limit-14 --A OUTPUT -j limit-15 --A OUTPUT -j limit-16 --A OUTPUT -j limit-17 --A OUTPUT -j limit-18 --A OUTPUT -j limit-19 --A OUTPUT -j limit-20 --A OUTPUT -j limit-21 --A OUTPUT -j limit-22 --A OUTPUT -j limit-23 --A OUTPUT -j limit-24 --A OUTPUT -j limit-25 --A OUTPUT -j limit-26 --A OUTPUT -j limit-27 --A OUTPUT -j limit-28 --A OUTPUT -j limit-29 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-0 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-1 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-2 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-3 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-4 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-5 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-6 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-7 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-8 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-9 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-10 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-11 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-12 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-13 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-14 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-15 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-16 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-17 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-18 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-19 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-20 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-21 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-22 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-23 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-24 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-25 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-26 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-27 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-28 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-29 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT diff --git a/test/output/rules-save b/test/output/rules-save index 0b5e9bd..f5531e4 100644 --- a/test/output/rules-save +++ b/test/output/rules-save @@ -171,36 +171,36 @@ -A FORWARD -A FORWARD -j logreject-0 -A FORWARD -j logtarpit-0 --A FORWARD -j limit-0 --A FORWARD -j limit-1 --A FORWARD -j limit-2 --A FORWARD -j limit-3 --A FORWARD -j limit-4 --A FORWARD -j limit-5 --A FORWARD -j limit-6 --A FORWARD -j limit-7 --A FORWARD -j limit-8 --A FORWARD -j limit-9 --A FORWARD -j limit-10 --A FORWARD -j limit-11 --A FORWARD -j limit-12 --A FORWARD -j limit-13 --A FORWARD -j limit-14 --A FORWARD -j limit-15 --A FORWARD -j limit-16 --A FORWARD -j limit-17 --A FORWARD -j limit-18 --A FORWARD -j limit-19 --A FORWARD -j limit-20 --A FORWARD -j limit-21 --A FORWARD -j limit-22 --A FORWARD -j limit-23 --A FORWARD -j limit-24 --A FORWARD -j limit-25 --A FORWARD -j limit-26 --A FORWARD -j limit-27 --A FORWARD -j limit-28 --A FORWARD -j limit-29 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-0 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-1 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-2 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-3 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-4 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-5 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -329,36 +329,6 @@ -A INPUT -A INPUT -j logreject-0 -A INPUT -j logtarpit-0 --A INPUT -j limit-0 --A INPUT -j limit-1 --A INPUT -j limit-2 --A INPUT -j limit-3 --A INPUT -j limit-4 --A INPUT -j limit-5 --A INPUT -j limit-6 --A INPUT -j limit-7 --A INPUT -j limit-8 --A INPUT -j limit-9 --A INPUT -j limit-10 --A INPUT -j limit-11 --A INPUT -j limit-12 --A INPUT -j limit-13 --A INPUT -j limit-14 --A INPUT -j limit-15 --A INPUT -j limit-16 --A INPUT -j limit-17 --A INPUT -j limit-18 --A INPUT -j limit-19 --A INPUT -j limit-20 --A INPUT -j limit-21 --A INPUT -j limit-22 --A INPUT -j limit-23 --A INPUT -j limit-24 --A INPUT -j limit-25 --A INPUT -j limit-26 --A INPUT -j limit-27 --A INPUT -j limit-28 --A INPUT -j limit-29 -A INPUT -j ACCEPT -A INPUT -j logaccept-final-0 -A INPUT -j ACCEPT @@ -473,36 +443,36 @@ -A OUTPUT -A OUTPUT -j logreject-0 -A OUTPUT -j logtarpit-0 --A OUTPUT -j limit-0 --A OUTPUT -j limit-1 --A OUTPUT -j limit-2 --A OUTPUT -j limit-3 --A OUTPUT -j limit-4 --A OUTPUT -j limit-5 --A OUTPUT -j limit-6 --A OUTPUT -j limit-7 --A OUTPUT -j limit-8 --A OUTPUT -j limit-9 --A OUTPUT -j limit-10 --A OUTPUT -j limit-11 --A OUTPUT -j limit-12 --A OUTPUT -j limit-13 --A OUTPUT -j limit-14 --A OUTPUT -j limit-15 --A OUTPUT -j limit-16 --A OUTPUT -j limit-17 --A OUTPUT -j limit-18 --A OUTPUT -j limit-19 --A OUTPUT -j limit-20 --A OUTPUT -j limit-21 --A OUTPUT -j limit-22 --A OUTPUT -j limit-23 --A OUTPUT -j limit-24 --A OUTPUT -j limit-25 --A OUTPUT -j limit-26 --A OUTPUT -j limit-27 --A OUTPUT -j limit-28 --A OUTPUT -j limit-29 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-0 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-1 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-2 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-3 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-4 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-5 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT diff --git a/test/output/rules6-save b/test/output/rules6-save index c48e34f..f4cfd9f 100644 --- a/test/output/rules6-save +++ b/test/output/rules6-save @@ -171,36 +171,36 @@ -A FORWARD -A FORWARD -j logreject-0 -A FORWARD -j logtarpit-0 --A FORWARD -j limit-0 --A FORWARD -j limit-1 --A FORWARD -j limit-2 --A FORWARD -j limit-3 --A FORWARD -j limit-4 --A FORWARD -j limit-5 --A FORWARD -j limit-6 --A FORWARD -j limit-7 --A FORWARD -j limit-8 --A FORWARD -j limit-9 --A FORWARD -j limit-10 --A FORWARD -j limit-11 --A FORWARD -j limit-12 --A FORWARD -j limit-13 --A FORWARD -j limit-14 --A FORWARD -j limit-15 --A FORWARD -j limit-16 --A FORWARD -j limit-17 --A FORWARD -j limit-18 --A FORWARD -j limit-19 --A FORWARD -j limit-20 --A FORWARD -j limit-21 --A FORWARD -j limit-22 --A FORWARD -j limit-23 --A FORWARD -j limit-24 --A FORWARD -j limit-25 --A FORWARD -j limit-26 --A FORWARD -j limit-27 --A FORWARD -j limit-28 --A FORWARD -j limit-29 +-A FORWARD -o eth1 -d fc00::/7 -j limit-0 +-A FORWARD -o eth1 -d fc00::/7 -j limit-1 +-A FORWARD -o eth1 -d fc00::/7 -j limit-2 +-A FORWARD -o eth1 -d fc00::/7 -j limit-3 +-A FORWARD -o eth1 -d fc00::/7 -j limit-4 +-A FORWARD -o eth1 -d fc00::/7 -j limit-5 +-A FORWARD -o eth1 -d fc00::/7 -j limit-6 +-A FORWARD -o eth1 -d fc00::/7 -j limit-7 +-A FORWARD -o eth1 -d fc00::/7 -j limit-8 +-A FORWARD -o eth1 -d fc00::/7 -j limit-9 +-A FORWARD -o eth1 -d fc00::/7 -j limit-10 +-A FORWARD -o eth1 -d fc00::/7 -j limit-11 +-A FORWARD -o eth1 -d fc00::/7 -j limit-12 +-A FORWARD -o eth1 -d fc00::/7 -j limit-13 +-A FORWARD -o eth1 -d fc00::/7 -j limit-14 +-A FORWARD -o eth1 -d fc00::/7 -j limit-15 +-A FORWARD -o eth1 -d fc00::/7 -j limit-16 +-A FORWARD -o eth1 -d fc00::/7 -j limit-17 +-A FORWARD -o eth1 -d fc00::/7 -j limit-18 +-A FORWARD -o eth1 -d fc00::/7 -j limit-19 +-A FORWARD -o eth1 -d fc00::/7 -j limit-20 +-A FORWARD -o eth1 -d fc00::/7 -j limit-21 +-A FORWARD -o eth1 -d fc00::/7 -j limit-22 +-A FORWARD -o eth1 -d fc00::/7 -j limit-23 +-A FORWARD -o eth1 -d fc00::/7 -j limit-24 +-A FORWARD -o eth1 -d fc00::/7 -j limit-25 +-A FORWARD -o eth1 -d fc00::/7 -j limit-26 +-A FORWARD -o eth1 -d fc00::/7 -j limit-27 +-A FORWARD -o eth1 -d fc00::/7 -j limit-28 +-A FORWARD -o eth1 -d fc00::/7 -j limit-29 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -299,36 +299,6 @@ -A INPUT -A INPUT -j logreject-0 -A INPUT -j logtarpit-0 --A INPUT -j limit-0 --A INPUT -j limit-1 --A INPUT -j limit-2 --A INPUT -j limit-3 --A INPUT -j limit-4 --A INPUT -j limit-5 --A INPUT -j limit-6 --A INPUT -j limit-7 --A INPUT -j limit-8 --A INPUT -j limit-9 --A INPUT -j limit-10 --A INPUT -j limit-11 --A INPUT -j limit-12 --A INPUT -j limit-13 --A INPUT -j limit-14 --A INPUT -j limit-15 --A INPUT -j limit-16 --A INPUT -j limit-17 --A INPUT -j limit-18 --A INPUT -j limit-19 --A INPUT -j limit-20 --A INPUT -j limit-21 --A INPUT -j limit-22 --A INPUT -j limit-23 --A INPUT -j limit-24 --A INPUT -j limit-25 --A INPUT -j limit-26 --A INPUT -j limit-27 --A INPUT -j limit-28 --A INPUT -j limit-29 -A INPUT -j ACCEPT -A INPUT -j logaccept-final-0 -A INPUT -j ACCEPT @@ -437,36 +407,36 @@ -A OUTPUT -A OUTPUT -j logreject-0 -A OUTPUT -j logtarpit-0 --A OUTPUT -j limit-0 --A OUTPUT -j limit-1 --A OUTPUT -j limit-2 --A OUTPUT -j limit-3 --A OUTPUT -j limit-4 --A OUTPUT -j limit-5 --A OUTPUT -j limit-6 --A OUTPUT -j limit-7 --A OUTPUT -j limit-8 --A OUTPUT -j limit-9 --A OUTPUT -j limit-10 --A OUTPUT -j limit-11 --A OUTPUT -j limit-12 --A OUTPUT -j limit-13 --A OUTPUT -j limit-14 --A OUTPUT -j limit-15 --A OUTPUT -j limit-16 --A OUTPUT -j limit-17 --A OUTPUT -j limit-18 --A OUTPUT -j limit-19 --A OUTPUT -j limit-20 --A OUTPUT -j limit-21 --A OUTPUT -j limit-22 --A OUTPUT -j limit-23 --A OUTPUT -j limit-24 --A OUTPUT -j limit-25 --A OUTPUT -j limit-26 --A OUTPUT -j limit-27 --A OUTPUT -j limit-28 --A OUTPUT -j limit-29 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-0 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-1 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-2 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-3 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-4 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-5 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-6 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-7 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-8 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-9 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-10 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-11 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-12 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-13 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-14 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-15 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-16 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-17 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-18 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-19 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-20 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-21 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-22 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-23 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-24 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-25 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-26 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-27 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-28 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-29 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT |