aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--awall/model.lua12
-rw-r--r--test/output/address/dump488
-rw-r--r--test/output/filter-limit/dump13674
-rw-r--r--test/output/filter/dump164
-rw-r--r--test/output/no-track/dump182
5 files changed, 7263 insertions, 7257 deletions
diff --git a/awall/model.lua b/awall/model.lua
index 873d478..0be36dc 100644
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -93,10 +93,16 @@ end
function M.ConfigObject:trules() return {} end
function M.ConfigObject:info()
- local res = {}
- for i, trule in ipairs(self:trules()) do
- table.insert(res, {' '..optfrag.location(trule), optfrag.command(trule)})
+ local rules = {}
+ for _, trule in ipairs(self:trules()) do
+ local loc = optfrag.location(trule)
+ table.insert(
+ setdefault(rules, loc, {}), {' '..loc, optfrag.command(trule)}
+ )
end
+
+ local res = {}
+ for _, loc in sortedkeys(rules) do extend(res, rules[loc]) end
return res
end
diff --git a/test/output/address/dump b/test/output/address/dump
index 176956c..91cbb08 100644
--- a/test/output/address/dump
+++ b/test/output/address/dump
@@ -11,43 +11,43 @@ Dnat 2 {"in":"B"}
Filter 1 {}
(address)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 2 {"action":"pass"}
(address)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 3 {"log":true}
(address)
inet/filter/FORWARD -j logaccept-0
- inet6/filter/FORWARD -j logaccept-0
inet/filter/INPUT -j logaccept-0
- inet6/filter/INPUT -j logaccept-0
inet/filter/OUTPUT -j logaccept-0
- inet6/filter/OUTPUT -j logaccept-0
inet/filter/logaccept-0 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG
inet/filter/logaccept-0 -j ACCEPT
+ inet6/filter/FORWARD -j logaccept-0
+ inet6/filter/INPUT -j logaccept-0
+ inet6/filter/OUTPUT -j logaccept-0
+ inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-0 -j ACCEPT
Filter 4 {"action":"pass","log":true}
(address)
inet/filter/FORWARD -j logpass-0
- inet6/filter/FORWARD -j logpass-0
inet/filter/INPUT -j logpass-0
- inet6/filter/INPUT -j logpass-0
inet/filter/OUTPUT -j logpass-0
- inet6/filter/OUTPUT -j logpass-0
inet/filter/logpass-0 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j logpass-0
+ inet6/filter/INPUT -j logpass-0
+ inet6/filter/OUTPUT -j logpass-0
inet6/filter/logpass-0 -m limit --limit 1/second -j LOG
Filter 5 {"dest":"172.16.0.0\/16"}
@@ -80,8 +80,8 @@ Filter 8 {"action":"pass","dest":"172.16.0.0\/16","log":true
Filter 9 {"dest":["172.16.0.0\/16","172.16.2.0\/16"]}
(address)
inet/filter/FORWARD -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -d 172.16.2.0/16 -j ACCEPT
inet/filter/OUTPUT -d 172.16.0.0/16 -j ACCEPT
inet/filter/OUTPUT -d 172.16.2.0/16 -j ACCEPT
@@ -89,8 +89,8 @@ Filter 9 {"dest":["172.16.0.0\/16","172.16.2.0\/16"]}
Filter 10 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"]}
(address)
inet/filter/FORWARD -d 172.16.0.0/16
- inet/filter/INPUT -d 172.16.0.0/16
inet/filter/FORWARD -d 172.16.2.0/16
+ inet/filter/INPUT -d 172.16.0.0/16
inet/filter/INPUT -d 172.16.2.0/16
inet/filter/OUTPUT -d 172.16.0.0/16
inet/filter/OUTPUT -d 172.16.2.0/16
@@ -98,8 +98,8 @@ Filter 10 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 11 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":true}
(address)
inet/filter/FORWARD -d 172.16.0.0/16 -j logaccept-2
- inet/filter/INPUT -d 172.16.0.0/16 -j logaccept-2
inet/filter/FORWARD -d 172.16.2.0/16 -j logaccept-2
+ inet/filter/INPUT -d 172.16.0.0/16 -j logaccept-2
inet/filter/INPUT -d 172.16.2.0/16 -j logaccept-2
inet/filter/OUTPUT -d 172.16.0.0/16 -j logaccept-2
inet/filter/OUTPUT -d 172.16.2.0/16 -j logaccept-2
@@ -109,8 +109,8 @@ Filter 11 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":t
Filter 12 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":true}
(address)
inet/filter/FORWARD -d 172.16.0.0/16 -j logpass-2
- inet/filter/INPUT -d 172.16.0.0/16 -j logpass-2
inet/filter/FORWARD -d 172.16.2.0/16 -j logpass-2
+ inet/filter/INPUT -d 172.16.0.0/16 -j logpass-2
inet/filter/INPUT -d 172.16.2.0/16 -j logpass-2
inet/filter/OUTPUT -d 172.16.0.0/16 -j logpass-2
inet/filter/OUTPUT -d 172.16.2.0/16 -j logpass-2
@@ -173,8 +173,8 @@ Filter 20 {"action":"pass","dest":"172.16.0.0\/16","log":true
Filter 21 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
@@ -182,8 +182,8 @@ Filter 21 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"src":"
Filter 22 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.2.0/16
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.2.0/16
@@ -191,8 +191,8 @@ Filter 22 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 23 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-5
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-5
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-5
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-5
inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-5
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-5
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-5
@@ -202,8 +202,8 @@ Filter 23 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":t
Filter 24 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-5
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-5
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-5
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-5
inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-5
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-5
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-5
@@ -212,8 +212,8 @@ Filter 24 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 25 {"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -j ACCEPT
- inet/filter/INPUT -s 10.0.0.1 -j ACCEPT
inet/filter/FORWARD -s 10.0.0.2 -j ACCEPT
+ inet/filter/INPUT -s 10.0.0.1 -j ACCEPT
inet/filter/INPUT -s 10.0.0.2 -j ACCEPT
inet/filter/OUTPUT -s 10.0.0.1 -j ACCEPT
inet/filter/OUTPUT -s 10.0.0.2 -j ACCEPT
@@ -221,8 +221,8 @@ Filter 25 {"src":["10.0.0.1","10.0.0.2"]}
Filter 26 {"action":"pass","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1
- inet/filter/INPUT -s 10.0.0.1
inet/filter/FORWARD -s 10.0.0.2
+ inet/filter/INPUT -s 10.0.0.1
inet/filter/INPUT -s 10.0.0.2
inet/filter/OUTPUT -s 10.0.0.1
inet/filter/OUTPUT -s 10.0.0.2
@@ -230,8 +230,8 @@ Filter 26 {"action":"pass","src":["10.0.0.1","10.0.0.2"]}
Filter 27 {"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -j logaccept-6
- inet/filter/INPUT -s 10.0.0.1 -j logaccept-6
inet/filter/FORWARD -s 10.0.0.2 -j logaccept-6
+ inet/filter/INPUT -s 10.0.0.1 -j logaccept-6
inet/filter/INPUT -s 10.0.0.2 -j logaccept-6
inet/filter/OUTPUT -s 10.0.0.1 -j logaccept-6
inet/filter/OUTPUT -s 10.0.0.2 -j logaccept-6
@@ -241,8 +241,8 @@ Filter 27 {"log":true,"src":["10.0.0.1","10.0.0.2"]}
Filter 28 {"action":"pass","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -j logpass-6
- inet/filter/INPUT -s 10.0.0.1 -j logpass-6
inet/filter/FORWARD -s 10.0.0.2 -j logpass-6
+ inet/filter/INPUT -s 10.0.0.1 -j logpass-6
inet/filter/INPUT -s 10.0.0.2 -j logpass-6
inet/filter/OUTPUT -s 10.0.0.1 -j logpass-6
inet/filter/OUTPUT -s 10.0.0.2 -j logpass-6
@@ -251,8 +251,8 @@ Filter 28 {"action":"pass","log":true,"src":["10.0.0.1","10.0
Filter 29 {"dest":"172.16.0.0\/16","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/OUTPUT -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
@@ -260,8 +260,8 @@ Filter 29 {"dest":"172.16.0.0\/16","src":["10.0.0.1","10.0.0.
Filter 30 {"action":"pass","dest":"172.16.0.0\/16","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.0.0/16
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/OUTPUT -s 10.0.0.2 -d 172.16.0.0/16
@@ -269,8 +269,8 @@ Filter 30 {"action":"pass","dest":"172.16.0.0\/16","src":["10
Filter 31 {"dest":"172.16.0.0\/16","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-7
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-7
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-7
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-7
inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-7
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-7
inet/filter/OUTPUT -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-7
@@ -280,8 +280,8 @@ Filter 31 {"dest":"172.16.0.0\/16","log":true,"src":["10.0.0.
Filter 32 {"action":"pass","dest":"172.16.0.0\/16","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-7
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-7
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-7
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-7
inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-7
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-7
inet/filter/OUTPUT -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-7
@@ -290,12 +290,12 @@ Filter 32 {"action":"pass","dest":"172.16.0.0\/16","log":true
Filter 33 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -s 10.0.0.2 -d 172.16.2.0/16 -j ACCEPT
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
@@ -305,12 +305,12 @@ Filter 33 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"src":[
Filter 34 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.2.0/16
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.0.0/16
- inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.2.0/16
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16
+ inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16
inet/filter/INPUT -s 10.0.0.2 -d 172.16.2.0/16
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.2.0/16
@@ -320,12 +320,12 @@ Filter 34 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 35 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-8
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-8
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-8
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-8
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-8
- inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-8
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.2.0/16 -j logaccept-8
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-8
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-8
+ inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-8
inet/filter/INPUT -s 10.0.0.2 -d 172.16.2.0/16 -j logaccept-8
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-8
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-8
@@ -337,12 +337,12 @@ Filter 35 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":t
Filter 36 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-8
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-8
inet/filter/FORWARD -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-8
- inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-8
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-8
- inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-8
inet/filter/FORWARD -s 10.0.0.2 -d 172.16.2.0/16 -j logpass-8
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-8
+ inet/filter/INPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-8
+ inet/filter/INPUT -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-8
inet/filter/INPUT -s 10.0.0.2 -d 172.16.2.0/16 -j logpass-8
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-8
inet/filter/OUTPUT -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-8
@@ -368,20 +368,20 @@ Filter 39 {"log":true,"out":"B"}
(address)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j logaccept-9
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j logaccept-9
+ inet/filter/logaccept-9 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-9 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j logaccept-9
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j logaccept-9
- inet/filter/logaccept-9 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-9 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-9 -j ACCEPT
inet6/filter/logaccept-9 -j ACCEPT
Filter 40 {"action":"pass","log":true,"out":"B"}
(address)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j logpass-9
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j logpass-9
+ inet/filter/logpass-9 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j logpass-9
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j logpass-9
- inet/filter/logpass-9 -m limit --limit 1/second -j LOG
inet6/filter/logpass-9 -m limit --limit 1/second -j LOG
Filter 41 {"dest":"172.16.0.0\/16","out":"B"}
@@ -524,22 +524,22 @@ Filter 60 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 61 {"out":"B","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j ACCEPT
- inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j ACCEPT
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -s 10.0.0.2 -j ACCEPT
+ inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j ACCEPT
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.2 -j ACCEPT
Filter 62 {"action":"pass","out":"B","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -s 10.0.0.1
- inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.1
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -s 10.0.0.2
+ inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.1
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.2
Filter 63 {"log":true,"out":"B","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j logaccept-15
- inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j logaccept-15
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -s 10.0.0.2 -j logaccept-15
+ inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j logaccept-15
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.2 -j logaccept-15
inet/filter/logaccept-15 -m limit --limit 1/second -j LOG
inet/filter/logaccept-15 -j ACCEPT
@@ -547,8 +547,8 @@ Filter 63 {"log":true,"out":"B","src":["10.0.0.1","10.0.0.2"]
Filter 64 {"action":"pass","log":true,"out":"B","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j logpass-13
- inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j logpass-13
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -s 10.0.0.2 -j logpass-13
+ inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.1 -j logpass-13
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -s 10.0.0.2 -j logpass-13
inet/filter/logpass-13 -m limit --limit 1/second -j LOG
@@ -625,35 +625,35 @@ Filter 72 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 73 {"in":"A"}
(address)
inet/filter/FORWARD -i eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -j ACCEPT
inet/filter/INPUT -i eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -j ACCEPT
inet6/filter/INPUT -i eth0 -j ACCEPT
Filter 74 {"action":"pass","in":"A"}
(address)
inet/filter/FORWARD -i eth0
- inet6/filter/FORWARD -i eth0
inet/filter/INPUT -i eth0
+ inet6/filter/FORWARD -i eth0
inet6/filter/INPUT -i eth0
Filter 75 {"in":"A","log":true}
(address)
inet/filter/FORWARD -i eth0 -j logaccept-18
- inet6/filter/FORWARD -i eth0 -j logaccept-18
inet/filter/INPUT -i eth0 -j logaccept-18
- inet6/filter/INPUT -i eth0 -j logaccept-18
inet/filter/logaccept-18 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-18 -m limit --limit 1/second -j LOG
inet/filter/logaccept-18 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -j logaccept-18
+ inet6/filter/INPUT -i eth0 -j logaccept-18
+ inet6/filter/logaccept-18 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-18 -j ACCEPT
Filter 76 {"action":"pass","in":"A","log":true}
(address)
inet/filter/FORWARD -i eth0 -j logpass-16
- inet6/filter/FORWARD -i eth0 -j logpass-16
inet/filter/INPUT -i eth0 -j logpass-16
- inet6/filter/INPUT -i eth0 -j logpass-16
inet/filter/logpass-16 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -i eth0 -j logpass-16
+ inet6/filter/INPUT -i eth0 -j logpass-16
inet6/filter/logpass-16 -m limit --limit 1/second -j LOG
Filter 77 {"dest":"172.16.0.0\/16","in":"A"}
@@ -682,22 +682,22 @@ Filter 80 {"action":"pass","dest":"172.16.0.0\/16","in":"A","
Filter 81 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A"}
(address)
inet/filter/FORWARD -i eth0 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth0 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth0 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth0 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -i eth0 -d 172.16.2.0/16 -j ACCEPT
Filter 82 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A"}
(address)
inet/filter/FORWARD -i eth0 -d 172.16.0.0/16
- inet/filter/INPUT -i eth0 -d 172.16.0.0/16
inet/filter/FORWARD -i eth0 -d 172.16.2.0/16
+ inet/filter/INPUT -i eth0 -d 172.16.0.0/16
inet/filter/INPUT -i eth0 -d 172.16.2.0/16
Filter 83 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","log":true}
(address)
inet/filter/FORWARD -i eth0 -d 172.16.0.0/16 -j logaccept-20
- inet/filter/INPUT -i eth0 -d 172.16.0.0/16 -j logaccept-20
inet/filter/FORWARD -i eth0 -d 172.16.2.0/16 -j logaccept-20
+ inet/filter/INPUT -i eth0 -d 172.16.0.0/16 -j logaccept-20
inet/filter/INPUT -i eth0 -d 172.16.2.0/16 -j logaccept-20
inet/filter/logaccept-20 -m limit --limit 1/second -j LOG
inet/filter/logaccept-20 -j ACCEPT
@@ -705,8 +705,8 @@ Filter 83 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A
Filter 84 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","log":true}
(address)
inet/filter/FORWARD -i eth0 -d 172.16.0.0/16 -j logpass-18
- inet/filter/INPUT -i eth0 -d 172.16.0.0/16 -j logpass-18
inet/filter/FORWARD -i eth0 -d 172.16.2.0/16 -j logpass-18
+ inet/filter/INPUT -i eth0 -d 172.16.0.0/16 -j logpass-18
inet/filter/INPUT -i eth0 -d 172.16.2.0/16 -j logpass-18
inet/filter/logpass-18 -m limit --limit 1/second -j LOG
@@ -759,22 +759,22 @@ Filter 92 {"action":"pass","dest":"172.16.0.0\/16","in":"A","
Filter 93 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
Filter 94 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.2.0/16
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16
Filter 95 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-23
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-23
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-23
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-23
inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-23
inet/filter/logaccept-23 -m limit --limit 1/second -j LOG
inet/filter/logaccept-23 -j ACCEPT
@@ -782,30 +782,30 @@ Filter 95 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A
Filter 96 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-21
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-21
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-21
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-21
inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-21
inet/filter/logpass-21 -m limit --limit 1/second -j LOG
Filter 97 {"in":"A","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -j ACCEPT
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -j ACCEPT
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -j ACCEPT
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -j ACCEPT
inet/filter/INPUT -i eth0 -s 10.0.0.2 -j ACCEPT
Filter 98 {"action":"pass","in":"A","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1
- inet/filter/INPUT -i eth0 -s 10.0.0.1
inet/filter/FORWARD -i eth0 -s 10.0.0.2
+ inet/filter/INPUT -i eth0 -s 10.0.0.1
inet/filter/INPUT -i eth0 -s 10.0.0.2
Filter 99 {"in":"A","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -j logaccept-24
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -j logaccept-24
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -j logaccept-24
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -j logaccept-24
inet/filter/INPUT -i eth0 -s 10.0.0.2 -j logaccept-24
inet/filter/logaccept-24 -m limit --limit 1/second -j LOG
inet/filter/logaccept-24 -j ACCEPT
@@ -813,30 +813,30 @@ Filter 99 {"in":"A","log":true,"src":["10.0.0.1","10.0.0.2"]}
Filter 100 {"action":"pass","in":"A","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -j logpass-22
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -j logpass-22
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -j logpass-22
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -j logpass-22
inet/filter/INPUT -i eth0 -s 10.0.0.2 -j logpass-22
inet/filter/logpass-22 -m limit --limit 1/second -j LOG
Filter 101 {"dest":"172.16.0.0\/16","in":"A","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
Filter 102 {"action":"pass","dest":"172.16.0.0\/16","in":"A","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.0.0/16
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16
Filter 103 {"dest":"172.16.0.0\/16","in":"A","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-25
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-25
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-25
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-25
inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-25
inet/filter/logaccept-25 -m limit --limit 1/second -j LOG
inet/filter/logaccept-25 -j ACCEPT
@@ -844,42 +844,42 @@ Filter 103 {"dest":"172.16.0.0\/16","in":"A","log":true,"src":
Filter 104 {"action":"pass","dest":"172.16.0.0\/16","in":"A","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-23
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-23
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-23
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-23
inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-23
inet/filter/logpass-23 -m limit --limit 1/second -j LOG
Filter 105 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.2.0/16 -j ACCEPT
Filter 106 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.2.0/16
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.0.0/16
- inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.2.0/16
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16
+ inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16
inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.2.0/16
Filter 107 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-26
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-26
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-26
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-26
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-26
- inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-26
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.2.0/16 -j logaccept-26
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-26
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-26
+ inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-26
inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.2.0/16 -j logaccept-26
inet/filter/logaccept-26 -m limit --limit 1/second -j LOG
inet/filter/logaccept-26 -j ACCEPT
@@ -887,12 +887,12 @@ Filter 107 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A
Filter 108 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"A","log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-24
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-24
inet/filter/FORWARD -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-24
- inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-24
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-24
- inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-24
inet/filter/FORWARD -i eth0 -s 10.0.0.2 -d 172.16.2.0/16 -j logpass-24
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-24
+ inet/filter/INPUT -i eth0 -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-24
+ inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-24
inet/filter/INPUT -i eth0 -s 10.0.0.2 -d 172.16.2.0/16 -j logpass-24
inet/filter/logpass-24 -m limit --limit 1/second -j LOG
@@ -909,10 +909,10 @@ Filter 110 {"action":"pass","in":"A","out":"B"}
Filter 111 {"in":"A","log":true,"out":"B"}
(address)
inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j logaccept-27
- inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j logaccept-27
inet/filter/logaccept-27 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-27 -m limit --limit 1/second -j LOG
inet/filter/logaccept-27 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j logaccept-27
+ inet6/filter/logaccept-27 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-27 -j ACCEPT
Filter 112 {"action":"pass","in":"A","log":true,"out":"B"}
@@ -1139,20 +1139,20 @@ Filter 147 {"in":"B","log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j logaccept-36
inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j logaccept-36
+ inet/filter/logaccept-36 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-36 -j ACCEPT
inet6/filter/FORWARD -i eth1 -s fc00::/7 -j logaccept-36
inet6/filter/INPUT -i eth1 -s fc00::/7 -j logaccept-36
- inet/filter/logaccept-36 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-36 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-36 -j ACCEPT
inet6/filter/logaccept-36 -j ACCEPT
Filter 148 {"action":"pass","in":"B","log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j logpass-30
inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j logpass-30
+ inet/filter/logpass-30 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -i eth1 -s fc00::/7 -j logpass-30
inet6/filter/INPUT -i eth1 -s fc00::/7 -j logpass-30
- inet/filter/logpass-30 -m limit --limit 1/second -j LOG
inet6/filter/logpass-30 -m limit --limit 1/second -j LOG
Filter 149 {"dest":"172.16.0.0\/16","in":"B"}
@@ -1181,22 +1181,22 @@ Filter 152 {"action":"pass","dest":"172.16.0.0\/16","in":"B","
Filter 153 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"B"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j ACCEPT
Filter 154 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"B"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16
Filter 155 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"B","log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-38
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-38
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logaccept-38
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-38
inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logaccept-38
inet/filter/logaccept-38 -m limit --limit 1/second -j LOG
inet/filter/logaccept-38 -j ACCEPT
@@ -1204,8 +1204,8 @@ Filter 155 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"B
Filter 156 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":"B","log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-32
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-32
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logpass-32
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-32
inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logpass-32
inet/filter/logpass-32 -m limit --limit 1/second -j LOG
@@ -1504,78 +1504,78 @@ Filter 216 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 217 {"in":["B","C"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j ACCEPT
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -j ACCEPT
- inet6/filter/INPUT -i eth1 -s fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j ACCEPT
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j ACCEPT
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j ACCEPT
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j ACCEPT
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -j ACCEPT
+ inet6/filter/INPUT -i eth1 -s fc00::/7 -j ACCEPT
Filter 218 {"action":"pass","in":["B","C"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12
- inet6/filter/FORWARD -i eth1 -s fc00::/7
- inet6/filter/INPUT -i eth1 -s fc00::/7
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12
inet/filter/INPUT -i eth3 -s 10.1.0.0/12
+ inet6/filter/FORWARD -i eth1 -s fc00::/7
+ inet6/filter/INPUT -i eth1 -s fc00::/7
Filter 219 {"in":["B","C"],"log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j logaccept-45
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j logaccept-45
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -j logaccept-45
- inet6/filter/INPUT -i eth1 -s fc00::/7 -j logaccept-45
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j logaccept-45
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j logaccept-45
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j logaccept-45
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j logaccept-45
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j logaccept-45
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j logaccept-45
inet/filter/logaccept-45 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-45 -m limit --limit 1/second -j LOG
inet/filter/logaccept-45 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -j logaccept-45
+ inet6/filter/INPUT -i eth1 -s fc00::/7 -j logaccept-45
+ inet6/filter/logaccept-45 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-45 -j ACCEPT
Filter 220 {"action":"pass","in":["B","C"],"log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j logpass-37
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j logpass-37
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -j logpass-37
- inet6/filter/INPUT -i eth1 -s fc00::/7 -j logpass-37
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j logpass-37
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j logpass-37
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j logpass-37
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j logpass-37
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j logpass-37
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j logpass-37
inet/filter/logpass-37 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -j logpass-37
+ inet6/filter/INPUT -i eth1 -s fc00::/7 -j logpass-37
inet6/filter/logpass-37 -m limit --limit 1/second -j LOG
Filter 221 {"dest":"172.16.0.0\/16","in":["B","C"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
Filter 222 {"action":"pass","dest":"172.16.0.0\/16","in":["B","C"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16
Filter 223 {"dest":"172.16.0.0\/16","in":["B","C"],"log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-46
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-46
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-46
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-46
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-46
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-46
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-46
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-46
inet/filter/logaccept-46 -m limit --limit 1/second -j LOG
inet/filter/logaccept-46 -j ACCEPT
@@ -1583,56 +1583,56 @@ Filter 223 {"dest":"172.16.0.0\/16","in":["B","C"],"log":true}
Filter 224 {"action":"pass","dest":"172.16.0.0\/16","in":["B","C"],"log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-38
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-38
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-38
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-38
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-38
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-38
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-38
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-38
inet/filter/logpass-38 -m limit --limit 1/second -j LOG
Filter 225 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j ACCEPT
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j ACCEPT
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
- inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j ACCEPT
+ inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j ACCEPT
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.2.0/16 -j ACCEPT
Filter 226 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16
- inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.2.0/16
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16
+ inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.2.0/16
Filter 227 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-47
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-47
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logaccept-47
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logaccept-47
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-47
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-47
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logaccept-47
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logaccept-47
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-47
- inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-47
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logaccept-47
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logaccept-47
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logaccept-47
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-47
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logaccept-47
+ inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logaccept-47
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logaccept-47
inet/filter/logaccept-47 -m limit --limit 1/second -j LOG
inet/filter/logaccept-47 -j ACCEPT
@@ -1640,46 +1640,46 @@ Filter 227 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["
Filter 228 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"log":true}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-39
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-39
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logpass-39
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logpass-39
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-39
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-39
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logpass-39
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logpass-39
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-39
- inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-39
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logpass-39
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.0.0/16 -j logpass-39
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -d 172.16.2.0/16 -j logpass-39
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-39
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logpass-39
+ inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.0.0/16 -j logpass-39
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -d 172.16.2.0/16 -j logpass-39
inet/filter/logpass-39 -m limit --limit 1/second -j LOG
Filter 229 {"in":["B","C"],"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-72
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-72
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-72
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-72
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-72
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-72
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-72
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-72
inet/filter/address-72 -s 10.0.0.1 -j ACCEPT
Filter 230 {"action":"pass","in":["B","C"],"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-73
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-73
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-73
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-73
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-73
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-73
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-73
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-73
inet/filter/address-73 -s 10.0.0.1
Filter 231 {"in":["B","C"],"log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-74
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-74
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-74
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-74
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-74
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-74
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-74
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-74
inet/filter/address-74 -s 10.0.0.1 -j logaccept-48
inet/filter/logaccept-48 -m limit --limit 1/second -j LOG
@@ -1688,40 +1688,40 @@ Filter 231 {"in":["B","C"],"log":true,"src":"10.0.0.1"}
Filter 232 {"action":"pass","in":["B","C"],"log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-75
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-75
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-75
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-75
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-75
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-75
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-75
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-75
inet/filter/address-75 -s 10.0.0.1 -m limit --limit 1/second -j LOG
Filter 233 {"dest":"172.16.0.0\/16","in":["B","C"],"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-76
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-76
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-76
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-76
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-76
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-76
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-76
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-76
inet/filter/address-76 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
Filter 234 {"action":"pass","dest":"172.16.0.0\/16","in":["B","C"],"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-77
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-77
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-77
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-77
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-77
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-77
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-77
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-77
inet/filter/address-77 -s 10.0.0.1 -d 172.16.0.0/16
Filter 235 {"dest":"172.16.0.0\/16","in":["B","C"],"log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-78
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-78
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-78
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-78
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-78
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-78
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-78
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-78
inet/filter/address-78 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-49
inet/filter/logaccept-49 -m limit --limit 1/second -j LOG
@@ -1730,20 +1730,20 @@ Filter 235 {"dest":"172.16.0.0\/16","in":["B","C"],"log":true,
Filter 236 {"action":"pass","dest":"172.16.0.0\/16","in":["B","C"],"log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-79
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-79
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-79
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-79
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-79
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-79
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-79
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-79
inet/filter/address-79 -s 10.0.0.1 -d 172.16.0.0/16 -m limit --limit 1/second -j LOG
Filter 237 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-80
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-80
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-80
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-80
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-80
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-80
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-80
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-80
inet/filter/address-80 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/address-80 -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
@@ -1751,10 +1751,10 @@ Filter 237 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["
Filter 238 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-81
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-81
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-81
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-81
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-81
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-81
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-81
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-81
inet/filter/address-81 -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/address-81 -s 10.0.0.1 -d 172.16.2.0/16
@@ -1762,10 +1762,10 @@ Filter 238 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 239 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-82
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-82
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-82
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-82
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-82
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-82
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-82
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-82
inet/filter/address-82 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-50
inet/filter/address-82 -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-50
@@ -1775,10 +1775,10 @@ Filter 239 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["
Filter 240 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"log":true,"src":"10.0.0.1"}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-83
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-83
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-83
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-83
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-83
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-83
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-83
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-83
inet/filter/address-83 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-40
inet/filter/address-83 -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-40
@@ -1787,10 +1787,10 @@ Filter 240 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 241 {"in":["B","C"],"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-84
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-84
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-84
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-84
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-84
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-84
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-84
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-84
inet/filter/address-84 -s 10.0.0.1 -j ACCEPT
inet/filter/address-84 -s 10.0.0.2 -j ACCEPT
@@ -1798,10 +1798,10 @@ Filter 241 {"in":["B","C"],"src":["10.0.0.1","10.0.0.2"]}
Filter 242 {"action":"pass","in":["B","C"],"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-85
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-85
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-85
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-85
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-85
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-85
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-85
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-85
inet/filter/address-85 -s 10.0.0.1
inet/filter/address-85 -s 10.0.0.2
@@ -1809,10 +1809,10 @@ Filter 242 {"action":"pass","in":["B","C"],"src":["10.0.0.1","
Filter 243 {"in":["B","C"],"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-86
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-86
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-86
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-86
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-86
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-86
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-86
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-86
inet/filter/address-86 -s 10.0.0.1 -j logaccept-51
inet/filter/address-86 -s 10.0.0.2 -j logaccept-51
@@ -1822,10 +1822,10 @@ Filter 243 {"in":["B","C"],"log":true,"src":["10.0.0.1","10.0.
Filter 244 {"action":"pass","in":["B","C"],"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-87
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-87
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-87
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-87
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-87
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-87
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-87
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-87
inet/filter/address-87 -s 10.0.0.1 -j logpass-41
inet/filter/address-87 -s 10.0.0.2 -j logpass-41
@@ -1834,10 +1834,10 @@ Filter 244 {"action":"pass","in":["B","C"],"log":true,"src":["
Filter 245 {"dest":"172.16.0.0\/16","in":["B","C"],"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-88
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-88
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-88
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-88
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-88
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-88
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-88
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-88
inet/filter/address-88 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/address-88 -s 10.0.0.2 -d 172.16.0.0/16 -j ACCEPT
@@ -1845,10 +1845,10 @@ Filter 245 {"dest":"172.16.0.0\/16","in":["B","C"],"src":["10.
Filter 246 {"action":"pass","dest":"172.16.0.0\/16","in":["B","C"],"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-89
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-89
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-89
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-89
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-89
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-89
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-89
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-89
inet/filter/address-89 -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/address-89 -s 10.0.0.2 -d 172.16.0.0/16
@@ -1856,10 +1856,10 @@ Filter 246 {"action":"pass","dest":"172.16.0.0\/16","in":["B",
Filter 247 {"dest":"172.16.0.0\/16","in":["B","C"],"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-90
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-90
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-90
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-90
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-90
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-90
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-90
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-90
inet/filter/address-90 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-52
inet/filter/address-90 -s 10.0.0.2 -d 172.16.0.0/16 -j logaccept-52
@@ -1869,10 +1869,10 @@ Filter 247 {"dest":"172.16.0.0\/16","in":["B","C"],"log":true,
Filter 248 {"action":"pass","dest":"172.16.0.0\/16","in":["B","C"],"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-91
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-91
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-91
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-91
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-91
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-91
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-91
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-91
inet/filter/address-91 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-42
inet/filter/address-91 -s 10.0.0.2 -d 172.16.0.0/16 -j logpass-42
@@ -1881,10 +1881,10 @@ Filter 248 {"action":"pass","dest":"172.16.0.0\/16","in":["B",
Filter 249 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-92
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-92
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-92
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-92
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-92
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-92
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-92
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-92
inet/filter/address-92 -s 10.0.0.1 -d 172.16.0.0/16 -j ACCEPT
inet/filter/address-92 -s 10.0.0.1 -d 172.16.2.0/16 -j ACCEPT
@@ -1894,10 +1894,10 @@ Filter 249 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["
Filter 250 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-93
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-93
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-93
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-93
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-93
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-93
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-93
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-93
inet/filter/address-93 -s 10.0.0.1 -d 172.16.0.0/16
inet/filter/address-93 -s 10.0.0.1 -d 172.16.2.0/16
@@ -1907,10 +1907,10 @@ Filter 250 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 251 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-94
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-94
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-94
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-94
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-94
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-94
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-94
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-94
inet/filter/address-94 -s 10.0.0.1 -d 172.16.0.0/16 -j logaccept-53
inet/filter/address-94 -s 10.0.0.1 -d 172.16.2.0/16 -j logaccept-53
@@ -1922,10 +1922,10 @@ Filter 251 {"dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["
Filter 252 {"action":"pass","dest":["172.16.0.0\/16","172.16.2.0\/16"],"in":["B","C"],"log":true,"src":["10.0.0.1","10.0.0.2"]}
(address)
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -j address-95
- inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-95
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -j address-95
- inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-95
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -j address-95
+ inet/filter/INPUT -i eth1 -s 10.0.0.0/12 -j address-95
+ inet/filter/INPUT -i eth2 -s 10.1.0.0/12 -j address-95
inet/filter/INPUT -i eth3 -s 10.1.0.0/12 -j address-95
inet/filter/address-95 -s 10.0.0.1 -d 172.16.0.0/16 -j logpass-43
inet/filter/address-95 -s 10.0.0.1 -d 172.16.2.0/16 -j logpass-43
@@ -2200,133 +2200,133 @@ Filter 288 {"action":"pass","dest":["172.16.0.0\/16","172.16.2
Filter 289 {}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 290 {"action":"drop"}
(log)
inet/filter/FORWARD -j logdrop-0
- inet6/filter/FORWARD -j logdrop-0
inet/filter/INPUT -j logdrop-0
- inet6/filter/INPUT -j logdrop-0
inet/filter/OUTPUT -j logdrop-0
- inet6/filter/OUTPUT -j logdrop-0
inet/filter/logdrop-0 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG
inet/filter/logdrop-0 -j DROP
+ inet6/filter/FORWARD -j logdrop-0
+ inet6/filter/INPUT -j logdrop-0
+ inet6/filter/OUTPUT -j logdrop-0
+ inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-0 -j DROP
Filter 291 {"action":"pass"}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 292 {"log":false}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 293 {"action":"drop","log":false}
(log)
inet/filter/FORWARD -j DROP
- inet6/filter/FORWARD -j DROP
inet/filter/INPUT -j DROP
- inet6/filter/INPUT -j DROP
inet/filter/OUTPUT -j DROP
+ inet6/filter/FORWARD -j DROP
+ inet6/filter/INPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 294 {"action":"pass","log":false}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 295 {"log":true}
(log)
inet/filter/FORWARD -j logaccept-63
- inet6/filter/FORWARD -j logaccept-63
inet/filter/INPUT -j logaccept-63
- inet6/filter/INPUT -j logaccept-63
inet/filter/OUTPUT -j logaccept-63
- inet6/filter/OUTPUT -j logaccept-63
inet/filter/logaccept-63 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-63 -m limit --limit 1/second -j LOG
inet/filter/logaccept-63 -j ACCEPT
+ inet6/filter/FORWARD -j logaccept-63
+ inet6/filter/INPUT -j logaccept-63
+ inet6/filter/OUTPUT -j logaccept-63
+ inet6/filter/logaccept-63 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-63 -j ACCEPT
Filter 296 {"action":"drop","log":true}
(log)
inet/filter/FORWARD -j logdrop-1
- inet6/filter/FORWARD -j logdrop-1
inet/filter/INPUT -j logdrop-1
- inet6/filter/INPUT -j logdrop-1
inet/filter/OUTPUT -j logdrop-1
- inet6/filter/OUTPUT -j logdrop-1
inet/filter/logdrop-1 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG
inet/filter/logdrop-1 -j DROP
+ inet6/filter/FORWARD -j logdrop-1
+ inet6/filter/INPUT -j logdrop-1
+ inet6/filter/OUTPUT -j logdrop-1
+ inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-1 -j DROP
Filter 297 {"action":"pass","log":true}
(log)
inet/filter/FORWARD -j logpass-50
- inet6/filter/FORWARD -j logpass-50
inet/filter/INPUT -j logpass-50
- inet6/filter/INPUT -j logpass-50
inet/filter/OUTPUT -j logpass-50
- inet6/filter/OUTPUT -j logpass-50
inet/filter/logpass-50 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j logpass-50
+ inet6/filter/INPUT -j logpass-50
+ inet6/filter/OUTPUT -j logpass-50
inet6/filter/logpass-50 -m limit --limit 1/second -j LOG
Filter 298 {"log":"none"}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 299 {"action":"drop","log":"none"}
(log)
inet/filter/FORWARD -j DROP
- inet6/filter/FORWARD -j DROP
inet/filter/INPUT -j DROP
- inet6/filter/INPUT -j DROP
inet/filter/OUTPUT -j DROP
+ inet6/filter/FORWARD -j DROP
+ inet6/filter/INPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 300 {"action":"pass","log":"none"}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 301 {"in":["_fw","A"]}
(zone)
- inet/filter/OUTPUT -j ACCEPT
- inet6/filter/OUTPUT -j ACCEPT
inet/filter/FORWARD -i eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -j ACCEPT
inet/filter/INPUT -i eth0 -j ACCEPT
+ inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -j ACCEPT
inet6/filter/INPUT -i eth0 -j ACCEPT
+ inet6/filter/OUTPUT -j ACCEPT
Filter 302 {"in":"B","out":"C"}
(zone)
@@ -2335,35 +2335,27 @@ Filter 302 {"in":"B","out":"C"}
Filter 303 {"out":["_fw","B"]}
(zone)
- inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
Filter 304 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
(zone)
inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT
@@ -2377,40 +2369,48 @@ Filter 304 {"in":["A","B","C","D","E"],"out":["A","B","C","D",
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
inet6/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
@@ -2438,8 +2438,8 @@ Log none {"mode":"none"}
Mark 1 {"in":["_fw","A"],"mark":0}
(zone)
inet/mangle/OUTPUT -j MARK --set-mark 0
- inet6/mangle/OUTPUT -j MARK --set-mark 0
inet/mangle/PREROUTING -i eth0 -j MARK --set-mark 0
+ inet6/mangle/OUTPUT -j MARK --set-mark 0
inet6/mangle/PREROUTING -i eth0 -j MARK --set-mark 0
Mark 2 {"in":"B","mark":1,"out":"C"}
@@ -2450,16 +2450,16 @@ Mark 2 {"in":"B","mark":1,"out":"C"}
Mark 3 {"mark":2,"out":["_fw","B"]}
(zone)
inet/mangle/INPUT -j MARK --set-mark 2
- inet6/mangle/INPUT -j MARK --set-mark 2
inet/mangle/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MARK --set-mark 2
+ inet6/mangle/INPUT -j MARK --set-mark 2
inet6/mangle/POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 2
No-track 1 {"in":["_fw","A"]}
(zone)
inet/raw/OUTPUT -j CT --notrack
- inet6/raw/OUTPUT -j CT --notrack
inet/raw/PREROUTING -i eth0 -j CT --notrack
+ inet6/raw/OUTPUT -j CT --notrack
inet6/raw/PREROUTING -i eth0 -j CT --notrack
No-track 2 {"in":"B"}
diff --git a/test/output/filter-limit/dump b/test/output/filter-limit/dump
index 281fd03..0d2a699 100644
--- a/test/output/filter-limit/dump
+++ b/test/output/filter-limit/dump
@@ -12,5349 +12,5349 @@ Filter 1 {"conn-limit":1,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-0
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-0
+ inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-0
+ inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-0 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-0 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-0
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-0
- inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-0
inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-0
- inet/filter/logdrop-0 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-0 -j DROP
inet6/filter/logdrop-0 -j DROP
- inet/filter/limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 2 {"action":"pass","conn-limit":1,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-1
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-1
+ inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-1
+ inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-1 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-1
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-1
- inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-1
inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-1
- inet/filter/logdrop-1 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-1 -j DROP
inet6/filter/logdrop-1 -j DROP
- inet/filter/limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 3 {"conn-limit":1,"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-2
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-2
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-2
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-2
inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-2
- inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2
+ inet/filter/limit-2 -m limit --limit 1/second -j LOG
+ inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-2 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-2 -m limit --limit 1/second -j LOG
inet/filter/logdrop-2 -j DROP
- inet6/filter/logdrop-2 -j DROP
- inet/filter/limit-2 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-2
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-2
+ inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2
inet6/filter/limit-2 -m limit --limit 1/second -j LOG
- inet/filter/limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-2 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-2 -j DROP
Filter 4 {"action":"pass","conn-limit":1,"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-3
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-3
+ inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3
+ inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-3 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-3 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-3
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-3
- inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3
inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3
- inet/filter/logdrop-3 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-3 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-3 -j DROP
inet6/filter/logdrop-3 -j DROP
- inet/filter/limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 5 {"conn-limit":1,"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-4
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-4
+ inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4
+ inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-4 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-4 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-4
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-4
- inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4
inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4
- inet/filter/logdrop-4 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-4 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-4 -j DROP
inet6/filter/logdrop-4 -j DROP
- inet/filter/limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 6 {"action":"pass","conn-limit":1,"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-5
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-5
+ inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5
+ inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-5 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-5
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-5
- inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5
inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5
- inet/filter/logdrop-5 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-5 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-5 -j DROP
inet6/filter/logdrop-5 -j DROP
- inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 7 {"conn-limit":{},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6
+ inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6
+ inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-6 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-6 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-6
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-6
- inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6
inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6
- inet/filter/logdrop-6 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-6 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-6 -j DROP
inet6/filter/logdrop-6 -j DROP
- inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 8 {"action":"pass","conn-limit":{},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7
+ inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7
+ inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-7 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-7 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-7
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-7
- inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7
inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7
- inet/filter/logdrop-7 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-7 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-7 -j DROP
inet6/filter/logdrop-7 -j DROP
- inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 9 {"conn-limit":{},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-8
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-8
inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8
- inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8
+ inet/filter/limit-8 -m limit --limit 1/second -j LOG
+ inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-8 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-8 -m limit --limit 1/second -j LOG
inet/filter/logdrop-8 -j DROP
- inet6/filter/logdrop-8 -j DROP
- inet/filter/limit-8 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-8
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-8
+ inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8
inet6/filter/limit-8 -m limit --limit 1/second -j LOG
- inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-8 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-8 -j DROP
Filter 10 {"action":"pass","conn-limit":{},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9
+ inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9
+ inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-9 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-9 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-9
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-9
- inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9
inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9
- inet/filter/logdrop-9 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-9 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-9 -j DROP
inet6/filter/logdrop-9 -j DROP
- inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 11 {"conn-limit":{},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10
+ inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10
+ inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-10 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-10 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-10
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-10
- inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10
inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10
- inet/filter/logdrop-10 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-10 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-10 -j DROP
inet6/filter/logdrop-10 -j DROP
- inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 12 {"action":"pass","conn-limit":{},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11
+ inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11
+ inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-11 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-11 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-11
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-11
- inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11
inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11
- inet/filter/logdrop-11 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-11 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-11 -j DROP
inet6/filter/logdrop-11 -j DROP
- inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 13 {"conn-limit":{"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12
+ inet/filter/limit-12 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12
+ inet/filter/limit-12 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-12 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-12 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-12
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-12
- inet/filter/limit-12 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12
inet6/filter/limit-12 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12
- inet/filter/logdrop-12 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-12 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-12 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-12 -j DROP
inet6/filter/logdrop-12 -j DROP
- inet/filter/limit-12 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-12 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 14 {"action":"pass","conn-limit":{"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13
+ inet/filter/limit-13 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13
+ inet/filter/limit-13 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-13 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-13 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-13
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-13
- inet/filter/limit-13 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13
inet6/filter/limit-13 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13
- inet/filter/logdrop-13 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-13 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-13 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-13 -j DROP
inet6/filter/logdrop-13 -j DROP
- inet/filter/limit-13 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-13 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 15 {"conn-limit":{"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-14
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-14
inet/filter/limit-14 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14
- inet6/filter/limit-14 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14
+ inet/filter/limit-14 -m limit --limit 1/second -j LOG
+ inet/filter/limit-14 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-14 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-14 -m limit --limit 1/second -j LOG
inet/filter/logdrop-14 -j DROP
- inet6/filter/logdrop-14 -j DROP
- inet/filter/limit-14 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-14
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-14
+ inet6/filter/limit-14 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14
inet6/filter/limit-14 -m limit --limit 1/second -j LOG
- inet/filter/limit-14 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-14 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-14 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-14 -j DROP
Filter 16 {"action":"pass","conn-limit":{"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15
+ inet/filter/limit-15 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15
+ inet/filter/limit-15 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-15 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-15 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-15
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-15
- inet/filter/limit-15 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15
inet6/filter/limit-15 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15
- inet/filter/logdrop-15 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-15 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-15 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-15 -j DROP
inet6/filter/logdrop-15 -j DROP
- inet/filter/limit-15 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-15 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 17 {"conn-limit":{"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16
+ inet/filter/limit-16 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16
+ inet/filter/limit-16 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-16 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-16 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-16
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-16
- inet/filter/limit-16 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16
inet6/filter/limit-16 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16
- inet/filter/logdrop-16 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-16 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-16 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-16 -j DROP
inet6/filter/logdrop-16 -j DROP
- inet/filter/limit-16 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-16 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 18 {"action":"pass","conn-limit":{"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17
+ inet/filter/limit-17 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17
+ inet/filter/limit-17 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-17 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-17 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-17
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-17
- inet/filter/limit-17 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17
inet6/filter/limit-17 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17
- inet/filter/logdrop-17 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-17 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-17 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-17 -j DROP
inet6/filter/logdrop-17 -j DROP
- inet/filter/limit-17 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-17 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 19 {"conn-limit":{"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18
+ inet/filter/limit-18 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-18
+ inet/filter/limit-18 -j ACCEPT
+ inet/filter/logdrop-18 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-18 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-18
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-18
- inet/filter/limit-18 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-18
inet6/filter/limit-18 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-18
- inet/filter/logdrop-18 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-18 -j ACCEPT
inet6/filter/logdrop-18 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-18 -j DROP
inet6/filter/logdrop-18 -j DROP
- inet/filter/limit-18 -j ACCEPT
- inet6/filter/limit-18 -j ACCEPT
Filter 20 {"action":"pass","conn-limit":{"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19
+ inet/filter/limit-19 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19
+ inet/filter/logdrop-19 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-19 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-19
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-19
- inet/filter/limit-19 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-19
inet6/filter/limit-19 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-19
- inet/filter/logdrop-19 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-19 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-19 -j DROP
inet6/filter/logdrop-19 -j DROP
Filter 21 {"conn-limit":{"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-20
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-20
inet/filter/limit-20 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-20
- inet6/filter/limit-20 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20
+ inet/filter/limit-20 -m limit --limit 1/second -j LOG
+ inet/filter/limit-20 -j ACCEPT
inet/filter/logdrop-20 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-20 -m limit --limit 1/second -j LOG
inet/filter/logdrop-20 -j DROP
- inet6/filter/logdrop-20 -j DROP
- inet/filter/limit-20 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-20
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-20
+ inet6/filter/limit-20 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-20
inet6/filter/limit-20 -m limit --limit 1/second -j LOG
- inet/filter/limit-20 -j ACCEPT
inet6/filter/limit-20 -j ACCEPT
+ inet6/filter/logdrop-20 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-20 -j DROP
Filter 22 {"action":"pass","conn-limit":{"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21
+ inet/filter/limit-21 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21
+ inet/filter/limit-21 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-21 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-21 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-21
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-21
- inet/filter/limit-21 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-21
inet6/filter/limit-21 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-21
- inet/filter/logdrop-21 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-21 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-21 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-21 -j DROP
inet6/filter/logdrop-21 -j DROP
- inet/filter/limit-21 -m limit --limit 1/second -j LOG
- inet6/filter/limit-21 -m limit --limit 1/second -j LOG
Filter 23 {"conn-limit":{"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22
+ inet/filter/limit-22 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22
+ inet/filter/limit-22 -j ACCEPT
+ inet/filter/logdrop-22 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-22 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-22
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-22
- inet/filter/limit-22 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-22
inet6/filter/limit-22 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-22
- inet/filter/logdrop-22 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-22 -j ACCEPT
inet6/filter/logdrop-22 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-22 -j DROP
inet6/filter/logdrop-22 -j DROP
- inet/filter/limit-22 -j ACCEPT
- inet6/filter/limit-22 -j ACCEPT
Filter 24 {"action":"pass","conn-limit":{"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23
+ inet/filter/limit-23 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23
+ inet/filter/logdrop-23 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-23 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-23
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-23
- inet/filter/limit-23 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-23
inet6/filter/limit-23 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-23
- inet/filter/logdrop-23 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-23 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-23 -j DROP
inet6/filter/logdrop-23 -j DROP
Filter 25 {"conn-limit":{"addr":"dest","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24
+ inet/filter/limit-24 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24
+ inet/filter/limit-24 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-24 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-24 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-24
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-24
- inet/filter/limit-24 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24
inet6/filter/limit-24 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24
- inet/filter/logdrop-24 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-24 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-24 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-24 -j DROP
inet6/filter/logdrop-24 -j DROP
- inet/filter/limit-24 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-24 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 26 {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25
+ inet/filter/limit-25 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25
+ inet/filter/limit-25 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet/filter/logdrop-25 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-25 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-25
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-25
- inet/filter/limit-25 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25
inet6/filter/limit-25 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25
- inet/filter/logdrop-25 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-25 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-25 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-25 -j DROP
inet6/filter/logdrop-25 -j DROP
- inet/filter/limit-25 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-25 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 27 {"conn-limit":{"addr":"dest","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26
inet/filter/limit-26 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26
- inet6/filter/limit-26 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26
+ inet/filter/limit-26 -m limit --limit 1/second -j LOG
+ inet/filter/limit-26 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-26 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG
inet/filter/logdrop-26 -j DROP
- inet6/filter/logdrop-26 -j DROP
- inet/filter/limit-26 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26
+ inet6/filter/limit-26 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26
inet6/filter/limit-26 -m limit --limit 1/second -j LOG
- inet/filter/limit-26 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-26 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-26 -j DROP
Filter 28 {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27
+ inet/filter/limit-27 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27
+ inet/filter/limit-27 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-27 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-27 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-27
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-27
- inet/filter/limit-27 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27
inet6/filter/limit-27 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27
- inet/filter/logdrop-27 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-27 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-27 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-27 -j DROP
inet6/filter/logdrop-27 -j DROP
- inet/filter/limit-27 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-27 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 29 {"conn-limit":{"addr":"dest","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28
+ inet/filter/limit-28 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28
+ inet/filter/limit-28 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-28 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-28 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-28
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-28
- inet/filter/limit-28 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28
inet6/filter/limit-28 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28
- inet/filter/logdrop-28 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-28 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-28 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-28 -j DROP
inet6/filter/logdrop-28 -j DROP
- inet/filter/limit-28 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-28 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 30 {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29
+ inet/filter/limit-29 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29
+ inet/filter/limit-29 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet/filter/logdrop-29 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-29 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-29
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-29
- inet/filter/limit-29 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29
inet6/filter/limit-29 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29
- inet/filter/logdrop-29 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-29 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-29 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-29 -j DROP
inet6/filter/logdrop-29 -j DROP
- inet/filter/limit-29 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-29 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 31 {"conn-limit":{"addr":"dest","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30
+ inet/filter/limit-30 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-30
+ inet/filter/limit-30 -j ACCEPT
+ inet/filter/logdrop-30 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-30 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-30
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-30
- inet/filter/limit-30 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-30
inet6/filter/limit-30 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-30
- inet/filter/logdrop-30 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-30 -j ACCEPT
inet6/filter/logdrop-30 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-30 -j DROP
inet6/filter/logdrop-30 -j DROP
- inet/filter/limit-30 -j ACCEPT
- inet6/filter/limit-30 -j ACCEPT
Filter 32 {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31
+ inet/filter/limit-31 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-31
+ inet/filter/logdrop-31 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-31 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-31
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-31
- inet/filter/limit-31 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-31
inet6/filter/limit-31 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-31
- inet/filter/logdrop-31 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-31 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-31 -j DROP
inet6/filter/logdrop-31 -j DROP
Filter 33 {"conn-limit":{"addr":"dest","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-32
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-32
inet/filter/limit-32 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-32
- inet6/filter/limit-32 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32
+ inet/filter/limit-32 -m limit --limit 1/second -j LOG
+ inet/filter/limit-32 -j ACCEPT
inet/filter/logdrop-32 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-32 -m limit --limit 1/second -j LOG
inet/filter/logdrop-32 -j DROP
- inet6/filter/logdrop-32 -j DROP
- inet/filter/limit-32 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-32
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-32
+ inet6/filter/limit-32 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-32
inet6/filter/limit-32 -m limit --limit 1/second -j LOG
- inet/filter/limit-32 -j ACCEPT
inet6/filter/limit-32 -j ACCEPT
+ inet6/filter/logdrop-32 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-32 -j DROP
Filter 34 {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33
+ inet/filter/limit-33 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-33
+ inet/filter/limit-33 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-33 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-33 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-33
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-33
- inet/filter/limit-33 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-33
inet6/filter/limit-33 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-33
- inet/filter/logdrop-33 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-33 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-33 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-33 -j DROP
inet6/filter/logdrop-33 -j DROP
- inet/filter/limit-33 -m limit --limit 1/second -j LOG
- inet6/filter/limit-33 -m limit --limit 1/second -j LOG
Filter 35 {"conn-limit":{"addr":"dest","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34
+ inet/filter/limit-34 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-34
+ inet/filter/limit-34 -j ACCEPT
+ inet/filter/logdrop-34 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-34 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-34
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-34
- inet/filter/limit-34 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-34
inet6/filter/limit-34 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-34
- inet/filter/logdrop-34 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-34 -j ACCEPT
inet6/filter/logdrop-34 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-34 -j DROP
inet6/filter/logdrop-34 -j DROP
- inet/filter/limit-34 -j ACCEPT
- inet6/filter/limit-34 -j ACCEPT
Filter 36 {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35
+ inet/filter/limit-35 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-35
+ inet/filter/logdrop-35 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-35 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-35
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-35
- inet/filter/limit-35 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-35
inet6/filter/limit-35 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-35
- inet/filter/logdrop-35 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-35 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-35 -j DROP
inet6/filter/logdrop-35 -j DROP
Filter 37 {"conn-limit":{"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36
+ inet/filter/limit-36 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-36
+ inet/filter/limit-36 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet/filter/logdrop-36 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-36 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-36
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-36
- inet/filter/limit-36 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-36
inet6/filter/limit-36 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-36
- inet/filter/logdrop-36 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-36 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
inet6/filter/logdrop-36 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-36 -j DROP
inet6/filter/logdrop-36 -j DROP
- inet/filter/limit-36 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-36 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 38 {"action":"pass","conn-limit":{"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37
+ inet/filter/limit-37 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-37
+ inet/filter/limit-37 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet/filter/logdrop-37 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-37 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-37
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-37
- inet/filter/limit-37 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-37
inet6/filter/limit-37 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-37
- inet/filter/logdrop-37 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-37 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-37 -j DROP
inet6/filter/logdrop-37 -j DROP
- inet/filter/limit-37 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-37 -m recent --name user:C --rsource --mask fe00:: --set
Filter 39 {"conn-limit":{"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-38
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-38
inet/filter/limit-38 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-38
- inet6/filter/limit-38 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-38
+ inet/filter/limit-38 -m limit --limit 1/second -j LOG
+ inet/filter/limit-38 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-38 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG
inet/filter/logdrop-38 -j DROP
- inet6/filter/logdrop-38 -j DROP
- inet/filter/limit-38 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-38
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-38
+ inet6/filter/limit-38 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-38
inet6/filter/limit-38 -m limit --limit 1/second -j LOG
- inet/filter/limit-38 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-38 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-38 -j DROP
Filter 40 {"action":"pass","conn-limit":{"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39
+ inet/filter/limit-39 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-39
+ inet/filter/limit-39 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-39 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-39 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-39
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-39
- inet/filter/limit-39 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-39
inet6/filter/limit-39 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-39
- inet/filter/logdrop-39 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-39 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-39 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-39 -j DROP
inet6/filter/logdrop-39 -j DROP
- inet/filter/limit-39 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-39 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 41 {"conn-limit":{"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-40
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-40
+ inet/filter/limit-40 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-40
+ inet/filter/limit-40 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet/filter/logdrop-40 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-40 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-40
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-40
- inet/filter/limit-40 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-40
inet6/filter/limit-40 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-40
- inet/filter/logdrop-40 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-40 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
inet6/filter/logdrop-40 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-40 -j DROP
inet6/filter/logdrop-40 -j DROP
- inet/filter/limit-40 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-40 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 42 {"action":"pass","conn-limit":{"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-41
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-41
+ inet/filter/limit-41 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-41
+ inet/filter/limit-41 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet/filter/logdrop-41 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-41 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-41
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-41
- inet/filter/limit-41 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-41
inet6/filter/limit-41 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-41
- inet/filter/logdrop-41 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-41 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logdrop-41 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-41 -j DROP
inet6/filter/logdrop-41 -j DROP
- inet/filter/limit-41 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-41 -m recent --name user:C --rsource --mask fe00:: --set
Filter 43 {"conn-limit":{"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-42
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-42
+ inet/filter/limit-42 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-42
+ inet/filter/limit-42 -j ACCEPT
+ inet/filter/logdrop-42 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-42 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-42
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-42
- inet/filter/limit-42 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-42
inet6/filter/limit-42 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-42
- inet/filter/logdrop-42 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-42 -j ACCEPT
inet6/filter/logdrop-42 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-42 -j DROP
inet6/filter/logdrop-42 -j DROP
- inet/filter/limit-42 -j ACCEPT
- inet6/filter/limit-42 -j ACCEPT
Filter 44 {"action":"pass","conn-limit":{"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-43
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-43
+ inet/filter/limit-43 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-43
+ inet/filter/logdrop-43 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-43 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-43
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-43
- inet/filter/limit-43 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-43
inet6/filter/limit-43 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-43
- inet/filter/logdrop-43 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-43 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-43 -j DROP
inet6/filter/logdrop-43 -j DROP
Filter 45 {"conn-limit":{"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-44
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-44
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-44
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-44
inet/filter/limit-44 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-44
- inet6/filter/limit-44 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-44
+ inet/filter/limit-44 -m limit --limit 1/second -j LOG
+ inet/filter/limit-44 -j ACCEPT
inet/filter/logdrop-44 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG
inet/filter/logdrop-44 -j DROP
- inet6/filter/logdrop-44 -j DROP
- inet/filter/limit-44 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-44
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-44
+ inet6/filter/limit-44 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-44
inet6/filter/limit-44 -m limit --limit 1/second -j LOG
- inet/filter/limit-44 -j ACCEPT
inet6/filter/limit-44 -j ACCEPT
+ inet6/filter/logdrop-44 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-44 -j DROP
Filter 46 {"action":"pass","conn-limit":{"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-45
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-45
+ inet/filter/limit-45 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-45
+ inet/filter/limit-45 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-45 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-45 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-45
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-45
- inet/filter/limit-45 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-45
inet6/filter/limit-45 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-45
- inet/filter/logdrop-45 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-45 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-45 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-45 -j DROP
inet6/filter/logdrop-45 -j DROP
- inet/filter/limit-45 -m limit --limit 1/second -j LOG
- inet6/filter/limit-45 -m limit --limit 1/second -j LOG
Filter 47 {"conn-limit":{"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-46
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-46
+ inet/filter/limit-46 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-46
+ inet/filter/limit-46 -j ACCEPT
+ inet/filter/logdrop-46 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-46 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-46
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-46
- inet/filter/limit-46 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-46
inet6/filter/limit-46 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-46
- inet/filter/logdrop-46 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-46 -j ACCEPT
inet6/filter/logdrop-46 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-46 -j DROP
inet6/filter/logdrop-46 -j DROP
- inet/filter/limit-46 -j ACCEPT
- inet6/filter/limit-46 -j ACCEPT
Filter 48 {"action":"pass","conn-limit":{"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-47
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-47
+ inet/filter/limit-47 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-47
+ inet/filter/logdrop-47 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-47 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-47
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-47
- inet/filter/limit-47 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-47
inet6/filter/limit-47 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-47
- inet/filter/logdrop-47 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-47 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-47 -j DROP
inet6/filter/logdrop-47 -j DROP
Filter 49 {"conn-limit":{"addr":"dest","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-48
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-48
+ inet/filter/limit-48 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-48
+ inet/filter/limit-48 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet/filter/logdrop-48 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-48 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-48
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-48
- inet/filter/limit-48 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-48
inet6/filter/limit-48 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-48
- inet/filter/logdrop-48 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-48 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
inet6/filter/logdrop-48 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-48 -j DROP
inet6/filter/logdrop-48 -j DROP
- inet/filter/limit-48 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-48 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 50 {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-49
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-49
+ inet/filter/limit-49 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-49
+ inet/filter/limit-49 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet/filter/logdrop-49 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-49 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-49
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-49
- inet/filter/limit-49 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-49
inet6/filter/limit-49 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-49
- inet/filter/logdrop-49 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-49 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logdrop-49 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-49 -j DROP
inet6/filter/logdrop-49 -j DROP
- inet/filter/limit-49 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-49 -m recent --name user:C --rdest --mask fe00:: --set
Filter 51 {"conn-limit":{"addr":"dest","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-50
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-50
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-50
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-50
inet/filter/limit-50 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-50
- inet6/filter/limit-50 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-50
+ inet/filter/limit-50 -m limit --limit 1/second -j LOG
+ inet/filter/limit-50 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-50 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-50 -m limit --limit 1/second -j LOG
inet/filter/logdrop-50 -j DROP
- inet6/filter/logdrop-50 -j DROP
- inet/filter/limit-50 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-50
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-50
+ inet6/filter/limit-50 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-50
inet6/filter/limit-50 -m limit --limit 1/second -j LOG
- inet/filter/limit-50 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-50 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-50 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-50 -j DROP
Filter 52 {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-51
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-51
+ inet/filter/limit-51 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-51
+ inet/filter/limit-51 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-51 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-51 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-51
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-51
- inet/filter/limit-51 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-51
inet6/filter/limit-51 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-51
- inet/filter/logdrop-51 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-51 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-51 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-51 -j DROP
inet6/filter/logdrop-51 -j DROP
- inet/filter/limit-51 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-51 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 53 {"conn-limit":{"addr":"dest","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-52
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-52
+ inet/filter/limit-52 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-52
+ inet/filter/limit-52 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet/filter/logdrop-52 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-52 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-52
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-52
- inet/filter/limit-52 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-52
inet6/filter/limit-52 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-52
- inet/filter/logdrop-52 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-52 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
inet6/filter/logdrop-52 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-52 -j DROP
inet6/filter/logdrop-52 -j DROP
- inet/filter/limit-52 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-52 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 54 {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-53
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-53
+ inet/filter/limit-53 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-53
+ inet/filter/limit-53 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet/filter/logdrop-53 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-53 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-53
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-53
- inet/filter/limit-53 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-53
inet6/filter/limit-53 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-53
- inet/filter/logdrop-53 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-53 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logdrop-53 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-53 -j DROP
inet6/filter/logdrop-53 -j DROP
- inet/filter/limit-53 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-53 -m recent --name user:C --rdest --mask fe00:: --set
Filter 55 {"conn-limit":{"addr":"dest","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-54
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-54
+ inet/filter/limit-54 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-54
+ inet/filter/limit-54 -j ACCEPT
+ inet/filter/logdrop-54 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-54 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-54
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-54
- inet/filter/limit-54 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-54
inet6/filter/limit-54 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-54
- inet/filter/logdrop-54 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-54 -j ACCEPT
inet6/filter/logdrop-54 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-54 -j DROP
inet6/filter/logdrop-54 -j DROP
- inet/filter/limit-54 -j ACCEPT
- inet6/filter/limit-54 -j ACCEPT
Filter 56 {"action":"pass","conn-limit":{"addr":"dest","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-55
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-55
+ inet/filter/limit-55 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-55
+ inet/filter/logdrop-55 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-55 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-55
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-55
- inet/filter/limit-55 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-55
inet6/filter/limit-55 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-55
- inet/filter/logdrop-55 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-55 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-55 -j DROP
inet6/filter/logdrop-55 -j DROP
Filter 57 {"conn-limit":{"addr":"dest","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-56
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-56
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-56
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-56
inet/filter/limit-56 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-56
- inet6/filter/limit-56 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-56
+ inet/filter/limit-56 -m limit --limit 1/second -j LOG
+ inet/filter/limit-56 -j ACCEPT
inet/filter/logdrop-56 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG
inet/filter/logdrop-56 -j DROP
- inet6/filter/logdrop-56 -j DROP
- inet/filter/limit-56 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-56
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-56
+ inet6/filter/limit-56 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-56
inet6/filter/limit-56 -m limit --limit 1/second -j LOG
- inet/filter/limit-56 -j ACCEPT
inet6/filter/limit-56 -j ACCEPT
+ inet6/filter/logdrop-56 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-56 -j DROP
Filter 58 {"action":"pass","conn-limit":{"addr":"dest","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-57
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-57
+ inet/filter/limit-57 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-57
+ inet/filter/limit-57 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-57 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-57 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-57
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-57
- inet/filter/limit-57 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-57
inet6/filter/limit-57 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-57
- inet/filter/logdrop-57 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-57 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-57 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-57 -j DROP
inet6/filter/logdrop-57 -j DROP
- inet/filter/limit-57 -m limit --limit 1/second -j LOG
- inet6/filter/limit-57 -m limit --limit 1/second -j LOG
Filter 59 {"conn-limit":{"addr":"dest","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-58
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-58
+ inet/filter/limit-58 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-58
+ inet/filter/limit-58 -j ACCEPT
+ inet/filter/logdrop-58 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-58 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-58
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-58
- inet/filter/limit-58 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-58
inet6/filter/limit-58 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-58
- inet/filter/logdrop-58 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-58 -j ACCEPT
inet6/filter/logdrop-58 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-58 -j DROP
inet6/filter/logdrop-58 -j DROP
- inet/filter/limit-58 -j ACCEPT
- inet6/filter/limit-58 -j ACCEPT
Filter 60 {"action":"pass","conn-limit":{"addr":"dest","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-59
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-59
+ inet/filter/limit-59 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-59
+ inet/filter/logdrop-59 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-59 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-59
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-59
- inet/filter/limit-59 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-59
inet6/filter/limit-59 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-59
- inet/filter/logdrop-59 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-59 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-59 -j DROP
inet6/filter/logdrop-59 -j DROP
Filter 61 {"conn-limit":{"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-60
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-60
+ inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-60
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-60
- inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 62 {"action":"pass","conn-limit":{"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-61
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-61
+ inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-61
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-61
- inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 63 {"conn-limit":{"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-62
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-62
+ inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-62 -m limit --limit 1/second -j LOG
+ inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-62
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-62
- inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-62 -m limit --limit 1/second -j LOG
inet6/filter/limit-62 -m limit --limit 1/second -j LOG
- inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 64 {"action":"pass","conn-limit":{"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-63
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-63
+ inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-63
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-63
- inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 65 {"conn-limit":{"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-64
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-64
+ inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-64
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-64
- inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 66 {"action":"pass","conn-limit":{"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-65
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-65
+ inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-65
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-65
- inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 67 {"conn-limit":{"log":false,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-66
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-66
+ inet/filter/limit-66 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-66 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-66
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-66
- inet/filter/limit-66 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-66 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-66 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-66 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 68 {"action":"pass","conn-limit":{"log":false,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-67
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-67
+ inet/filter/limit-67 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-67 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-67
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-67
- inet/filter/limit-67 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-67 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-67 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/limit-67 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 69 {"conn-limit":{"log":false,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-68
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-68
+ inet/filter/limit-68 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-68 -m limit --limit 1/second -j LOG
+ inet/filter/limit-68 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-68
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-68
- inet/filter/limit-68 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-68 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-68 -m limit --limit 1/second -j LOG
inet6/filter/limit-68 -m limit --limit 1/second -j LOG
- inet/filter/limit-68 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-68 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 70 {"action":"pass","conn-limit":{"log":false,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-69
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-69
+ inet/filter/limit-69 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-69 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-69
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-69
- inet/filter/limit-69 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-69 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-69 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-69 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 71 {"conn-limit":{"log":false,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-70
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-70
+ inet/filter/limit-70 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-70 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-70
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-70
- inet/filter/limit-70 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-70 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-70 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-70 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 72 {"action":"pass","conn-limit":{"log":false,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-71
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-71
+ inet/filter/limit-71 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-71 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-71
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-71
- inet/filter/limit-71 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-71 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-71 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/limit-71 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 73 {"conn-limit":{"log":false,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-72
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-72
+ inet/filter/limit-72 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-72 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-72
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-72
- inet/filter/limit-72 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-72 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-72 -j ACCEPT
inet6/filter/limit-72 -j ACCEPT
Filter 74 {"action":"pass","conn-limit":{"log":false,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-73
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-73
+ inet/filter/limit-73 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-73
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-73
- inet/filter/limit-73 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-73 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 75 {"conn-limit":{"log":false,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-74
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-74
+ inet/filter/limit-74 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-74 -m limit --limit 1/second -j LOG
+ inet/filter/limit-74 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-74
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-74
- inet/filter/limit-74 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-74 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-74 -m limit --limit 1/second -j LOG
inet6/filter/limit-74 -m limit --limit 1/second -j LOG
- inet/filter/limit-74 -j ACCEPT
inet6/filter/limit-74 -j ACCEPT
Filter 76 {"action":"pass","conn-limit":{"log":false,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-75
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-75
+ inet/filter/limit-75 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-75 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-75
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-75
- inet/filter/limit-75 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-75 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-75 -m limit --limit 1/second -j LOG
inet6/filter/limit-75 -m limit --limit 1/second -j LOG
Filter 77 {"conn-limit":{"log":false,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-76
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-76
+ inet/filter/limit-76 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-76 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-76
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-76
- inet/filter/limit-76 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-76 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-76 -j ACCEPT
inet6/filter/limit-76 -j ACCEPT
Filter 78 {"action":"pass","conn-limit":{"log":false,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-77
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-77
+ inet/filter/limit-77 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-77
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-77
- inet/filter/limit-77 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-77 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 79 {"conn-limit":{"addr":"dest","log":false,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-78
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-78
+ inet/filter/limit-78 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-78 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-78
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-78
- inet/filter/limit-78 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-78 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-78 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-78 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 80 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-79
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-79
+ inet/filter/limit-79 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-79 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-79
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-79
- inet/filter/limit-79 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-79 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-79 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/limit-79 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 81 {"conn-limit":{"addr":"dest","log":false,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-80
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-80
+ inet/filter/limit-80 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-80 -m limit --limit 1/second -j LOG
+ inet/filter/limit-80 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-80
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-80
- inet/filter/limit-80 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-80 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-80 -m limit --limit 1/second -j LOG
inet6/filter/limit-80 -m limit --limit 1/second -j LOG
- inet/filter/limit-80 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-80 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 82 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-81
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-81
+ inet/filter/limit-81 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-81 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-81
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-81
- inet/filter/limit-81 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-81 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-81 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-81 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 83 {"conn-limit":{"addr":"dest","log":false,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-82
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-82
+ inet/filter/limit-82 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-82 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-82
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-82
- inet/filter/limit-82 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-82 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-82 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-82 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 84 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-83
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-83
+ inet/filter/limit-83 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-83 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-83
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-83
- inet/filter/limit-83 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-83 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-83 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/limit-83 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 85 {"conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-84
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-84
+ inet/filter/limit-84 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-84 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-84
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-84
- inet/filter/limit-84 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-84 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-84 -j ACCEPT
inet6/filter/limit-84 -j ACCEPT
Filter 86 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-85
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-85
+ inet/filter/limit-85 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-85
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-85
- inet/filter/limit-85 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-85 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 87 {"conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-86
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-86
+ inet/filter/limit-86 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-86 -m limit --limit 1/second -j LOG
+ inet/filter/limit-86 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-86
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-86
- inet/filter/limit-86 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-86 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-86 -m limit --limit 1/second -j LOG
inet6/filter/limit-86 -m limit --limit 1/second -j LOG
- inet/filter/limit-86 -j ACCEPT
inet6/filter/limit-86 -j ACCEPT
Filter 88 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-87
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-87
+ inet/filter/limit-87 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-87 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-87
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-87
- inet/filter/limit-87 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-87 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-87 -m limit --limit 1/second -j LOG
inet6/filter/limit-87 -m limit --limit 1/second -j LOG
Filter 89 {"conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-88
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-88
+ inet/filter/limit-88 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-88 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-88
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-88
- inet/filter/limit-88 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-88 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-88 -j ACCEPT
inet6/filter/limit-88 -j ACCEPT
Filter 90 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-89
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-89
+ inet/filter/limit-89 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-89
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-89
- inet/filter/limit-89 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-89 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 91 {"conn-limit":{"log":false,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-90
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-90
+ inet/filter/limit-90 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-90 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-90
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-90
- inet/filter/limit-90 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-90 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-90 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-90 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 92 {"action":"pass","conn-limit":{"log":false,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-91
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-91
+ inet/filter/limit-91 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-91 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-91
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-91
- inet/filter/limit-91 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-91 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-91 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/limit-91 -m recent --name user:C --rsource --mask fe00:: --set
Filter 93 {"conn-limit":{"log":false,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-92
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-92
+ inet/filter/limit-92 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-92 -m limit --limit 1/second -j LOG
+ inet/filter/limit-92 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-92
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-92
- inet/filter/limit-92 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-92 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-92 -m limit --limit 1/second -j LOG
inet6/filter/limit-92 -m limit --limit 1/second -j LOG
- inet/filter/limit-92 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-92 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 94 {"action":"pass","conn-limit":{"log":false,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-93
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-93
+ inet/filter/limit-93 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-93 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-93
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-93
- inet/filter/limit-93 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-93 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-93 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-93 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 95 {"conn-limit":{"log":false,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-94
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-94
+ inet/filter/limit-94 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-94 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-94
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-94
- inet/filter/limit-94 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-94 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-94 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-94 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 96 {"action":"pass","conn-limit":{"log":false,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-95
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-95
+ inet/filter/limit-95 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-95 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-95
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-95
- inet/filter/limit-95 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-95 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-95 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/limit-95 -m recent --name user:C --rsource --mask fe00:: --set
Filter 97 {"conn-limit":{"log":false,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-96
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-96
+ inet/filter/limit-96 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-96 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-96
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-96
- inet/filter/limit-96 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-96 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-96 -j ACCEPT
inet6/filter/limit-96 -j ACCEPT
Filter 98 {"action":"pass","conn-limit":{"log":false,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-97
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-97
+ inet/filter/limit-97 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-97
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-97
- inet/filter/limit-97 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-97 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 99 {"conn-limit":{"log":false,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-98
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-98
+ inet/filter/limit-98 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-98 -m limit --limit 1/second -j LOG
+ inet/filter/limit-98 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-98
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-98
- inet/filter/limit-98 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-98 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-98 -m limit --limit 1/second -j LOG
inet6/filter/limit-98 -m limit --limit 1/second -j LOG
- inet/filter/limit-98 -j ACCEPT
inet6/filter/limit-98 -j ACCEPT
Filter 100 {"action":"pass","conn-limit":{"log":false,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-99
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-99
+ inet/filter/limit-99 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-99 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-99
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-99
- inet/filter/limit-99 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-99 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-99 -m limit --limit 1/second -j LOG
inet6/filter/limit-99 -m limit --limit 1/second -j LOG
Filter 101 {"conn-limit":{"log":false,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-100
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-100
+ inet/filter/limit-100 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-100 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-100
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-100
- inet/filter/limit-100 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-100 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-100 -j ACCEPT
inet6/filter/limit-100 -j ACCEPT
Filter 102 {"action":"pass","conn-limit":{"log":false,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-101
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-101
+ inet/filter/limit-101 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-101
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-101
- inet/filter/limit-101 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-101 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 103 {"conn-limit":{"addr":"dest","log":false,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-102
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-102
+ inet/filter/limit-102 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-102 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-102
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-102
- inet/filter/limit-102 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-102 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-102 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-102 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 104 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-103
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-103
+ inet/filter/limit-103 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-103 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-103
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-103
- inet/filter/limit-103 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-103 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-103 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/limit-103 -m recent --name user:C --rdest --mask fe00:: --set
Filter 105 {"conn-limit":{"addr":"dest","log":false,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-104
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-104
+ inet/filter/limit-104 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-104 -m limit --limit 1/second -j LOG
+ inet/filter/limit-104 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-104
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-104
- inet/filter/limit-104 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-104 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-104 -m limit --limit 1/second -j LOG
inet6/filter/limit-104 -m limit --limit 1/second -j LOG
- inet/filter/limit-104 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-104 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 106 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-105
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-105
+ inet/filter/limit-105 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-105 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-105
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-105
- inet/filter/limit-105 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-105 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-105 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-105 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 107 {"conn-limit":{"addr":"dest","log":false,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-106
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-106
+ inet/filter/limit-106 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-106 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-106
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-106
- inet/filter/limit-106 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-106 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-106 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-106 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 108 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-107
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-107
+ inet/filter/limit-107 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-107 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-107
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-107
- inet/filter/limit-107 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-107 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-107 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/limit-107 -m recent --name user:C --rdest --mask fe00:: --set
Filter 109 {"conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-108
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-108
+ inet/filter/limit-108 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-108 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-108
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-108
- inet/filter/limit-108 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-108 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-108 -j ACCEPT
inet6/filter/limit-108 -j ACCEPT
Filter 110 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-109
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-109
+ inet/filter/limit-109 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-109
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-109
- inet/filter/limit-109 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-109 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 111 {"conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-110
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-110
+ inet/filter/limit-110 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-110 -m limit --limit 1/second -j LOG
+ inet/filter/limit-110 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-110
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-110
- inet/filter/limit-110 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-110 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-110 -m limit --limit 1/second -j LOG
inet6/filter/limit-110 -m limit --limit 1/second -j LOG
- inet/filter/limit-110 -j ACCEPT
inet6/filter/limit-110 -j ACCEPT
Filter 112 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-111
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-111
+ inet/filter/limit-111 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-111 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-111
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-111
- inet/filter/limit-111 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-111 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-111 -m limit --limit 1/second -j LOG
inet6/filter/limit-111 -m limit --limit 1/second -j LOG
Filter 113 {"conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-112
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-112
+ inet/filter/limit-112 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-112 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-112
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-112
- inet/filter/limit-112 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-112 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-112 -j ACCEPT
inet6/filter/limit-112 -j ACCEPT
Filter 114 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-113
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-113
+ inet/filter/limit-113 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-113
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-113
- inet/filter/limit-113 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-113 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 115 {"conn-limit":{"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-114
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-114
+ inet/filter/limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-114
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-114
- inet/filter/limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-114 -m recent --name limit-114 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-114 -m recent --name limit-114 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 116 {"action":"pass","conn-limit":{"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-115
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-115
+ inet/filter/limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-115
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-115
- inet/filter/limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-115 -m recent --name limit-115 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-115 -m recent --name limit-115 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 117 {"conn-limit":{"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-116
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-116
+ inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-116 -m limit --limit 1/second -j LOG
+ inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-116
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-116
- inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-116 -m limit --limit 1/second -j LOG
inet6/filter/limit-116 -m limit --limit 1/second -j LOG
- inet/filter/limit-116 -m recent --name limit-116 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-116 -m recent --name limit-116 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 118 {"action":"pass","conn-limit":{"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-117
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-117
+ inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-117
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-117
- inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-117 -m recent --name limit-117 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-117 -m recent --name limit-117 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 119 {"conn-limit":{"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-118
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-118
+ inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-118
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-118
- inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-118 -m recent --name limit-118 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-118 -m recent --name limit-118 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 120 {"action":"pass","conn-limit":{"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-119
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-119
+ inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-119
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-119
- inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-119 -m recent --name limit-119 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-119 -m recent --name limit-119 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 121 {"conn-limit":{"log":"none","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-120
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-120
+ inet/filter/limit-120 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-120 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-120
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-120
- inet/filter/limit-120 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-120 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-120 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-120 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 122 {"action":"pass","conn-limit":{"log":"none","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-121
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-121
+ inet/filter/limit-121 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-121 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-121
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-121
- inet/filter/limit-121 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-121 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-121 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/limit-121 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 123 {"conn-limit":{"log":"none","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-122
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-122
+ inet/filter/limit-122 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-122 -m limit --limit 1/second -j LOG
+ inet/filter/limit-122 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-122
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-122
- inet/filter/limit-122 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-122 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-122 -m limit --limit 1/second -j LOG
inet6/filter/limit-122 -m limit --limit 1/second -j LOG
- inet/filter/limit-122 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-122 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 124 {"action":"pass","conn-limit":{"log":"none","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-123
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-123
+ inet/filter/limit-123 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-123 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-123
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-123
- inet/filter/limit-123 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-123 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-123 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-123 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 125 {"conn-limit":{"log":"none","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-124
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-124
+ inet/filter/limit-124 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-124 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-124
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-124
- inet/filter/limit-124 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-124 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-124 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-124 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 126 {"action":"pass","conn-limit":{"log":"none","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-125
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-125
+ inet/filter/limit-125 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-125 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-125
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-125
- inet/filter/limit-125 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-125 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-125 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/limit-125 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 127 {"conn-limit":{"log":"none","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-126
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-126
+ inet/filter/limit-126 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-126 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-126
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-126
- inet/filter/limit-126 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-126 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-126 -j ACCEPT
inet6/filter/limit-126 -j ACCEPT
Filter 128 {"action":"pass","conn-limit":{"log":"none","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-127
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-127
+ inet/filter/limit-127 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-127
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-127
- inet/filter/limit-127 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-127 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 129 {"conn-limit":{"log":"none","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-128
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-128
+ inet/filter/limit-128 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-128 -m limit --limit 1/second -j LOG
+ inet/filter/limit-128 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-128
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-128
- inet/filter/limit-128 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-128 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-128 -m limit --limit 1/second -j LOG
inet6/filter/limit-128 -m limit --limit 1/second -j LOG
- inet/filter/limit-128 -j ACCEPT
inet6/filter/limit-128 -j ACCEPT
Filter 130 {"action":"pass","conn-limit":{"log":"none","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-129
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-129
+ inet/filter/limit-129 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-129 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-129
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-129
- inet/filter/limit-129 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-129 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-129 -m limit --limit 1/second -j LOG
inet6/filter/limit-129 -m limit --limit 1/second -j LOG
Filter 131 {"conn-limit":{"log":"none","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-130
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-130
+ inet/filter/limit-130 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-130 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-130
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-130
- inet/filter/limit-130 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-130 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-130 -j ACCEPT
inet6/filter/limit-130 -j ACCEPT
Filter 132 {"action":"pass","conn-limit":{"log":"none","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-131
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-131
+ inet/filter/limit-131 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-131
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-131
- inet/filter/limit-131 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-131 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 133 {"conn-limit":{"addr":"dest","log":"none","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-132
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-132
+ inet/filter/limit-132 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-132 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-132
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-132
- inet/filter/limit-132 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-132 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-132 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-132 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 134 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-133
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-133
+ inet/filter/limit-133 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-133 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-133
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-133
- inet/filter/limit-133 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-133 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-133 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/limit-133 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 135 {"conn-limit":{"addr":"dest","log":"none","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-134
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-134
+ inet/filter/limit-134 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-134 -m limit --limit 1/second -j LOG
+ inet/filter/limit-134 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-134
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-134
- inet/filter/limit-134 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-134 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-134 -m limit --limit 1/second -j LOG
inet6/filter/limit-134 -m limit --limit 1/second -j LOG
- inet/filter/limit-134 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-134 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 136 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-135
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-135
+ inet/filter/limit-135 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-135 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-135
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-135
- inet/filter/limit-135 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-135 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-135 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-135 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 137 {"conn-limit":{"addr":"dest","log":"none","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-136
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-136
+ inet/filter/limit-136 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-136 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-136
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-136
- inet/filter/limit-136 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-136 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-136 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-136 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 138 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-137
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-137
+ inet/filter/limit-137 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-137 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-137
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-137
- inet/filter/limit-137 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-137 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-137 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/limit-137 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 139 {"conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-138
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-138
+ inet/filter/limit-138 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-138 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-138
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-138
- inet/filter/limit-138 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-138 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-138 -j ACCEPT
inet6/filter/limit-138 -j ACCEPT
Filter 140 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-139
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-139
+ inet/filter/limit-139 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-139
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-139
- inet/filter/limit-139 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-139 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 141 {"conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-140
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-140
+ inet/filter/limit-140 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-140 -m limit --limit 1/second -j LOG
+ inet/filter/limit-140 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-140
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-140
- inet/filter/limit-140 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-140 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-140 -m limit --limit 1/second -j LOG
inet6/filter/limit-140 -m limit --limit 1/second -j LOG
- inet/filter/limit-140 -j ACCEPT
inet6/filter/limit-140 -j ACCEPT
Filter 142 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-141
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-141
+ inet/filter/limit-141 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-141 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-141
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-141
- inet/filter/limit-141 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-141 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-141 -m limit --limit 1/second -j LOG
inet6/filter/limit-141 -m limit --limit 1/second -j LOG
Filter 143 {"conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-142
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-142
+ inet/filter/limit-142 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-142 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-142
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-142
- inet/filter/limit-142 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-142 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-142 -j ACCEPT
inet6/filter/limit-142 -j ACCEPT
Filter 144 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-143
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-143
+ inet/filter/limit-143 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-143
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-143
- inet/filter/limit-143 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-143 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 145 {"conn-limit":{"log":"none","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-144
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-144
+ inet/filter/limit-144 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-144 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-144
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-144
- inet/filter/limit-144 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-144 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-144 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-144 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 146 {"action":"pass","conn-limit":{"log":"none","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-145
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-145
+ inet/filter/limit-145 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-145 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-145
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-145
- inet/filter/limit-145 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-145 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-145 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/limit-145 -m recent --name user:C --rsource --mask fe00:: --set
Filter 147 {"conn-limit":{"log":"none","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-146
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-146
+ inet/filter/limit-146 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-146 -m limit --limit 1/second -j LOG
+ inet/filter/limit-146 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-146
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-146
- inet/filter/limit-146 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-146 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-146 -m limit --limit 1/second -j LOG
inet6/filter/limit-146 -m limit --limit 1/second -j LOG
- inet/filter/limit-146 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-146 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 148 {"action":"pass","conn-limit":{"log":"none","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-147
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-147
+ inet/filter/limit-147 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-147 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-147
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-147
- inet/filter/limit-147 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-147 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-147 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-147 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 149 {"conn-limit":{"log":"none","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-148
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-148
+ inet/filter/limit-148 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-148 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-148
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-148
- inet/filter/limit-148 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-148 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-148 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-148 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 150 {"action":"pass","conn-limit":{"log":"none","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-149
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-149
+ inet/filter/limit-149 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-149 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-149
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-149
- inet/filter/limit-149 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-149 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-149 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/limit-149 -m recent --name user:C --rsource --mask fe00:: --set
Filter 151 {"conn-limit":{"log":"none","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-150
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-150
+ inet/filter/limit-150 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-150 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-150
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-150
- inet/filter/limit-150 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-150 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-150 -j ACCEPT
inet6/filter/limit-150 -j ACCEPT
Filter 152 {"action":"pass","conn-limit":{"log":"none","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-151
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-151
+ inet/filter/limit-151 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-151
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-151
- inet/filter/limit-151 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-151 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 153 {"conn-limit":{"log":"none","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-152
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-152
+ inet/filter/limit-152 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-152 -m limit --limit 1/second -j LOG
+ inet/filter/limit-152 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-152
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-152
- inet/filter/limit-152 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-152 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-152 -m limit --limit 1/second -j LOG
inet6/filter/limit-152 -m limit --limit 1/second -j LOG
- inet/filter/limit-152 -j ACCEPT
inet6/filter/limit-152 -j ACCEPT
Filter 154 {"action":"pass","conn-limit":{"log":"none","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-153
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-153
+ inet/filter/limit-153 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-153 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-153
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-153
- inet/filter/limit-153 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-153 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-153 -m limit --limit 1/second -j LOG
inet6/filter/limit-153 -m limit --limit 1/second -j LOG
Filter 155 {"conn-limit":{"log":"none","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-154
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-154
+ inet/filter/limit-154 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-154 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-154
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-154
- inet/filter/limit-154 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-154 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-154 -j ACCEPT
inet6/filter/limit-154 -j ACCEPT
Filter 156 {"action":"pass","conn-limit":{"log":"none","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-155
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-155
+ inet/filter/limit-155 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-155
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-155
- inet/filter/limit-155 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-155 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 157 {"conn-limit":{"addr":"dest","log":"none","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-156
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-156
+ inet/filter/limit-156 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-156 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-156
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-156
- inet/filter/limit-156 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-156 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-156 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-156 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 158 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-157
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-157
+ inet/filter/limit-157 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-157 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-157
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-157
- inet/filter/limit-157 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-157 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-157 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/limit-157 -m recent --name user:C --rdest --mask fe00:: --set
Filter 159 {"conn-limit":{"addr":"dest","log":"none","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-158
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-158
+ inet/filter/limit-158 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-158 -m limit --limit 1/second -j LOG
+ inet/filter/limit-158 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-158
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-158
- inet/filter/limit-158 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-158 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-158 -m limit --limit 1/second -j LOG
inet6/filter/limit-158 -m limit --limit 1/second -j LOG
- inet/filter/limit-158 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-158 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 160 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-159
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-159
+ inet/filter/limit-159 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-159 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-159
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-159
- inet/filter/limit-159 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-159 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-159 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-159 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 161 {"conn-limit":{"addr":"dest","log":"none","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-160
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-160
+ inet/filter/limit-160 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-160 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-160
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-160
- inet/filter/limit-160 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-160 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-160 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-160 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 162 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-161
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-161
+ inet/filter/limit-161 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-161 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-161
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-161
- inet/filter/limit-161 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-161 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-161 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/limit-161 -m recent --name user:C --rdest --mask fe00:: --set
Filter 163 {"conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-162
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-162
+ inet/filter/limit-162 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-162 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-162
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-162
- inet/filter/limit-162 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-162 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-162 -j ACCEPT
inet6/filter/limit-162 -j ACCEPT
Filter 164 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-163
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-163
+ inet/filter/limit-163 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-163
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-163
- inet/filter/limit-163 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-163 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 165 {"conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-164
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-164
+ inet/filter/limit-164 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-164 -m limit --limit 1/second -j LOG
+ inet/filter/limit-164 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-164
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-164
- inet/filter/limit-164 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-164 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-164 -m limit --limit 1/second -j LOG
inet6/filter/limit-164 -m limit --limit 1/second -j LOG
- inet/filter/limit-164 -j ACCEPT
inet6/filter/limit-164 -j ACCEPT
Filter 166 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-165
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-165
+ inet/filter/limit-165 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-165 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-165
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-165
- inet/filter/limit-165 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-165 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-165 -m limit --limit 1/second -j LOG
inet6/filter/limit-165 -m limit --limit 1/second -j LOG
Filter 167 {"conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-166
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-166
+ inet/filter/limit-166 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet/filter/limit-166 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-166
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-166
- inet/filter/limit-166 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-166 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/limit-166 -j ACCEPT
inet6/filter/limit-166 -j ACCEPT
Filter 168 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-167
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-167
+ inet/filter/limit-167 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-167
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-167
- inet/filter/limit-167 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-167 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 169 {"conn-limit":{"interval":5},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-168
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-168
+ inet/filter/limit-168 -m recent --name limit-168 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-60
+ inet/filter/limit-168 -m recent --name limit-168 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-60 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-60 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-168
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-168
- inet/filter/limit-168 -m recent --name limit-168 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-60
inet6/filter/limit-168 -m recent --name limit-168 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-60
- inet/filter/logdrop-60 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-168 -m recent --name limit-168 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-60 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-60 -j DROP
inet6/filter/logdrop-60 -j DROP
- inet/filter/limit-168 -m recent --name limit-168 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-168 -m recent --name limit-168 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 170 {"action":"pass","conn-limit":{"interval":5},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-169
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-169
+ inet/filter/limit-169 -m recent --name limit-169 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-61
+ inet/filter/limit-169 -m recent --name limit-169 --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-61 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-61 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-169
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-169
- inet/filter/limit-169 -m recent --name limit-169 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-61
inet6/filter/limit-169 -m recent --name limit-169 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-61
- inet/filter/logdrop-61 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-169 -m recent --name limit-169 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-61 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-61 -j DROP
inet6/filter/logdrop-61 -j DROP
- inet/filter/limit-169 -m recent --name limit-169 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-169 -m recent --name limit-169 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 171 {"conn-limit":{"interval":5},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-170
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-170
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-170
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-170
inet/filter/limit-170 -m recent --name limit-170 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-62
- inet6/filter/limit-170 -m recent --name limit-170 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-62
+ inet/filter/limit-170 -m limit --limit 1/second -j LOG
+ inet/filter/limit-170 -m recent --name limit-170 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-62 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-62 -m limit --limit 1/second -j LOG
inet/filter/logdrop-62 -j DROP
- inet6/filter/logdrop-62 -j DROP
- inet/filter/limit-170 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-170
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-170
+ inet6/filter/limit-170 -m recent --name limit-170 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-62
inet6/filter/limit-170 -m limit --limit 1/second -j LOG
- inet/filter/limit-170 -m recent --name limit-170 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-170 -m recent --name limit-170 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-62 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-62 -j DROP
Filter 172 {"action":"pass","conn-limit":{"interval":5},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-171
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-171
+ inet/filter/limit-171 -m recent --name limit-171 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-63
+ inet/filter/limit-171 -m recent --name limit-171 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-63 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-63 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-171
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-171
- inet/filter/limit-171 -m recent --name limit-171 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-63
inet6/filter/limit-171 -m recent --name limit-171 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-63
- inet/filter/logdrop-63 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-171 -m recent --name limit-171 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-63 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-63 -j DROP
inet6/filter/logdrop-63 -j DROP
- inet/filter/limit-171 -m recent --name limit-171 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-171 -m recent --name limit-171 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 173 {"conn-limit":{"interval":5},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-172
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-172
+ inet/filter/limit-172 -m recent --name limit-172 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-64
+ inet/filter/limit-172 -m recent --name limit-172 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-64 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-64 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-172
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-172
- inet/filter/limit-172 -m recent --name limit-172 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-64
inet6/filter/limit-172 -m recent --name limit-172 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-64
- inet/filter/logdrop-64 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-172 -m recent --name limit-172 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-64 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-64 -j DROP
inet6/filter/logdrop-64 -j DROP
- inet/filter/limit-172 -m recent --name limit-172 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-172 -m recent --name limit-172 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 174 {"action":"pass","conn-limit":{"interval":5},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-173
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-173
+ inet/filter/limit-173 -m recent --name limit-173 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-65
+ inet/filter/limit-173 -m recent --name limit-173 --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-65 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-65 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-173
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-173
- inet/filter/limit-173 -m recent --name limit-173 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-65
inet6/filter/limit-173 -m recent --name limit-173 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-65
- inet/filter/logdrop-65 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-173 -m recent --name limit-173 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-65 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-65 -j DROP
inet6/filter/logdrop-65 -j DROP
- inet/filter/limit-173 -m recent --name limit-173 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-173 -m recent --name limit-173 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 175 {"conn-limit":{"interval":5,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-174
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-174
+ inet/filter/limit-174 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-66
+ inet/filter/limit-174 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-66 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-66 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-174
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-174
- inet/filter/limit-174 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-66
inet6/filter/limit-174 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-66
- inet/filter/logdrop-66 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-174 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-66 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-66 -j DROP
inet6/filter/logdrop-66 -j DROP
- inet/filter/limit-174 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-174 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 176 {"action":"pass","conn-limit":{"interval":5,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-175
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-175
+ inet/filter/limit-175 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-67
+ inet/filter/limit-175 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-67 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-67 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-175
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-175
- inet/filter/limit-175 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-67
inet6/filter/limit-175 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-67
- inet/filter/logdrop-67 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-175 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-67 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-67 -j DROP
inet6/filter/logdrop-67 -j DROP
- inet/filter/limit-175 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-175 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 177 {"conn-limit":{"interval":5,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-176
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-176
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-176
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-176
inet/filter/limit-176 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-68
- inet6/filter/limit-176 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-68
+ inet/filter/limit-176 -m limit --limit 1/second -j LOG
+ inet/filter/limit-176 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-68 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-68 -m limit --limit 1/second -j LOG
inet/filter/logdrop-68 -j DROP
- inet6/filter/logdrop-68 -j DROP
- inet/filter/limit-176 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-176
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-176
+ inet6/filter/limit-176 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-68
inet6/filter/limit-176 -m limit --limit 1/second -j LOG
- inet/filter/limit-176 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-176 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-68 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-68 -j DROP
Filter 178 {"action":"pass","conn-limit":{"interval":5,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-177
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-177
+ inet/filter/limit-177 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-69
+ inet/filter/limit-177 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-69 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-69 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-177
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-177
- inet/filter/limit-177 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-69
inet6/filter/limit-177 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-69
- inet/filter/logdrop-69 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-177 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-69 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-69 -j DROP
inet6/filter/logdrop-69 -j DROP
- inet/filter/limit-177 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-177 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 179 {"conn-limit":{"interval":5,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-178
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-178
+ inet/filter/limit-178 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-70
+ inet/filter/limit-178 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-70 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-70 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-178
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-178
- inet/filter/limit-178 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-70
inet6/filter/limit-178 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-70
- inet/filter/logdrop-70 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-178 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-70 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-70 -j DROP
inet6/filter/logdrop-70 -j DROP
- inet/filter/limit-178 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-178 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 180 {"action":"pass","conn-limit":{"interval":5,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-179
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-179
+ inet/filter/limit-179 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-71
+ inet/filter/limit-179 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/logdrop-71 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-71 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-179
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-179
- inet/filter/limit-179 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-71
inet6/filter/limit-179 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-71
- inet/filter/logdrop-71 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-179 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-71 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-71 -j DROP
inet6/filter/logdrop-71 -j DROP
- inet/filter/limit-179 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-179 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 181 {"conn-limit":{"interval":5,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-180
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-180
+ inet/filter/limit-180 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-72
+ inet/filter/limit-180 -j ACCEPT
+ inet/filter/logdrop-72 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-72 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-180
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-180
- inet/filter/limit-180 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-72
inet6/filter/limit-180 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-72
- inet/filter/logdrop-72 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-180 -j ACCEPT
inet6/filter/logdrop-72 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-72 -j DROP
inet6/filter/logdrop-72 -j DROP
- inet/filter/limit-180 -j ACCEPT
- inet6/filter/limit-180 -j ACCEPT
Filter 182 {"action":"pass","conn-limit":{"interval":5,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-181
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-181
+ inet/filter/limit-181 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-73
+ inet/filter/logdrop-73 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-73 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-181
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-181
- inet/filter/limit-181 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-73
inet6/filter/limit-181 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-73
- inet/filter/logdrop-73 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-73 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-73 -j DROP
inet6/filter/logdrop-73 -j DROP
Filter 183 {"conn-limit":{"interval":5,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-182
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-182
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-182
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-182
inet/filter/limit-182 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-74
- inet6/filter/limit-182 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-74
+ inet/filter/limit-182 -m limit --limit 1/second -j LOG
+ inet/filter/limit-182 -j ACCEPT
inet/filter/logdrop-74 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-74 -m limit --limit 1/second -j LOG
inet/filter/logdrop-74 -j DROP
- inet6/filter/logdrop-74 -j DROP
- inet/filter/limit-182 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-182
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-182
+ inet6/filter/limit-182 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-74
inet6/filter/limit-182 -m limit --limit 1/second -j LOG
- inet/filter/limit-182 -j ACCEPT
inet6/filter/limit-182 -j ACCEPT
+ inet6/filter/logdrop-74 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-74 -j DROP
Filter 184 {"action":"pass","conn-limit":{"interval":5,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-183
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-183
+ inet/filter/limit-183 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-75
+ inet/filter/limit-183 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-75 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-75 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-183
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-183
- inet/filter/limit-183 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-75
inet6/filter/limit-183 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-75
- inet/filter/logdrop-75 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-183 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-75 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-75 -j DROP
inet6/filter/logdrop-75 -j DROP
- inet/filter/limit-183 -m limit --limit 1/second -j LOG
- inet6/filter/limit-183 -m limit --limit 1/second -j LOG
Filter 185 {"conn-limit":{"interval":5,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-184
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-184
+ inet/filter/limit-184 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-76
+ inet/filter/limit-184 -j ACCEPT
+ inet/filter/logdrop-76 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-76 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-184
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-184
- inet/filter/limit-184 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-76
inet6/filter/limit-184 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-76
- inet/filter/logdrop-76 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-184 -j ACCEPT
inet6/filter/logdrop-76 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-76 -j DROP
inet6/filter/logdrop-76 -j DROP
- inet/filter/limit-184 -j ACCEPT
- inet6/filter/limit-184 -j ACCEPT
Filter 186 {"action":"pass","conn-limit":{"interval":5,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-185
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-185
+ inet/filter/limit-185 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-77
+ inet/filter/logdrop-77 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-77 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-185
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-185
- inet/filter/limit-185 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-77
inet6/filter/limit-185 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-77
- inet/filter/logdrop-77 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-77 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-77 -j DROP
inet6/filter/logdrop-77 -j DROP
Filter 187 {"conn-limit":{"addr":"dest","interval":5,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-186
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-186
+ inet/filter/limit-186 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-78
+ inet/filter/limit-186 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-78 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-78 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-186
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-186
- inet/filter/limit-186 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-78
inet6/filter/limit-186 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-78
- inet/filter/logdrop-78 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-186 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-78 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-78 -j DROP
inet6/filter/logdrop-78 -j DROP
- inet/filter/limit-186 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-186 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 188 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-187
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-187
+ inet/filter/limit-187 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-79
+ inet/filter/limit-187 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet/filter/logdrop-79 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-79 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-187
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-187
- inet/filter/limit-187 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-79
inet6/filter/limit-187 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-79
- inet/filter/logdrop-79 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-187 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-79 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-79 -j DROP
inet6/filter/logdrop-79 -j DROP
- inet/filter/limit-187 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-187 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 189 {"conn-limit":{"addr":"dest","interval":5,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-188
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-188
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-188
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-188
inet/filter/limit-188 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-80
- inet6/filter/limit-188 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-80
+ inet/filter/limit-188 -m limit --limit 1/second -j LOG
+ inet/filter/limit-188 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-80 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-80 -m limit --limit 1/second -j LOG
inet/filter/logdrop-80 -j DROP
- inet6/filter/logdrop-80 -j DROP
- inet/filter/limit-188 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-188
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-188
+ inet6/filter/limit-188 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-80
inet6/filter/limit-188 -m limit --limit 1/second -j LOG
- inet/filter/limit-188 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-188 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-80 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-80 -j DROP
Filter 190 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-189
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-189
+ inet/filter/limit-189 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-81
+ inet/filter/limit-189 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-81 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-81 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-189
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-189
- inet/filter/limit-189 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-81
inet6/filter/limit-189 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-81
- inet/filter/logdrop-81 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-189 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-81 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-81 -j DROP
inet6/filter/logdrop-81 -j DROP
- inet/filter/limit-189 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-189 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 191 {"conn-limit":{"addr":"dest","interval":5,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-190
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-190
+ inet/filter/limit-190 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-82
+ inet/filter/limit-190 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet/filter/logdrop-82 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-82 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-190
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-190
- inet/filter/limit-190 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-82
inet6/filter/limit-190 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-82
- inet/filter/logdrop-82 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-190 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
inet6/filter/logdrop-82 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-82 -j DROP
inet6/filter/logdrop-82 -j DROP
- inet/filter/limit-190 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-190 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 192 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-191
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-191
+ inet/filter/limit-191 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-83
+ inet/filter/limit-191 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet/filter/logdrop-83 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-83 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-191
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-191
- inet/filter/limit-191 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-83
inet6/filter/limit-191 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-83
- inet/filter/logdrop-83 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-191 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logdrop-83 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-83 -j DROP
inet6/filter/logdrop-83 -j DROP
- inet/filter/limit-191 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-191 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 193 {"conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-192
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-192
+ inet/filter/limit-192 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-84
+ inet/filter/limit-192 -j ACCEPT
+ inet/filter/logdrop-84 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-84 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-192
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-192
- inet/filter/limit-192 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-84
inet6/filter/limit-192 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-84
- inet/filter/logdrop-84 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-192 -j ACCEPT
inet6/filter/logdrop-84 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-84 -j DROP
inet6/filter/logdrop-84 -j DROP
- inet/filter/limit-192 -j ACCEPT
- inet6/filter/limit-192 -j ACCEPT
Filter 194 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-193
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-193
+ inet/filter/limit-193 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-85
+ inet/filter/logdrop-85 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-85 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-193
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-193
- inet/filter/limit-193 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-85
inet6/filter/limit-193 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-85
- inet/filter/logdrop-85 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-85 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-85 -j DROP
inet6/filter/logdrop-85 -j DROP
Filter 195 {"conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-194
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-194
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-194
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-194
inet/filter/limit-194 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-86
- inet6/filter/limit-194 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-86
+ inet/filter/limit-194 -m limit --limit 1/second -j LOG
+ inet/filter/limit-194 -j ACCEPT
inet/filter/logdrop-86 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-86 -m limit --limit 1/second -j LOG
inet/filter/logdrop-86 -j DROP
- inet6/filter/logdrop-86 -j DROP
- inet/filter/limit-194 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-194
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-194
+ inet6/filter/limit-194 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-86
inet6/filter/limit-194 -m limit --limit 1/second -j LOG
- inet/filter/limit-194 -j ACCEPT
inet6/filter/limit-194 -j ACCEPT
+ inet6/filter/logdrop-86 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-86 -j DROP
Filter 196 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-195
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-195
+ inet/filter/limit-195 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-87
+ inet/filter/limit-195 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-87 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-87 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-195
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-195
- inet/filter/limit-195 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-87
inet6/filter/limit-195 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-87
- inet/filter/logdrop-87 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-195 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-87 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-87 -j DROP
inet6/filter/logdrop-87 -j DROP
- inet/filter/limit-195 -m limit --limit 1/second -j LOG
- inet6/filter/limit-195 -m limit --limit 1/second -j LOG
Filter 197 {"conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-196
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-196
+ inet/filter/limit-196 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-88
+ inet/filter/limit-196 -j ACCEPT
+ inet/filter/logdrop-88 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-88 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-196
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-196
- inet/filter/limit-196 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-88
inet6/filter/limit-196 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-88
- inet/filter/logdrop-88 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-196 -j ACCEPT
inet6/filter/logdrop-88 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-88 -j DROP
inet6/filter/logdrop-88 -j DROP
- inet/filter/limit-196 -j ACCEPT
- inet6/filter/limit-196 -j ACCEPT
Filter 198 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-197
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-197
+ inet/filter/limit-197 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-89
+ inet/filter/logdrop-89 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-89 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-197
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-197
- inet/filter/limit-197 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-89
inet6/filter/limit-197 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-89
- inet/filter/logdrop-89 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-89 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-89 -j DROP
inet6/filter/logdrop-89 -j DROP
Filter 199 {"conn-limit":{"interval":5,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-198
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-198
+ inet/filter/limit-198 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-90
+ inet/filter/limit-198 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet/filter/logdrop-90 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-90 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-198
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-198
- inet/filter/limit-198 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-90
inet6/filter/limit-198 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-90
- inet/filter/logdrop-90 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-198 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
inet6/filter/logdrop-90 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-90 -j DROP
inet6/filter/logdrop-90 -j DROP
- inet/filter/limit-198 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-198 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 200 {"action":"pass","conn-limit":{"interval":5,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-199
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-199
+ inet/filter/limit-199 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-91
+ inet/filter/limit-199 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet/filter/logdrop-91 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-91 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-199
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-199
- inet/filter/limit-199 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-91
inet6/filter/limit-199 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-91
- inet/filter/logdrop-91 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-199 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logdrop-91 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-91 -j DROP
inet6/filter/logdrop-91 -j DROP
- inet/filter/limit-199 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-199 -m recent --name user:C --rsource --mask fe00:: --set
Filter 201 {"conn-limit":{"interval":5,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-200
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-200
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-200
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-200
inet/filter/limit-200 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-92
- inet6/filter/limit-200 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-92
+ inet/filter/limit-200 -m limit --limit 1/second -j LOG
+ inet/filter/limit-200 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-92 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-92 -m limit --limit 1/second -j LOG
inet/filter/logdrop-92 -j DROP
- inet6/filter/logdrop-92 -j DROP
- inet/filter/limit-200 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-200
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-200
+ inet6/filter/limit-200 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-92
inet6/filter/limit-200 -m limit --limit 1/second -j LOG
- inet/filter/limit-200 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-200 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-92 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-92 -j DROP
Filter 202 {"action":"pass","conn-limit":{"interval":5,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-201
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-201
+ inet/filter/limit-201 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-93
+ inet/filter/limit-201 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-93 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-93 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-201
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-201
- inet/filter/limit-201 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-93
inet6/filter/limit-201 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-93
- inet/filter/logdrop-93 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-201 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-93 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-93 -j DROP
inet6/filter/logdrop-93 -j DROP
- inet/filter/limit-201 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-201 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 203 {"conn-limit":{"interval":5,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-202
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-202
+ inet/filter/limit-202 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-94
+ inet/filter/limit-202 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet/filter/logdrop-94 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-94 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-202
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-202
- inet/filter/limit-202 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-94
inet6/filter/limit-202 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-94
- inet/filter/logdrop-94 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-202 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
inet6/filter/logdrop-94 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-94 -j DROP
inet6/filter/logdrop-94 -j DROP
- inet/filter/limit-202 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-202 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 204 {"action":"pass","conn-limit":{"interval":5,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-203
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-203
+ inet/filter/limit-203 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-95
+ inet/filter/limit-203 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet/filter/logdrop-95 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-95 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-203
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-203
- inet/filter/limit-203 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-95
inet6/filter/limit-203 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-95
- inet/filter/logdrop-95 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-203 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logdrop-95 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-95 -j DROP
inet6/filter/logdrop-95 -j DROP
- inet/filter/limit-203 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-203 -m recent --name user:C --rsource --mask fe00:: --set
Filter 205 {"conn-limit":{"interval":5,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-204
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-204
+ inet/filter/limit-204 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-96
+ inet/filter/limit-204 -j ACCEPT
+ inet/filter/logdrop-96 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-96 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-204
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-204
- inet/filter/limit-204 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-96
inet6/filter/limit-204 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-96
- inet/filter/logdrop-96 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-204 -j ACCEPT
inet6/filter/logdrop-96 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-96 -j DROP
inet6/filter/logdrop-96 -j DROP
- inet/filter/limit-204 -j ACCEPT
- inet6/filter/limit-204 -j ACCEPT
Filter 206 {"action":"pass","conn-limit":{"interval":5,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-205
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-205
+ inet/filter/limit-205 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-97
+ inet/filter/logdrop-97 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-97 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-205
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-205
- inet/filter/limit-205 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-97
inet6/filter/limit-205 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-97
- inet/filter/logdrop-97 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-97 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-97 -j DROP
inet6/filter/logdrop-97 -j DROP
Filter 207 {"conn-limit":{"interval":5,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-206
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-206
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-206
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-206
inet/filter/limit-206 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-98
- inet6/filter/limit-206 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-98
+ inet/filter/limit-206 -m limit --limit 1/second -j LOG
+ inet/filter/limit-206 -j ACCEPT
inet/filter/logdrop-98 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-98 -m limit --limit 1/second -j LOG
inet/filter/logdrop-98 -j DROP
- inet6/filter/logdrop-98 -j DROP
- inet/filter/limit-206 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-206
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-206
+ inet6/filter/limit-206 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-98
inet6/filter/limit-206 -m limit --limit 1/second -j LOG
- inet/filter/limit-206 -j ACCEPT
inet6/filter/limit-206 -j ACCEPT
+ inet6/filter/logdrop-98 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-98 -j DROP
Filter 208 {"action":"pass","conn-limit":{"interval":5,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-207
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-207
+ inet/filter/limit-207 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-99
+ inet/filter/limit-207 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-99 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-99 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-207
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-207
- inet/filter/limit-207 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-99
inet6/filter/limit-207 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-99
- inet/filter/logdrop-99 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-207 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-99 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-99 -j DROP
inet6/filter/logdrop-99 -j DROP
- inet/filter/limit-207 -m limit --limit 1/second -j LOG
- inet6/filter/limit-207 -m limit --limit 1/second -j LOG
Filter 209 {"conn-limit":{"interval":5,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-208
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-208
+ inet/filter/limit-208 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-100
+ inet/filter/limit-208 -j ACCEPT
+ inet/filter/logdrop-100 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-100 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-208
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-208
- inet/filter/limit-208 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-100
inet6/filter/limit-208 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-100
- inet/filter/logdrop-100 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-208 -j ACCEPT
inet6/filter/logdrop-100 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-100 -j DROP
inet6/filter/logdrop-100 -j DROP
- inet/filter/limit-208 -j ACCEPT
- inet6/filter/limit-208 -j ACCEPT
Filter 210 {"action":"pass","conn-limit":{"interval":5,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-209
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-209
+ inet/filter/limit-209 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-101
+ inet/filter/logdrop-101 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-101 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-209
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-209
- inet/filter/limit-209 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-101
inet6/filter/limit-209 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-101
- inet/filter/logdrop-101 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-101 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-101 -j DROP
inet6/filter/logdrop-101 -j DROP
Filter 211 {"conn-limit":{"addr":"dest","interval":5,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-210
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-210
+ inet/filter/limit-210 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-102
+ inet/filter/limit-210 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet/filter/logdrop-102 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-102 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-210
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-210
- inet/filter/limit-210 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-102
inet6/filter/limit-210 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-102
- inet/filter/logdrop-102 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-210 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
inet6/filter/logdrop-102 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-102 -j DROP
inet6/filter/logdrop-102 -j DROP
- inet/filter/limit-210 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-210 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 212 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-211
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-211
+ inet/filter/limit-211 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-103
+ inet/filter/limit-211 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet/filter/logdrop-103 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-103 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-211
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-211
- inet/filter/limit-211 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-103
inet6/filter/limit-211 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-103
- inet/filter/logdrop-103 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-211 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logdrop-103 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-103 -j DROP
inet6/filter/logdrop-103 -j DROP
- inet/filter/limit-211 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-211 -m recent --name user:C --rdest --mask fe00:: --set
Filter 213 {"conn-limit":{"addr":"dest","interval":5,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-212
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-212
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-212
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-212
inet/filter/limit-212 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-104
- inet6/filter/limit-212 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-104
+ inet/filter/limit-212 -m limit --limit 1/second -j LOG
+ inet/filter/limit-212 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-104 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-104 -m limit --limit 1/second -j LOG
inet/filter/logdrop-104 -j DROP
- inet6/filter/logdrop-104 -j DROP
- inet/filter/limit-212 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-212
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-212
+ inet6/filter/limit-212 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-104
inet6/filter/limit-212 -m limit --limit 1/second -j LOG
- inet/filter/limit-212 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-212 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-104 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-104 -j DROP
Filter 214 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-213
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-213
+ inet/filter/limit-213 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-105
+ inet/filter/limit-213 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-105 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-105 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-213
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-213
- inet/filter/limit-213 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-105
inet6/filter/limit-213 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-105
- inet/filter/logdrop-105 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-213 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/filter/logdrop-105 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-105 -j DROP
inet6/filter/logdrop-105 -j DROP
- inet/filter/limit-213 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-213 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 215 {"conn-limit":{"addr":"dest","interval":5,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-214
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-214
+ inet/filter/limit-214 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-106
+ inet/filter/limit-214 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet/filter/logdrop-106 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-106 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-214
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-214
- inet/filter/limit-214 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-106
inet6/filter/limit-214 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-106
- inet/filter/logdrop-106 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-214 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
inet6/filter/logdrop-106 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-106 -j DROP
inet6/filter/logdrop-106 -j DROP
- inet/filter/limit-214 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-214 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 216 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-215
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-215
+ inet/filter/limit-215 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-107
+ inet/filter/limit-215 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet/filter/logdrop-107 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-107 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-215
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-215
- inet/filter/limit-215 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-107
inet6/filter/limit-215 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-107
- inet/filter/logdrop-107 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-215 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logdrop-107 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-107 -j DROP
inet6/filter/logdrop-107 -j DROP
- inet/filter/limit-215 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-215 -m recent --name user:C --rdest --mask fe00:: --set
Filter 217 {"conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-216
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-216
+ inet/filter/limit-216 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-108
+ inet/filter/limit-216 -j ACCEPT
+ inet/filter/logdrop-108 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-108 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-216
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-216
- inet/filter/limit-216 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-108
inet6/filter/limit-216 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-108
- inet/filter/logdrop-108 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-216 -j ACCEPT
inet6/filter/logdrop-108 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-108 -j DROP
inet6/filter/logdrop-108 -j DROP
- inet/filter/limit-216 -j ACCEPT
- inet6/filter/limit-216 -j ACCEPT
Filter 218 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-217
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-217
+ inet/filter/limit-217 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-109
+ inet/filter/logdrop-109 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-109 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-217
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-217
- inet/filter/limit-217 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-109
inet6/filter/limit-217 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-109
- inet/filter/logdrop-109 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-109 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-109 -j DROP
inet6/filter/logdrop-109 -j DROP
Filter 219 {"conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-218
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-218
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-218
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-218
inet/filter/limit-218 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-110
- inet6/filter/limit-218 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-110
+ inet/filter/limit-218 -m limit --limit 1/second -j LOG
+ inet/filter/limit-218 -j ACCEPT
inet/filter/logdrop-110 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-110 -m limit --limit 1/second -j LOG
inet/filter/logdrop-110 -j DROP
- inet6/filter/logdrop-110 -j DROP
- inet/filter/limit-218 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-218
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-218
+ inet6/filter/limit-218 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-110
inet6/filter/limit-218 -m limit --limit 1/second -j LOG
- inet/filter/limit-218 -j ACCEPT
inet6/filter/limit-218 -j ACCEPT
+ inet6/filter/logdrop-110 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-110 -j DROP
Filter 220 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-219
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-219
+ inet/filter/limit-219 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-111
+ inet/filter/limit-219 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-111 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-111 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-219
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-219
- inet/filter/limit-219 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-111
inet6/filter/limit-219 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-111
- inet/filter/logdrop-111 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-219 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-111 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-111 -j DROP
inet6/filter/logdrop-111 -j DROP
- inet/filter/limit-219 -m limit --limit 1/second -j LOG
- inet6/filter/limit-219 -m limit --limit 1/second -j LOG
Filter 221 {"conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-220
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-220
+ inet/filter/limit-220 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-112
+ inet/filter/limit-220 -j ACCEPT
+ inet/filter/logdrop-112 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-112 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-220
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-220
- inet/filter/limit-220 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-112
inet6/filter/limit-220 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-112
- inet/filter/logdrop-112 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-220 -j ACCEPT
inet6/filter/logdrop-112 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-112 -j DROP
inet6/filter/logdrop-112 -j DROP
- inet/filter/limit-220 -j ACCEPT
- inet6/filter/limit-220 -j ACCEPT
Filter 222 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-221
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-221
+ inet/filter/limit-221 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-113
+ inet/filter/logdrop-113 -m limit --limit 1/second -j LOG
+ inet/filter/logdrop-113 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-221
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-221
- inet/filter/limit-221 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-113
inet6/filter/limit-221 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-113
- inet/filter/logdrop-113 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-113 -m limit --limit 1/second -j LOG
- inet/filter/logdrop-113 -j DROP
inet6/filter/logdrop-113 -j DROP
Filter 223 {"conn-limit":{"interval":5,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-222
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-222
+ inet/filter/limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-222
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-222
- inet/filter/limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-222 -m recent --name limit-222 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-222 -m recent --name limit-222 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-222 -m recent --name limit-222 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 224 {"action":"pass","conn-limit":{"interval":5,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-223
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-223
+ inet/filter/limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-223
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-223
- inet/filter/limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-223 -m recent --name limit-223 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-223 -m recent --name limit-223 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-223 -m recent --name limit-223 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 225 {"conn-limit":{"interval":5,"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-224
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-224
+ inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-224 -m limit --limit 1/second -j LOG
+ inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-224
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-224
- inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-224 -m limit --limit 1/second -j LOG
inet6/filter/limit-224 -m limit --limit 1/second -j LOG
- inet/filter/limit-224 -m recent --name limit-224 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-224 -m recent --name limit-224 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 226 {"action":"pass","conn-limit":{"interval":5,"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-225
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-225
+ inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-225
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-225
- inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-225 -m recent --name limit-225 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-225 -m recent --name limit-225 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 227 {"conn-limit":{"interval":5,"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-226
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-226
+ inet/filter/limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-226
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-226
- inet/filter/limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-226 -m recent --name limit-226 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-226 -m recent --name limit-226 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 228 {"action":"pass","conn-limit":{"interval":5,"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-227
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-227
+ inet/filter/limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-227
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-227
- inet/filter/limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-227 -m recent --name limit-227 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-227 -m recent --name limit-227 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 229 {"conn-limit":{"interval":5,"log":false,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-228
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-228
+ inet/filter/limit-228 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-228 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-228
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-228
- inet/filter/limit-228 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-228 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-228 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-228 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 230 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-229
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-229
+ inet/filter/limit-229 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-229 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-229
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-229
- inet/filter/limit-229 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-229 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-229 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/limit-229 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 231 {"conn-limit":{"interval":5,"log":false,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-230
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-230
+ inet/filter/limit-230 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-230 -m limit --limit 1/second -j LOG
+ inet/filter/limit-230 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-230
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-230
- inet/filter/limit-230 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-230 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-230 -m limit --limit 1/second -j LOG
inet6/filter/limit-230 -m limit --limit 1/second -j LOG
- inet/filter/limit-230 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-230 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 232 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-231
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-231
+ inet/filter/limit-231 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-231 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-231
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-231
- inet/filter/limit-231 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-231 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-231 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-231 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 233 {"conn-limit":{"interval":5,"log":false,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-232
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-232
+ inet/filter/limit-232 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-232 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-232
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-232
- inet/filter/limit-232 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-232 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-232 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-232 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 234 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-233
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-233
+ inet/filter/limit-233 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-233 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-233
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-233
- inet/filter/limit-233 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-233 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-233 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/limit-233 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 235 {"conn-limit":{"interval":5,"log":false,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-234
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-234
+ inet/filter/limit-234 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-234 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-234
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-234
- inet/filter/limit-234 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-234 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-234 -j ACCEPT
inet6/filter/limit-234 -j ACCEPT
Filter 236 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-235
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-235
+ inet/filter/limit-235 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-235
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-235
- inet/filter/limit-235 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-235 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 237 {"conn-limit":{"interval":5,"log":false,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-236
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-236
+ inet/filter/limit-236 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-236 -m limit --limit 1/second -j LOG
+ inet/filter/limit-236 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-236
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-236
- inet/filter/limit-236 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-236 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-236 -m limit --limit 1/second -j LOG
inet6/filter/limit-236 -m limit --limit 1/second -j LOG
- inet/filter/limit-236 -j ACCEPT
inet6/filter/limit-236 -j ACCEPT
Filter 238 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-237
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-237
+ inet/filter/limit-237 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-237 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-237
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-237
- inet/filter/limit-237 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-237 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-237 -m limit --limit 1/second -j LOG
inet6/filter/limit-237 -m limit --limit 1/second -j LOG
Filter 239 {"conn-limit":{"interval":5,"log":false,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-238
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-238
+ inet/filter/limit-238 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-238 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-238
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-238
- inet/filter/limit-238 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-238 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-238 -j ACCEPT
inet6/filter/limit-238 -j ACCEPT
Filter 240 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-239
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-239
+ inet/filter/limit-239 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-239
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-239
- inet/filter/limit-239 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-239 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 241 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-240
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-240
+ inet/filter/limit-240 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-240 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-240
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-240
- inet/filter/limit-240 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-240 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-240 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-240 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 242 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-241
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-241
+ inet/filter/limit-241 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-241 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-241
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-241
- inet/filter/limit-241 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-241 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-241 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/limit-241 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 243 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-242
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-242
+ inet/filter/limit-242 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-242 -m limit --limit 1/second -j LOG
+ inet/filter/limit-242 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-242
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-242
- inet/filter/limit-242 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-242 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-242 -m limit --limit 1/second -j LOG
inet6/filter/limit-242 -m limit --limit 1/second -j LOG
- inet/filter/limit-242 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-242 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 244 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-243
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-243
+ inet/filter/limit-243 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-243 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-243
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-243
- inet/filter/limit-243 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-243 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-243 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-243 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 245 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-244
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-244
+ inet/filter/limit-244 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-244 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-244
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-244
- inet/filter/limit-244 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-244 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-244 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-244 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 246 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-245
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-245
+ inet/filter/limit-245 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-245 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-245
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-245
- inet/filter/limit-245 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-245 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-245 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/limit-245 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 247 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-246
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-246
+ inet/filter/limit-246 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-246 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-246
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-246
- inet/filter/limit-246 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-246 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-246 -j ACCEPT
inet6/filter/limit-246 -j ACCEPT
Filter 248 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-247
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-247
+ inet/filter/limit-247 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-247
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-247
- inet/filter/limit-247 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-247 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 249 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-248
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-248
+ inet/filter/limit-248 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-248 -m limit --limit 1/second -j LOG
+ inet/filter/limit-248 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-248
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-248
- inet/filter/limit-248 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-248 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-248 -m limit --limit 1/second -j LOG
inet6/filter/limit-248 -m limit --limit 1/second -j LOG
- inet/filter/limit-248 -j ACCEPT
inet6/filter/limit-248 -j ACCEPT
Filter 250 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-249
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-249
+ inet/filter/limit-249 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-249 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-249
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-249
- inet/filter/limit-249 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-249 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-249 -m limit --limit 1/second -j LOG
inet6/filter/limit-249 -m limit --limit 1/second -j LOG
Filter 251 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-250
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-250
+ inet/filter/limit-250 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-250 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-250
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-250
- inet/filter/limit-250 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-250 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-250 -j ACCEPT
inet6/filter/limit-250 -j ACCEPT
Filter 252 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-251
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-251
+ inet/filter/limit-251 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-251
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-251
- inet/filter/limit-251 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-251 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 253 {"conn-limit":{"interval":5,"log":false,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-252
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-252
+ inet/filter/limit-252 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-252 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-252
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-252
- inet/filter/limit-252 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-252 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-252 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-252 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 254 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-253
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-253
+ inet/filter/limit-253 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-253 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-253
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-253
- inet/filter/limit-253 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-253 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-253 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/limit-253 -m recent --name user:C --rsource --mask fe00:: --set
Filter 255 {"conn-limit":{"interval":5,"log":false,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-254
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-254
+ inet/filter/limit-254 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-254 -m limit --limit 1/second -j LOG
+ inet/filter/limit-254 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-254
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-254
- inet/filter/limit-254 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-254 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-254 -m limit --limit 1/second -j LOG
inet6/filter/limit-254 -m limit --limit 1/second -j LOG
- inet/filter/limit-254 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-254 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 256 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-255
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-255
+ inet/filter/limit-255 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-255 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-255
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-255
- inet/filter/limit-255 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-255 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-255 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-255 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 257 {"conn-limit":{"interval":5,"log":false,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-256
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-256
+ inet/filter/limit-256 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-256 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-256
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-256
- inet/filter/limit-256 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-256 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-256 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-256 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 258 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-257
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-257
+ inet/filter/limit-257 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-257 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-257
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-257
- inet/filter/limit-257 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-257 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-257 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/limit-257 -m recent --name user:C --rsource --mask fe00:: --set
Filter 259 {"conn-limit":{"interval":5,"log":false,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-258
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-258
+ inet/filter/limit-258 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-258 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-258
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-258
- inet/filter/limit-258 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-258 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-258 -j ACCEPT
inet6/filter/limit-258 -j ACCEPT
Filter 260 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-259
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-259
+ inet/filter/limit-259 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-259
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-259
- inet/filter/limit-259 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-259 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 261 {"conn-limit":{"interval":5,"log":false,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-260
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-260
+ inet/filter/limit-260 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-260 -m limit --limit 1/second -j LOG
+ inet/filter/limit-260 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-260
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-260
- inet/filter/limit-260 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-260 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-260 -m limit --limit 1/second -j LOG
inet6/filter/limit-260 -m limit --limit 1/second -j LOG
- inet/filter/limit-260 -j ACCEPT
inet6/filter/limit-260 -j ACCEPT
Filter 262 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-261
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-261
+ inet/filter/limit-261 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-261 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-261
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-261
- inet/filter/limit-261 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-261 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-261 -m limit --limit 1/second -j LOG
inet6/filter/limit-261 -m limit --limit 1/second -j LOG
Filter 263 {"conn-limit":{"interval":5,"log":false,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-262
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-262
+ inet/filter/limit-262 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-262 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-262
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-262
- inet/filter/limit-262 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-262 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-262 -j ACCEPT
inet6/filter/limit-262 -j ACCEPT
Filter 264 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-263
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-263
+ inet/filter/limit-263 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-263
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-263
- inet/filter/limit-263 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-263 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 265 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-264
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-264
+ inet/filter/limit-264 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-264 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-264
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-264
- inet/filter/limit-264 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-264 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-264 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-264 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 266 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-265
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-265
+ inet/filter/limit-265 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-265 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-265
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-265
- inet/filter/limit-265 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-265 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-265 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/limit-265 -m recent --name user:C --rdest --mask fe00:: --set
Filter 267 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-266
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-266
+ inet/filter/limit-266 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-266 -m limit --limit 1/second -j LOG
+ inet/filter/limit-266 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-266
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-266
- inet/filter/limit-266 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-266 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-266 -m limit --limit 1/second -j LOG
inet6/filter/limit-266 -m limit --limit 1/second -j LOG
- inet/filter/limit-266 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-266 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 268 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-267
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-267
+ inet/filter/limit-267 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-267 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-267
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-267
- inet/filter/limit-267 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-267 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-267 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-267 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 269 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-268
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-268
+ inet/filter/limit-268 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-268 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-268
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-268
- inet/filter/limit-268 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-268 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-268 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-268 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 270 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-269
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-269
+ inet/filter/limit-269 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-269 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-269
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-269
- inet/filter/limit-269 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-269 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-269 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/limit-269 -m recent --name user:C --rdest --mask fe00:: --set
Filter 271 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-270
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-270
+ inet/filter/limit-270 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-270 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-270
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-270
- inet/filter/limit-270 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-270 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-270 -j ACCEPT
inet6/filter/limit-270 -j ACCEPT
Filter 272 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-271
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-271
+ inet/filter/limit-271 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-271
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-271
- inet/filter/limit-271 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-271 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 273 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-272
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-272
+ inet/filter/limit-272 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-272 -m limit --limit 1/second -j LOG
+ inet/filter/limit-272 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-272
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-272
- inet/filter/limit-272 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-272 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-272 -m limit --limit 1/second -j LOG
inet6/filter/limit-272 -m limit --limit 1/second -j LOG
- inet/filter/limit-272 -j ACCEPT
inet6/filter/limit-272 -j ACCEPT
Filter 274 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-273
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-273
+ inet/filter/limit-273 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-273 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-273
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-273
- inet/filter/limit-273 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-273 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-273 -m limit --limit 1/second -j LOG
inet6/filter/limit-273 -m limit --limit 1/second -j LOG
Filter 275 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-274
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-274
+ inet/filter/limit-274 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-274 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-274
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-274
- inet/filter/limit-274 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-274 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-274 -j ACCEPT
inet6/filter/limit-274 -j ACCEPT
Filter 276 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-275
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-275
+ inet/filter/limit-275 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-275
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-275
- inet/filter/limit-275 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-275 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 277 {"conn-limit":{"interval":5,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-276
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-276
+ inet/filter/limit-276 -m recent --name limit-276 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-276 -m recent --name limit-276 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-276
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-276
- inet/filter/limit-276 -m recent --name limit-276 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-276 -m recent --name limit-276 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-276 -m recent --name limit-276 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-276 -m recent --name limit-276 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 278 {"action":"pass","conn-limit":{"interval":5,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-277
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-277
+ inet/filter/limit-277 -m recent --name limit-277 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-277 -m recent --name limit-277 --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-277
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-277
- inet/filter/limit-277 -m recent --name limit-277 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-277 -m recent --name limit-277 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-277 -m recent --name limit-277 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-277 -m recent --name limit-277 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 279 {"conn-limit":{"interval":5,"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-278
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-278
+ inet/filter/limit-278 -m recent --name limit-278 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-278 -m limit --limit 1/second -j LOG
+ inet/filter/limit-278 -m recent --name limit-278 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-278
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-278
- inet/filter/limit-278 -m recent --name limit-278 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-278 -m recent --name limit-278 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-278 -m limit --limit 1/second -j LOG
inet6/filter/limit-278 -m limit --limit 1/second -j LOG
- inet/filter/limit-278 -m recent --name limit-278 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-278 -m recent --name limit-278 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 280 {"action":"pass","conn-limit":{"interval":5,"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-279
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-279
+ inet/filter/limit-279 -m recent --name limit-279 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-279 -m recent --name limit-279 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-279
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-279
- inet/filter/limit-279 -m recent --name limit-279 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-279 -m recent --name limit-279 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-279 -m recent --name limit-279 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-279 -m recent --name limit-279 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 281 {"conn-limit":{"interval":5,"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-280
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-280
+ inet/filter/limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-280
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-280
- inet/filter/limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-280 -m recent --name limit-280 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-280 -m recent --name limit-280 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-280 -m recent --name limit-280 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 282 {"action":"pass","conn-limit":{"interval":5,"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-281
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-281
+ inet/filter/limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-281
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-281
- inet/filter/limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-281 -m recent --name limit-281 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-281 -m recent --name limit-281 --rsource --mask 255.255.255.255 --set
inet6/filter/limit-281 -m recent --name limit-281 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 283 {"conn-limit":{"interval":5,"log":"none","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-282
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-282
+ inet/filter/limit-282 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-282 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-282
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-282
- inet/filter/limit-282 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-282 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-282 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-282 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 284 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-283
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-283
+ inet/filter/limit-283 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-283 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-283
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-283
- inet/filter/limit-283 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-283 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-283 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/limit-283 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 285 {"conn-limit":{"interval":5,"log":"none","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-284
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-284
+ inet/filter/limit-284 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-284 -m limit --limit 1/second -j LOG
+ inet/filter/limit-284 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-284
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-284
- inet/filter/limit-284 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-284 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-284 -m limit --limit 1/second -j LOG
inet6/filter/limit-284 -m limit --limit 1/second -j LOG
- inet/filter/limit-284 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-284 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 286 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-285
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-285
+ inet/filter/limit-285 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-285 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-285
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-285
- inet/filter/limit-285 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-285 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-285 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-285 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 287 {"conn-limit":{"interval":5,"log":"none","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-286
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-286
+ inet/filter/limit-286 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-286 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-286
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-286
- inet/filter/limit-286 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-286 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-286 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-286 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 288 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-287
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-287
+ inet/filter/limit-287 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-287 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-287
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-287
- inet/filter/limit-287 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-287 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-287 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/limit-287 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 289 {"conn-limit":{"interval":5,"log":"none","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-288
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-288
+ inet/filter/limit-288 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-288 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-288
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-288
- inet/filter/limit-288 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-288 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-288 -j ACCEPT
inet6/filter/limit-288 -j ACCEPT
Filter 290 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-289
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-289
+ inet/filter/limit-289 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-289
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-289
- inet/filter/limit-289 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-289 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 291 {"conn-limit":{"interval":5,"log":"none","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-290
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-290
+ inet/filter/limit-290 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-290 -m limit --limit 1/second -j LOG
+ inet/filter/limit-290 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-290
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-290
- inet/filter/limit-290 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-290 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-290 -m limit --limit 1/second -j LOG
inet6/filter/limit-290 -m limit --limit 1/second -j LOG
- inet/filter/limit-290 -j ACCEPT
inet6/filter/limit-290 -j ACCEPT
Filter 292 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-291
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-291
+ inet/filter/limit-291 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-291 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-291
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-291
- inet/filter/limit-291 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-291 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-291 -m limit --limit 1/second -j LOG
inet6/filter/limit-291 -m limit --limit 1/second -j LOG
Filter 293 {"conn-limit":{"interval":5,"log":"none","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-292
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-292
+ inet/filter/limit-292 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-292 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-292
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-292
- inet/filter/limit-292 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-292 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-292 -j ACCEPT
inet6/filter/limit-292 -j ACCEPT
Filter 294 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-293
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-293
+ inet/filter/limit-293 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-293
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-293
- inet/filter/limit-293 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-293 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 295 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-294
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-294
+ inet/filter/limit-294 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-294 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-294
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-294
- inet/filter/limit-294 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-294 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-294 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-294 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 296 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-295
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-295
+ inet/filter/limit-295 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-295 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-295
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-295
- inet/filter/limit-295 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-295 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-295 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/limit-295 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 297 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-296
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-296
+ inet/filter/limit-296 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-296 -m limit --limit 1/second -j LOG
+ inet/filter/limit-296 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-296
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-296
- inet/filter/limit-296 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-296 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-296 -m limit --limit 1/second -j LOG
inet6/filter/limit-296 -m limit --limit 1/second -j LOG
- inet/filter/limit-296 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-296 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 298 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-297
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-297
+ inet/filter/limit-297 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-297 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-297
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-297
- inet/filter/limit-297 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-297 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-297 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-297 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 299 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-298
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-298
+ inet/filter/limit-298 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-298 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-298
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-298
- inet/filter/limit-298 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-298 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-298 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-298 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 300 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-299
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-299
+ inet/filter/limit-299 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-299 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-299
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-299
- inet/filter/limit-299 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-299 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-299 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/limit-299 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 301 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-300
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-300
+ inet/filter/limit-300 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-300 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-300
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-300
- inet/filter/limit-300 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-300 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-300 -j ACCEPT
inet6/filter/limit-300 -j ACCEPT
Filter 302 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-301
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-301
+ inet/filter/limit-301 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-301
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-301
- inet/filter/limit-301 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-301 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 303 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-302
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-302
+ inet/filter/limit-302 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-302 -m limit --limit 1/second -j LOG
+ inet/filter/limit-302 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-302
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-302
- inet/filter/limit-302 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-302 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-302 -m limit --limit 1/second -j LOG
inet6/filter/limit-302 -m limit --limit 1/second -j LOG
- inet/filter/limit-302 -j ACCEPT
inet6/filter/limit-302 -j ACCEPT
Filter 304 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-303
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-303
+ inet/filter/limit-303 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-303 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-303
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-303
- inet/filter/limit-303 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-303 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-303 -m limit --limit 1/second -j LOG
inet6/filter/limit-303 -m limit --limit 1/second -j LOG
Filter 305 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-304
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-304
+ inet/filter/limit-304 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-304 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-304
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-304
- inet/filter/limit-304 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-304 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-304 -j ACCEPT
inet6/filter/limit-304 -j ACCEPT
Filter 306 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-305
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-305
+ inet/filter/limit-305 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-305
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-305
- inet/filter/limit-305 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-305 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 307 {"conn-limit":{"interval":5,"log":"none","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-306
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-306
+ inet/filter/limit-306 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-306 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-306
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-306
- inet/filter/limit-306 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-306 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-306 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-306 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 308 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-307
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-307
+ inet/filter/limit-307 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-307 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-307
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-307
- inet/filter/limit-307 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-307 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-307 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/limit-307 -m recent --name user:C --rsource --mask fe00:: --set
Filter 309 {"conn-limit":{"interval":5,"log":"none","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-308
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-308
+ inet/filter/limit-308 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-308 -m limit --limit 1/second -j LOG
+ inet/filter/limit-308 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-308
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-308
- inet/filter/limit-308 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-308 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-308 -m limit --limit 1/second -j LOG
inet6/filter/limit-308 -m limit --limit 1/second -j LOG
- inet/filter/limit-308 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-308 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 310 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-309
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-309
+ inet/filter/limit-309 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-309 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-309
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-309
- inet/filter/limit-309 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-309 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-309 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-309 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 311 {"conn-limit":{"interval":5,"log":"none","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-310
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-310
+ inet/filter/limit-310 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-310 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-310
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-310
- inet/filter/limit-310 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-310 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-310 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-310 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 312 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-311
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-311
+ inet/filter/limit-311 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-311 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-311
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-311
- inet/filter/limit-311 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-311 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-311 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/limit-311 -m recent --name user:C --rsource --mask fe00:: --set
Filter 313 {"conn-limit":{"interval":5,"log":"none","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-312
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-312
+ inet/filter/limit-312 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-312 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-312
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-312
- inet/filter/limit-312 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-312 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-312 -j ACCEPT
inet6/filter/limit-312 -j ACCEPT
Filter 314 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-313
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-313
+ inet/filter/limit-313 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-313
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-313
- inet/filter/limit-313 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-313 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 315 {"conn-limit":{"interval":5,"log":"none","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-314
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-314
+ inet/filter/limit-314 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-314 -m limit --limit 1/second -j LOG
+ inet/filter/limit-314 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-314
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-314
- inet/filter/limit-314 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-314 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-314 -m limit --limit 1/second -j LOG
inet6/filter/limit-314 -m limit --limit 1/second -j LOG
- inet/filter/limit-314 -j ACCEPT
inet6/filter/limit-314 -j ACCEPT
Filter 316 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-315
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-315
+ inet/filter/limit-315 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-315 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-315
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-315
- inet/filter/limit-315 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-315 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-315 -m limit --limit 1/second -j LOG
inet6/filter/limit-315 -m limit --limit 1/second -j LOG
Filter 317 {"conn-limit":{"interval":5,"log":"none","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-316
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-316
+ inet/filter/limit-316 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-316 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-316
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-316
- inet/filter/limit-316 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-316 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-316 -j ACCEPT
inet6/filter/limit-316 -j ACCEPT
Filter 318 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-317
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-317
+ inet/filter/limit-317 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-317
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-317
- inet/filter/limit-317 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-317 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 319 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-318
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-318
+ inet/filter/limit-318 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-318 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-318
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-318
- inet/filter/limit-318 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-318 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-318 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-318 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 320 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-319
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-319
+ inet/filter/limit-319 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-319 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-319
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-319
- inet/filter/limit-319 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-319 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-319 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/limit-319 -m recent --name user:C --rdest --mask fe00:: --set
Filter 321 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-320
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-320
+ inet/filter/limit-320 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-320 -m limit --limit 1/second -j LOG
+ inet/filter/limit-320 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-320
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-320
- inet/filter/limit-320 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-320 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-320 -m limit --limit 1/second -j LOG
inet6/filter/limit-320 -m limit --limit 1/second -j LOG
- inet/filter/limit-320 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-320 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 322 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-321
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-321
+ inet/filter/limit-321 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-321 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-321
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-321
- inet/filter/limit-321 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-321 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-321 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet6/filter/limit-321 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 323 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-322
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-322
+ inet/filter/limit-322 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-322 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-322
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-322
- inet/filter/limit-322 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-322 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-322 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-322 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 324 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-323
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-323
+ inet/filter/limit-323 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-323 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-323
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-323
- inet/filter/limit-323 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-323 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-323 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet6/filter/limit-323 -m recent --name user:C --rdest --mask fe00:: --set
Filter 325 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-324
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-324
+ inet/filter/limit-324 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-324 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-324
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-324
- inet/filter/limit-324 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-324 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-324 -j ACCEPT
inet6/filter/limit-324 -j ACCEPT
Filter 326 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-325
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-325
+ inet/filter/limit-325 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-325
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-325
- inet/filter/limit-325 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-325 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 327 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-326
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-326
+ inet/filter/limit-326 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-326 -m limit --limit 1/second -j LOG
+ inet/filter/limit-326 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-326
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-326
- inet/filter/limit-326 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-326 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-326 -m limit --limit 1/second -j LOG
inet6/filter/limit-326 -m limit --limit 1/second -j LOG
- inet/filter/limit-326 -j ACCEPT
inet6/filter/limit-326 -j ACCEPT
Filter 328 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-327
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-327
+ inet/filter/limit-327 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-327 -m limit --limit 1/second -j LOG
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-327
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-327
- inet/filter/limit-327 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-327 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-327 -m limit --limit 1/second -j LOG
inet6/filter/limit-327 -m limit --limit 1/second -j LOG
Filter 329 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-328
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-328
+ inet/filter/limit-328 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet/filter/limit-328 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-328
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-328
- inet/filter/limit-328 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-328 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/limit-328 -j ACCEPT
inet6/filter/limit-328 -j ACCEPT
Filter 330 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-329
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-329
+ inet/filter/limit-329 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-329
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-329
- inet/filter/limit-329 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-329 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 331 {"conn-limit":150,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-330
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-330
+ inet/filter/limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-330 -j ACCEPT
+ inet/filter/limit-330 -m limit --limit 1/second -j LOG
+ inet/filter/limit-330 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-330
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-330
- inet/filter/limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-330 -j ACCEPT
inet6/filter/limit-330 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-330 -j ACCEPT
- inet/filter/limit-330 -m limit --limit 1/second -j LOG
inet6/filter/limit-330 -m limit --limit 1/second -j LOG
- inet/filter/limit-330 -j DROP
inet6/filter/limit-330 -j DROP
Filter 332 {"action":"pass","conn-limit":150,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-331
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-331
+ inet/filter/limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-331 -j RETURN
+ inet/filter/limit-331 -m limit --limit 1/second -j LOG
+ inet/filter/limit-331 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-331
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-331
- inet/filter/limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-331 -j RETURN
inet6/filter/limit-331 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-331 -j RETURN
- inet/filter/limit-331 -m limit --limit 1/second -j LOG
inet6/filter/limit-331 -m limit --limit 1/second -j LOG
- inet/filter/limit-331 -j DROP
inet6/filter/limit-331 -j DROP
Filter 333 {"conn-limit":150,"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-332
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-332
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-332
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-332
inet/filter/limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-332 -j logaccept-0
- inet6/filter/limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-332 -j logaccept-0
+ inet/filter/limit-332 -m limit --limit 1/second -j LOG
+ inet/filter/limit-332 -j DROP
inet/filter/logaccept-0 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG
inet/filter/logaccept-0 -j ACCEPT
- inet6/filter/logaccept-0 -j ACCEPT
- inet/filter/limit-332 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-332
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-332
+ inet6/filter/limit-332 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-332 -j logaccept-0
inet6/filter/limit-332 -m limit --limit 1/second -j LOG
- inet/filter/limit-332 -j DROP
inet6/filter/limit-332 -j DROP
+ inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-0 -j ACCEPT
Filter 334 {"conn-limit":150,"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-333
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-333
+ inet/filter/limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-333 -j ACCEPT
+ inet/filter/limit-333 -m limit --limit 1/second -j LOG
+ inet/filter/limit-333 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-333
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-333
- inet/filter/limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-333 -j ACCEPT
inet6/filter/limit-333 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-333 -j ACCEPT
- inet/filter/limit-333 -m limit --limit 1/second -j LOG
inet6/filter/limit-333 -m limit --limit 1/second -j LOG
- inet/filter/limit-333 -j DROP
inet6/filter/limit-333 -j DROP
Filter 335 {"conn-limit":{"count":150},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-334
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-334
+ inet/filter/limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-334 -j ACCEPT
+ inet/filter/limit-334 -m limit --limit 1/second -j LOG
+ inet/filter/limit-334 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-334
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-334
- inet/filter/limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-334 -j ACCEPT
inet6/filter/limit-334 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-334 -j ACCEPT
- inet/filter/limit-334 -m limit --limit 1/second -j LOG
inet6/filter/limit-334 -m limit --limit 1/second -j LOG
- inet/filter/limit-334 -j DROP
inet6/filter/limit-334 -j DROP
Filter 336 {"action":"pass","conn-limit":{"count":150},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-335
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-335
+ inet/filter/limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-335 -j RETURN
+ inet/filter/limit-335 -m limit --limit 1/second -j LOG
+ inet/filter/limit-335 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-335
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-335
- inet/filter/limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-335 -j RETURN
inet6/filter/limit-335 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-335 -j RETURN
- inet/filter/limit-335 -m limit --limit 1/second -j LOG
inet6/filter/limit-335 -m limit --limit 1/second -j LOG
- inet/filter/limit-335 -j DROP
inet6/filter/limit-335 -j DROP
Filter 337 {"conn-limit":{"count":150},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-336
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-336
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-336
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-336
inet/filter/limit-336 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-336 -j logaccept-1
- inet6/filter/limit-336 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-336 -j logaccept-1
+ inet/filter/limit-336 -m limit --limit 1/second -j LOG
+ inet/filter/limit-336 -j DROP
inet/filter/logaccept-1 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG
inet/filter/logaccept-1 -j ACCEPT
- inet6/filter/logaccept-1 -j ACCEPT
- inet/filter/limit-336 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-336
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-336
+ inet6/filter/limit-336 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-336 -j logaccept-1
inet6/filter/limit-336 -m limit --limit 1/second -j LOG
- inet/filter/limit-336 -j DROP
inet6/filter/limit-336 -j DROP
+ inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-1 -j ACCEPT
Filter 338 {"conn-limit":{"count":150},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-337
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-337
+ inet/filter/limit-337 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-337 -j ACCEPT
+ inet/filter/limit-337 -m limit --limit 1/second -j LOG
+ inet/filter/limit-337 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-337
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-337
- inet/filter/limit-337 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-337 -j ACCEPT
inet6/filter/limit-337 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-337 -j ACCEPT
- inet/filter/limit-337 -m limit --limit 1/second -j LOG
inet6/filter/limit-337 -m limit --limit 1/second -j LOG
- inet/filter/limit-337 -j DROP
inet6/filter/limit-337 -j DROP
Filter 339 {"conn-limit":{"count":150,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-338
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-338
+ inet/filter/limit-338 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-338 -j ACCEPT
+ inet/filter/limit-338 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-338
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-338
- inet/filter/limit-338 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-338 -j ACCEPT
inet6/filter/limit-338 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-338 -j ACCEPT
- inet/filter/limit-338 -j DROP
inet6/filter/limit-338 -j DROP
Filter 340 {"action":"pass","conn-limit":{"count":150,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-339
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-339
+ inet/filter/limit-339 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-339 -j RETURN
+ inet/filter/limit-339 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-339
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-339
- inet/filter/limit-339 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-339 -j RETURN
inet6/filter/limit-339 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-339 -j RETURN
- inet/filter/limit-339 -j DROP
inet6/filter/limit-339 -j DROP
Filter 341 {"conn-limit":{"count":150,"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-340
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-340
+ inet/filter/limit-340 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-340 -j logaccept-2
+ inet/filter/limit-340 -j DROP
+ inet/filter/logaccept-2 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-2 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-340
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-340
- inet/filter/limit-340 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-340 -j logaccept-2
inet6/filter/limit-340 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-340 -j logaccept-2
- inet/filter/logaccept-2 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-340 -j DROP
inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-2 -j ACCEPT
inet6/filter/logaccept-2 -j ACCEPT
- inet/filter/limit-340 -j DROP
- inet6/filter/limit-340 -j DROP
Filter 342 {"conn-limit":{"count":150,"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-341
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-341
+ inet/filter/limit-341 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-341 -j ACCEPT
+ inet/filter/limit-341 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-341
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-341
- inet/filter/limit-341 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-341 -j ACCEPT
inet6/filter/limit-341 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-341 -j ACCEPT
- inet/filter/limit-341 -j DROP
inet6/filter/limit-341 -j DROP
Filter 343 {"conn-limit":{"count":150,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-342
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-342
+ inet/filter/limit-342 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-342 -j ACCEPT
+ inet/filter/limit-342 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-342
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-342
- inet/filter/limit-342 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-342 -j ACCEPT
inet6/filter/limit-342 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-342 -j ACCEPT
- inet/filter/limit-342 -j DROP
inet6/filter/limit-342 -j DROP
Filter 344 {"action":"pass","conn-limit":{"count":150,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-343
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-343
+ inet/filter/limit-343 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-343 -j RETURN
+ inet/filter/limit-343 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-343
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-343
- inet/filter/limit-343 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-343 -j RETURN
inet6/filter/limit-343 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-343 -j RETURN
- inet/filter/limit-343 -j DROP
inet6/filter/limit-343 -j DROP
Filter 345 {"conn-limit":{"count":150,"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-344
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-344
+ inet/filter/limit-344 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-344 -j logaccept-3
+ inet/filter/limit-344 -j DROP
+ inet/filter/logaccept-3 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-3 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-344
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-344
- inet/filter/limit-344 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-344 -j logaccept-3
inet6/filter/limit-344 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-344 -j logaccept-3
- inet/filter/logaccept-3 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-344 -j DROP
inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-3 -j ACCEPT
inet6/filter/logaccept-3 -j ACCEPT
- inet/filter/limit-344 -j DROP
- inet6/filter/limit-344 -j DROP
Filter 346 {"conn-limit":{"count":150,"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-345
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-345
+ inet/filter/limit-345 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-345 -j ACCEPT
+ inet/filter/limit-345 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-345
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-345
- inet/filter/limit-345 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-345 -j ACCEPT
inet6/filter/limit-345 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-345 -j ACCEPT
- inet/filter/limit-345 -j DROP
inet6/filter/limit-345 -j DROP
Filter 347 {"conn-limit":{"count":150,"interval":5},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-346
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-346
+ inet/filter/limit-346 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-346 -j ACCEPT
+ inet/filter/limit-346 -m limit --limit 1/second -j LOG
+ inet/filter/limit-346 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-346
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-346
- inet/filter/limit-346 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-346 -j ACCEPT
inet6/filter/limit-346 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-346 -j ACCEPT
- inet/filter/limit-346 -m limit --limit 1/second -j LOG
inet6/filter/limit-346 -m limit --limit 1/second -j LOG
- inet/filter/limit-346 -j DROP
inet6/filter/limit-346 -j DROP
Filter 348 {"action":"pass","conn-limit":{"count":150,"interval":5},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-347
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-347
+ inet/filter/limit-347 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-347 -j RETURN
+ inet/filter/limit-347 -m limit --limit 1/second -j LOG
+ inet/filter/limit-347 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-347
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-347
- inet/filter/limit-347 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-347 -j RETURN
inet6/filter/limit-347 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-347 -j RETURN
- inet/filter/limit-347 -m limit --limit 1/second -j LOG
inet6/filter/limit-347 -m limit --limit 1/second -j LOG
- inet/filter/limit-347 -j DROP
inet6/filter/limit-347 -j DROP
Filter 349 {"conn-limit":{"count":150,"interval":5},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-348
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-348
- inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-348
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-348
inet/filter/limit-348 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-348 -j logaccept-4
- inet6/filter/limit-348 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-348 -j logaccept-4
+ inet/filter/limit-348 -m limit --limit 1/second -j LOG
+ inet/filter/limit-348 -j DROP
inet/filter/logaccept-4 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG
inet/filter/logaccept-4 -j ACCEPT
- inet6/filter/logaccept-4 -j ACCEPT
- inet/filter/limit-348 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-348
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-348
+ inet6/filter/limit-348 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-348 -j logaccept-4
inet6/filter/limit-348 -m limit --limit 1/second -j LOG
- inet/filter/limit-348 -j DROP
inet6/filter/limit-348 -j DROP
+ inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-4 -j ACCEPT
Filter 350 {"conn-limit":{"count":150,"interval":5},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-349
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-349
+ inet/filter/limit-349 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-349 -j ACCEPT
+ inet/filter/limit-349 -m limit --limit 1/second -j LOG
+ inet/filter/limit-349 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-349
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-349
- inet/filter/limit-349 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-349 -j ACCEPT
inet6/filter/limit-349 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-349 -j ACCEPT
- inet/filter/limit-349 -m limit --limit 1/second -j LOG
inet6/filter/limit-349 -m limit --limit 1/second -j LOG
- inet/filter/limit-349 -j DROP
inet6/filter/limit-349 -j DROP
Filter 351 {"conn-limit":{"count":150,"interval":5,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-350
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-350
+ inet/filter/limit-350 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-350 -j ACCEPT
+ inet/filter/limit-350 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-350
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-350
- inet/filter/limit-350 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-350 -j ACCEPT
inet6/filter/limit-350 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-350 -j ACCEPT
- inet/filter/limit-350 -j DROP
inet6/filter/limit-350 -j DROP
Filter 352 {"action":"pass","conn-limit":{"count":150,"interval":5,"log":false},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-351
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-351
+ inet/filter/limit-351 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-351 -j RETURN
+ inet/filter/limit-351 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-351
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-351
- inet/filter/limit-351 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-351 -j RETURN
inet6/filter/limit-351 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-351 -j RETURN
- inet/filter/limit-351 -j DROP
inet6/filter/limit-351 -j DROP
Filter 353 {"conn-limit":{"count":150,"interval":5,"log":false},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-352
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-352
+ inet/filter/limit-352 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-352 -j logaccept-5
+ inet/filter/limit-352 -j DROP
+ inet/filter/logaccept-5 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-5 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-352
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-352
- inet/filter/limit-352 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-352 -j logaccept-5
inet6/filter/limit-352 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-352 -j logaccept-5
- inet/filter/logaccept-5 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-352 -j DROP
inet6/filter/logaccept-5 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-5 -j ACCEPT
inet6/filter/logaccept-5 -j ACCEPT
- inet/filter/limit-352 -j DROP
- inet6/filter/limit-352 -j DROP
Filter 354 {"conn-limit":{"count":150,"interval":5,"log":false},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-353
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-353
+ inet/filter/limit-353 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-353 -j ACCEPT
+ inet/filter/limit-353 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-353
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-353
- inet/filter/limit-353 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-353 -j ACCEPT
inet6/filter/limit-353 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-353 -j ACCEPT
- inet/filter/limit-353 -j DROP
inet6/filter/limit-353 -j DROP
Filter 355 {"conn-limit":{"count":150,"interval":5,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-354
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-354
+ inet/filter/limit-354 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-354 -j ACCEPT
+ inet/filter/limit-354 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-354
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-354
- inet/filter/limit-354 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-354 -j ACCEPT
inet6/filter/limit-354 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-354 -j ACCEPT
- inet/filter/limit-354 -j DROP
inet6/filter/limit-354 -j DROP
Filter 356 {"action":"pass","conn-limit":{"count":150,"interval":5,"log":"none"},"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-355
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-355
+ inet/filter/limit-355 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-355 -j RETURN
+ inet/filter/limit-355 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-355
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-355
- inet/filter/limit-355 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-355 -j RETURN
inet6/filter/limit-355 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-355 -j RETURN
- inet/filter/limit-355 -j DROP
inet6/filter/limit-355 -j DROP
Filter 357 {"conn-limit":{"count":150,"interval":5,"log":"none"},"log":true,"out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-356
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-356
+ inet/filter/limit-356 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-356 -j logaccept-6
+ inet/filter/limit-356 -j DROP
+ inet/filter/logaccept-6 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-6 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-356
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-356
- inet/filter/limit-356 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-356 -j logaccept-6
inet6/filter/limit-356 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-356 -j logaccept-6
- inet/filter/logaccept-6 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-356 -j DROP
inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-6 -j ACCEPT
inet6/filter/logaccept-6 -j ACCEPT
- inet/filter/limit-356 -j DROP
- inet6/filter/limit-356 -j DROP
Filter 358 {"conn-limit":{"count":150,"interval":5,"log":"none"},"log":"none","out":"B"}
(filter-limit)
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-357
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-357
+ inet/filter/limit-357 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-357 -j ACCEPT
+ inet/filter/limit-357 -j DROP
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-357
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-357
- inet/filter/limit-357 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-357 -j ACCEPT
inet6/filter/limit-357 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-357 -j ACCEPT
- inet/filter/limit-357 -j DROP
inet6/filter/limit-357 -j DROP
Filter 359 {"conn-limit":1,"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-358
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-358
inet/filter/limit-358 -m recent --name limit-358 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-114
- inet6/filter/limit-358 -m recent --name limit-358 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-114
+ inet/filter/limit-358 -m recent --name limit-358 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-114 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-114 -m limit --limit 1/second -j LOG
inet/filter/logdrop-114 -j DROP
- inet6/filter/logdrop-114 -j DROP
- inet/filter/limit-358 -m recent --name limit-358 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-358
+ inet6/filter/limit-358 -m recent --name limit-358 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-114
inet6/filter/limit-358 -m recent --name limit-358 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-114 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-114 -j DROP
Filter 360 {"action":"pass","conn-limit":1,"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-359
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-359
inet/filter/limit-359 -m recent --name limit-359 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-115
- inet6/filter/limit-359 -m recent --name limit-359 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-115
+ inet/filter/limit-359 -m recent --name limit-359 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-115 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-115 -m limit --limit 1/second -j LOG
inet/filter/logdrop-115 -j DROP
- inet6/filter/logdrop-115 -j DROP
- inet/filter/limit-359 -m recent --name limit-359 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-359
+ inet6/filter/limit-359 -m recent --name limit-359 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-115
inet6/filter/limit-359 -m recent --name limit-359 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-115 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-115 -j DROP
Filter 361 {"conn-limit":1,"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-360
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-360
inet/filter/limit-360 -m recent --name limit-360 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-116
- inet6/filter/limit-360 -m recent --name limit-360 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-116
+ inet/filter/limit-360 -m limit --limit 1/second -j LOG
+ inet/filter/limit-360 -m recent --name limit-360 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-116 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-116 -m limit --limit 1/second -j LOG
inet/filter/logdrop-116 -j DROP
- inet6/filter/logdrop-116 -j DROP
- inet/filter/limit-360 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-360
+ inet6/filter/limit-360 -m recent --name limit-360 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-116
inet6/filter/limit-360 -m limit --limit 1/second -j LOG
- inet/filter/limit-360 -m recent --name limit-360 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-360 -m recent --name limit-360 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-116 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-116 -j DROP
Filter 362 {"action":"pass","conn-limit":1,"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-361
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-361
inet/filter/limit-361 -m recent --name limit-361 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-117
- inet6/filter/limit-361 -m recent --name limit-361 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-117
+ inet/filter/limit-361 -m recent --name limit-361 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-117 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-117 -m limit --limit 1/second -j LOG
inet/filter/logdrop-117 -j DROP
- inet6/filter/logdrop-117 -j DROP
- inet/filter/limit-361 -m recent --name limit-361 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-361
+ inet6/filter/limit-361 -m recent --name limit-361 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-117
inet6/filter/limit-361 -m recent --name limit-361 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-117 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-117 -j DROP
Filter 363 {"conn-limit":1,"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-362
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-362
inet/filter/limit-362 -m recent --name limit-362 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-118
- inet6/filter/limit-362 -m recent --name limit-362 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-118
+ inet/filter/limit-362 -m recent --name limit-362 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-118 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-118 -m limit --limit 1/second -j LOG
inet/filter/logdrop-118 -j DROP
- inet6/filter/logdrop-118 -j DROP
- inet/filter/limit-362 -m recent --name limit-362 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-362
+ inet6/filter/limit-362 -m recent --name limit-362 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-118
inet6/filter/limit-362 -m recent --name limit-362 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-118 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-118 -j DROP
Filter 364 {"action":"pass","conn-limit":1,"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-363
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-363
inet/filter/limit-363 -m recent --name limit-363 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-119
- inet6/filter/limit-363 -m recent --name limit-363 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-119
+ inet/filter/limit-363 -m recent --name limit-363 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-119 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-119 -m limit --limit 1/second -j LOG
inet/filter/logdrop-119 -j DROP
- inet6/filter/logdrop-119 -j DROP
- inet/filter/limit-363 -m recent --name limit-363 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-363
+ inet6/filter/limit-363 -m recent --name limit-363 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-119
inet6/filter/limit-363 -m recent --name limit-363 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-119 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-119 -j DROP
Filter 365 {"conn-limit":{},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-364
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-364
inet/filter/limit-364 -m recent --name limit-364 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-120
- inet6/filter/limit-364 -m recent --name limit-364 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-120
+ inet/filter/limit-364 -m recent --name limit-364 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-120 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-120 -m limit --limit 1/second -j LOG
inet/filter/logdrop-120 -j DROP
- inet6/filter/logdrop-120 -j DROP
- inet/filter/limit-364 -m recent --name limit-364 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-364
+ inet6/filter/limit-364 -m recent --name limit-364 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-120
inet6/filter/limit-364 -m recent --name limit-364 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-120 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-120 -j DROP
Filter 366 {"action":"pass","conn-limit":{},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-365
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-365
inet/filter/limit-365 -m recent --name limit-365 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-121
- inet6/filter/limit-365 -m recent --name limit-365 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-121
+ inet/filter/limit-365 -m recent --name limit-365 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-121 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-121 -m limit --limit 1/second -j LOG
inet/filter/logdrop-121 -j DROP
- inet6/filter/logdrop-121 -j DROP
- inet/filter/limit-365 -m recent --name limit-365 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-365
+ inet6/filter/limit-365 -m recent --name limit-365 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-121
inet6/filter/limit-365 -m recent --name limit-365 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-121 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-121 -j DROP
Filter 367 {"conn-limit":{},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-366
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-366
inet/filter/limit-366 -m recent --name limit-366 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-122
- inet6/filter/limit-366 -m recent --name limit-366 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-122
+ inet/filter/limit-366 -m limit --limit 1/second -j LOG
+ inet/filter/limit-366 -m recent --name limit-366 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-122 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-122 -m limit --limit 1/second -j LOG
inet/filter/logdrop-122 -j DROP
- inet6/filter/logdrop-122 -j DROP
- inet/filter/limit-366 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-366
+ inet6/filter/limit-366 -m recent --name limit-366 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-122
inet6/filter/limit-366 -m limit --limit 1/second -j LOG
- inet/filter/limit-366 -m recent --name limit-366 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-366 -m recent --name limit-366 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-122 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-122 -j DROP
Filter 368 {"action":"pass","conn-limit":{},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-367
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-367
inet/filter/limit-367 -m recent --name limit-367 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-123
- inet6/filter/limit-367 -m recent --name limit-367 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-123
+ inet/filter/limit-367 -m recent --name limit-367 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-123 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-123 -m limit --limit 1/second -j LOG
inet/filter/logdrop-123 -j DROP
- inet6/filter/logdrop-123 -j DROP
- inet/filter/limit-367 -m recent --name limit-367 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-367
+ inet6/filter/limit-367 -m recent --name limit-367 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-123
inet6/filter/limit-367 -m recent --name limit-367 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-123 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-123 -j DROP
Filter 369 {"conn-limit":{},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-368
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-368
inet/filter/limit-368 -m recent --name limit-368 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-124
- inet6/filter/limit-368 -m recent --name limit-368 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-124
+ inet/filter/limit-368 -m recent --name limit-368 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-124 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-124 -m limit --limit 1/second -j LOG
inet/filter/logdrop-124 -j DROP
- inet6/filter/logdrop-124 -j DROP
- inet/filter/limit-368 -m recent --name limit-368 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-368
+ inet6/filter/limit-368 -m recent --name limit-368 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-124
inet6/filter/limit-368 -m recent --name limit-368 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-124 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-124 -j DROP
Filter 370 {"action":"pass","conn-limit":{},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-369
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-369
inet/filter/limit-369 -m recent --name limit-369 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-125
- inet6/filter/limit-369 -m recent --name limit-369 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-125
+ inet/filter/limit-369 -m recent --name limit-369 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-125 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-125 -m limit --limit 1/second -j LOG
inet/filter/logdrop-125 -j DROP
- inet6/filter/logdrop-125 -j DROP
- inet/filter/limit-369 -m recent --name limit-369 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-369
+ inet6/filter/limit-369 -m recent --name limit-369 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-125
inet6/filter/limit-369 -m recent --name limit-369 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-125 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-125 -j DROP
Filter 371 {"conn-limit":{"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-370
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-370
inet/filter/limit-370 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-126
- inet6/filter/limit-370 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-126
+ inet/filter/limit-370 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-126 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-126 -m limit --limit 1/second -j LOG
inet/filter/logdrop-126 -j DROP
- inet6/filter/logdrop-126 -j DROP
- inet/filter/limit-370 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-370
+ inet6/filter/limit-370 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-126
inet6/filter/limit-370 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-126 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-126 -j DROP
Filter 372 {"action":"pass","conn-limit":{"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-371
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-371
inet/filter/limit-371 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-127
- inet6/filter/limit-371 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-127
+ inet/filter/limit-371 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-127 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-127 -m limit --limit 1/second -j LOG
inet/filter/logdrop-127 -j DROP
- inet6/filter/logdrop-127 -j DROP
- inet/filter/limit-371 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-371
+ inet6/filter/limit-371 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-127
inet6/filter/limit-371 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-127 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-127 -j DROP
Filter 373 {"conn-limit":{"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-372
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-372
inet/filter/limit-372 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-128
- inet6/filter/limit-372 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-128
+ inet/filter/limit-372 -m limit --limit 1/second -j LOG
+ inet/filter/limit-372 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-128 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-128 -m limit --limit 1/second -j LOG
inet/filter/logdrop-128 -j DROP
- inet6/filter/logdrop-128 -j DROP
- inet/filter/limit-372 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-372
+ inet6/filter/limit-372 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-128
inet6/filter/limit-372 -m limit --limit 1/second -j LOG
- inet/filter/limit-372 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-372 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-128 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-128 -j DROP
Filter 374 {"action":"pass","conn-limit":{"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-373
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-373
inet/filter/limit-373 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-129
- inet6/filter/limit-373 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-129
+ inet/filter/limit-373 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-129 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-129 -m limit --limit 1/second -j LOG
inet/filter/logdrop-129 -j DROP
- inet6/filter/logdrop-129 -j DROP
- inet/filter/limit-373 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-373
+ inet6/filter/limit-373 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-129
inet6/filter/limit-373 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-129 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-129 -j DROP
Filter 375 {"conn-limit":{"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-374
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-374
inet/filter/limit-374 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-130
- inet6/filter/limit-374 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-130
+ inet/filter/limit-374 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-130 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-130 -m limit --limit 1/second -j LOG
inet/filter/logdrop-130 -j DROP
- inet6/filter/logdrop-130 -j DROP
- inet/filter/limit-374 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-374
+ inet6/filter/limit-374 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-130
inet6/filter/limit-374 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-130 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-130 -j DROP
Filter 376 {"action":"pass","conn-limit":{"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-375
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-375
inet/filter/limit-375 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-131
- inet6/filter/limit-375 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-131
+ inet/filter/limit-375 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-131 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-131 -m limit --limit 1/second -j LOG
inet/filter/logdrop-131 -j DROP
- inet6/filter/logdrop-131 -j DROP
- inet/filter/limit-375 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-375
+ inet6/filter/limit-375 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-131
inet6/filter/limit-375 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-131 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-131 -j DROP
Filter 377 {"conn-limit":{"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-376
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-376
inet/filter/limit-376 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-132
- inet6/filter/limit-376 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-132
+ inet/filter/limit-376 -j ACCEPT
inet/filter/logdrop-132 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-132 -m limit --limit 1/second -j LOG
inet/filter/logdrop-132 -j DROP
- inet6/filter/logdrop-132 -j DROP
- inet/filter/limit-376 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-376
+ inet6/filter/limit-376 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-132
inet6/filter/limit-376 -j ACCEPT
+ inet6/filter/logdrop-132 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-132 -j DROP
Filter 378 {"action":"pass","conn-limit":{"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-133
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-133
inet/filter/logdrop-133 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-133 -m limit --limit 1/second -j LOG
inet/filter/logdrop-133 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-133
+ inet6/filter/logdrop-133 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-133 -j DROP
Filter 379 {"conn-limit":{"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-378
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-378
inet/filter/limit-378 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-134
- inet6/filter/limit-378 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-134
+ inet/filter/limit-378 -m limit --limit 1/second -j LOG
+ inet/filter/limit-378 -j ACCEPT
inet/filter/logdrop-134 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-134 -m limit --limit 1/second -j LOG
inet/filter/logdrop-134 -j DROP
- inet6/filter/logdrop-134 -j DROP
- inet/filter/limit-378 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-378
+ inet6/filter/limit-378 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-134
inet6/filter/limit-378 -m limit --limit 1/second -j LOG
- inet/filter/limit-378 -j ACCEPT
inet6/filter/limit-378 -j ACCEPT
+ inet6/filter/logdrop-134 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-134 -j DROP
Filter 380 {"action":"pass","conn-limit":{"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-379
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-379
inet/filter/limit-379 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-135
- inet6/filter/limit-379 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-135
+ inet/filter/limit-379 -m limit --limit 1/second -j LOG
inet/filter/logdrop-135 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-135 -m limit --limit 1/second -j LOG
inet/filter/logdrop-135 -j DROP
- inet6/filter/logdrop-135 -j DROP
- inet/filter/limit-379 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-379
+ inet6/filter/limit-379 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-135
inet6/filter/limit-379 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-135 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-135 -j DROP
Filter 381 {"conn-limit":{"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-380
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-380
inet/filter/limit-380 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-136
- inet6/filter/limit-380 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-136
+ inet/filter/limit-380 -j ACCEPT
inet/filter/logdrop-136 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-136 -m limit --limit 1/second -j LOG
inet/filter/logdrop-136 -j DROP
- inet6/filter/logdrop-136 -j DROP
- inet/filter/limit-380 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-380
+ inet6/filter/limit-380 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-136
inet6/filter/limit-380 -j ACCEPT
+ inet6/filter/logdrop-136 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-136 -j DROP
Filter 382 {"action":"pass","conn-limit":{"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-137
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-137
inet/filter/logdrop-137 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-137 -m limit --limit 1/second -j LOG
inet/filter/logdrop-137 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-137
+ inet6/filter/logdrop-137 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-137 -j DROP
Filter 383 {"conn-limit":{"addr":"dest","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-382
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-382
inet/filter/limit-382 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-138
- inet6/filter/limit-382 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-138
+ inet/filter/limit-382 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-138 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-138 -m limit --limit 1/second -j LOG
inet/filter/logdrop-138 -j DROP
- inet6/filter/logdrop-138 -j DROP
- inet/filter/limit-382 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-382
+ inet6/filter/limit-382 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-138
inet6/filter/limit-382 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-138 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-138 -j DROP
Filter 384 {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-383
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-383
inet/filter/limit-383 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-139
- inet6/filter/limit-383 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-139
+ inet/filter/limit-383 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-139 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-139 -m limit --limit 1/second -j LOG
inet/filter/logdrop-139 -j DROP
- inet6/filter/logdrop-139 -j DROP
- inet/filter/limit-383 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-383
+ inet6/filter/limit-383 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-139
inet6/filter/limit-383 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-139 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-139 -j DROP
Filter 385 {"conn-limit":{"addr":"dest","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-384
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-384
inet/filter/limit-384 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-140
- inet6/filter/limit-384 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-140
+ inet/filter/limit-384 -m limit --limit 1/second -j LOG
+ inet/filter/limit-384 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-140 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-140 -m limit --limit 1/second -j LOG
inet/filter/logdrop-140 -j DROP
- inet6/filter/logdrop-140 -j DROP
- inet/filter/limit-384 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-384
+ inet6/filter/limit-384 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-140
inet6/filter/limit-384 -m limit --limit 1/second -j LOG
- inet/filter/limit-384 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-384 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-140 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-140 -j DROP
Filter 386 {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-385
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-385
inet/filter/limit-385 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-141
- inet6/filter/limit-385 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-141
+ inet/filter/limit-385 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-141 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-141 -m limit --limit 1/second -j LOG
inet/filter/logdrop-141 -j DROP
- inet6/filter/logdrop-141 -j DROP
- inet/filter/limit-385 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-385
+ inet6/filter/limit-385 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-141
inet6/filter/limit-385 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-141 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-141 -j DROP
Filter 387 {"conn-limit":{"addr":"dest","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-386
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-386
inet/filter/limit-386 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-142
- inet6/filter/limit-386 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-142
+ inet/filter/limit-386 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-142 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-142 -m limit --limit 1/second -j LOG
inet/filter/logdrop-142 -j DROP
- inet6/filter/logdrop-142 -j DROP
- inet/filter/limit-386 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-386
+ inet6/filter/limit-386 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-142
inet6/filter/limit-386 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-142 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-142 -j DROP
Filter 388 {"action":"pass","conn-limit":{"addr":"dest","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-387
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-387
inet/filter/limit-387 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-143
- inet6/filter/limit-387 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-143
+ inet/filter/limit-387 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-143 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-143 -m limit --limit 1/second -j LOG
inet/filter/logdrop-143 -j DROP
- inet6/filter/logdrop-143 -j DROP
- inet/filter/limit-387 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-387
+ inet6/filter/limit-387 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-143
inet6/filter/limit-387 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-143 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-143 -j DROP
Filter 389 {"conn-limit":{"addr":"dest","name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-388
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-388
inet/filter/limit-388 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-144
- inet6/filter/limit-388 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-144
+ inet/filter/limit-388 -j ACCEPT
inet/filter/logdrop-144 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-144 -m limit --limit 1/second -j LOG
inet/filter/logdrop-144 -j DROP
- inet6/filter/logdrop-144 -j DROP
- inet/filter/limit-388 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-388
+ inet6/filter/limit-388 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-144
inet6/filter/limit-388 -j ACCEPT
+ inet6/filter/logdrop-144 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-144 -j DROP
Filter 390 {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-145
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-145
inet/filter/logdrop-145 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-145 -m limit --limit 1/second -j LOG
inet/filter/logdrop-145 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-145
+ inet6/filter/logdrop-145 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-145 -j DROP
Filter 391 {"conn-limit":{"addr":"dest","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-390
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-390
inet/filter/limit-390 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-146
- inet6/filter/limit-390 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-146
+ inet/filter/limit-390 -m limit --limit 1/second -j LOG
+ inet/filter/limit-390 -j ACCEPT
inet/filter/logdrop-146 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-146 -m limit --limit 1/second -j LOG
inet/filter/logdrop-146 -j DROP
- inet6/filter/logdrop-146 -j DROP
- inet/filter/limit-390 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-390
+ inet6/filter/limit-390 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-146
inet6/filter/limit-390 -m limit --limit 1/second -j LOG
- inet/filter/limit-390 -j ACCEPT
inet6/filter/limit-390 -j ACCEPT
+ inet6/filter/logdrop-146 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-146 -j DROP
Filter 392 {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-391
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-391
inet/filter/limit-391 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-147
- inet6/filter/limit-391 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-147
+ inet/filter/limit-391 -m limit --limit 1/second -j LOG
inet/filter/logdrop-147 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-147 -m limit --limit 1/second -j LOG
inet/filter/logdrop-147 -j DROP
- inet6/filter/logdrop-147 -j DROP
- inet/filter/limit-391 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-391
+ inet6/filter/limit-391 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-147
inet6/filter/limit-391 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-147 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-147 -j DROP
Filter 393 {"conn-limit":{"addr":"dest","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-392
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-392
inet/filter/limit-392 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-148
- inet6/filter/limit-392 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-148
+ inet/filter/limit-392 -j ACCEPT
inet/filter/logdrop-148 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-148 -m limit --limit 1/second -j LOG
inet/filter/logdrop-148 -j DROP
- inet6/filter/logdrop-148 -j DROP
- inet/filter/limit-392 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-392
+ inet6/filter/limit-392 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-148
inet6/filter/limit-392 -j ACCEPT
+ inet6/filter/logdrop-148 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-148 -j DROP
Filter 394 {"action":"pass","conn-limit":{"addr":"dest","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-149
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-149
inet/filter/logdrop-149 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-149 -m limit --limit 1/second -j LOG
inet/filter/logdrop-149 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-149
+ inet6/filter/logdrop-149 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-149 -j DROP
Filter 395 {"conn-limit":{"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-394
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-394
inet/filter/limit-394 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-150
- inet6/filter/limit-394 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-150
+ inet/filter/limit-394 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-150 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-150 -m limit --limit 1/second -j LOG
inet/filter/logdrop-150 -j DROP
- inet6/filter/logdrop-150 -j DROP
- inet/filter/limit-394 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-394
+ inet6/filter/limit-394 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-150
inet6/filter/limit-394 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-150 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-150 -j DROP
Filter 396 {"action":"pass","conn-limit":{"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-395
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-395
inet/filter/limit-395 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-151
- inet6/filter/limit-395 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-151
+ inet/filter/limit-395 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-151 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-151 -m limit --limit 1/second -j LOG
inet/filter/logdrop-151 -j DROP
- inet6/filter/logdrop-151 -j DROP
- inet/filter/limit-395 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-395
+ inet6/filter/limit-395 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-151
inet6/filter/limit-395 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-151 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-151 -j DROP
Filter 397 {"conn-limit":{"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-396
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-396
inet/filter/limit-396 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-152
- inet6/filter/limit-396 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-152
+ inet/filter/limit-396 -m limit --limit 1/second -j LOG
+ inet/filter/limit-396 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-152 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-152 -m limit --limit 1/second -j LOG
inet/filter/logdrop-152 -j DROP
- inet6/filter/logdrop-152 -j DROP
- inet/filter/limit-396 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-396
+ inet6/filter/limit-396 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-152
inet6/filter/limit-396 -m limit --limit 1/second -j LOG
- inet/filter/limit-396 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-396 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-152 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-152 -j DROP
Filter 398 {"action":"pass","conn-limit":{"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-397
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-397
inet/filter/limit-397 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-153
- inet6/filter/limit-397 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-153
+ inet/filter/limit-397 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-153 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-153 -m limit --limit 1/second -j LOG
inet/filter/logdrop-153 -j DROP
- inet6/filter/logdrop-153 -j DROP
- inet/filter/limit-397 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-397
+ inet6/filter/limit-397 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-153
inet6/filter/limit-397 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-153 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-153 -j DROP
Filter 399 {"conn-limit":{"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-398
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-398
inet/filter/limit-398 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-154
- inet6/filter/limit-398 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-154
+ inet/filter/limit-398 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-154 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-154 -m limit --limit 1/second -j LOG
inet/filter/logdrop-154 -j DROP
- inet6/filter/logdrop-154 -j DROP
- inet/filter/limit-398 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-398
+ inet6/filter/limit-398 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-154
inet6/filter/limit-398 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-154 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-154 -j DROP
Filter 400 {"action":"pass","conn-limit":{"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-399
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-399
inet/filter/limit-399 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-155
- inet6/filter/limit-399 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-155
+ inet/filter/limit-399 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-155 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-155 -m limit --limit 1/second -j LOG
inet/filter/logdrop-155 -j DROP
- inet6/filter/logdrop-155 -j DROP
- inet/filter/limit-399 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-399
+ inet6/filter/limit-399 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-155
inet6/filter/limit-399 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-155 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-155 -j DROP
Filter 401 {"conn-limit":{"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-400
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-400
inet/filter/limit-400 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-156
- inet6/filter/limit-400 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-156
+ inet/filter/limit-400 -j ACCEPT
inet/filter/logdrop-156 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-156 -m limit --limit 1/second -j LOG
inet/filter/logdrop-156 -j DROP
- inet6/filter/logdrop-156 -j DROP
- inet/filter/limit-400 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-400
+ inet6/filter/limit-400 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-156
inet6/filter/limit-400 -j ACCEPT
+ inet6/filter/logdrop-156 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-156 -j DROP
Filter 402 {"action":"pass","conn-limit":{"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-157
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-157
inet/filter/logdrop-157 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-157 -m limit --limit 1/second -j LOG
inet/filter/logdrop-157 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-157
+ inet6/filter/logdrop-157 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-157 -j DROP
Filter 403 {"conn-limit":{"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-402
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-402
inet/filter/limit-402 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-158
- inet6/filter/limit-402 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-158
+ inet/filter/limit-402 -m limit --limit 1/second -j LOG
+ inet/filter/limit-402 -j ACCEPT
inet/filter/logdrop-158 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-158 -m limit --limit 1/second -j LOG
inet/filter/logdrop-158 -j DROP
- inet6/filter/logdrop-158 -j DROP
- inet/filter/limit-402 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-402
+ inet6/filter/limit-402 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-158
inet6/filter/limit-402 -m limit --limit 1/second -j LOG
- inet/filter/limit-402 -j ACCEPT
inet6/filter/limit-402 -j ACCEPT
+ inet6/filter/logdrop-158 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-158 -j DROP
Filter 404 {"action":"pass","conn-limit":{"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-403
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-403
inet/filter/limit-403 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-159
- inet6/filter/limit-403 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-159
+ inet/filter/limit-403 -m limit --limit 1/second -j LOG
inet/filter/logdrop-159 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-159 -m limit --limit 1/second -j LOG
inet/filter/logdrop-159 -j DROP
- inet6/filter/logdrop-159 -j DROP
- inet/filter/limit-403 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-403
+ inet6/filter/limit-403 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-159
inet6/filter/limit-403 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-159 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-159 -j DROP
Filter 405 {"conn-limit":{"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-404
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-404
inet/filter/limit-404 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-160
- inet6/filter/limit-404 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-160
+ inet/filter/limit-404 -j ACCEPT
inet/filter/logdrop-160 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-160 -m limit --limit 1/second -j LOG
inet/filter/logdrop-160 -j DROP
- inet6/filter/logdrop-160 -j DROP
- inet/filter/limit-404 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-404
+ inet6/filter/limit-404 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-160
inet6/filter/limit-404 -j ACCEPT
+ inet6/filter/logdrop-160 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-160 -j DROP
Filter 406 {"action":"pass","conn-limit":{"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-161
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-161
inet/filter/logdrop-161 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-161 -m limit --limit 1/second -j LOG
inet/filter/logdrop-161 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-161
+ inet6/filter/logdrop-161 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-161 -j DROP
Filter 407 {"conn-limit":{"addr":"dest","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-406
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-406
inet/filter/limit-406 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-162
- inet6/filter/limit-406 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-162
+ inet/filter/limit-406 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-162 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-162 -m limit --limit 1/second -j LOG
inet/filter/logdrop-162 -j DROP
- inet6/filter/logdrop-162 -j DROP
- inet/filter/limit-406 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-406
+ inet6/filter/limit-406 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-162
inet6/filter/limit-406 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-162 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-162 -j DROP
Filter 408 {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-407
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-407
inet/filter/limit-407 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-163
- inet6/filter/limit-407 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-163
+ inet/filter/limit-407 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-163 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-163 -m limit --limit 1/second -j LOG
inet/filter/logdrop-163 -j DROP
- inet6/filter/logdrop-163 -j DROP
- inet/filter/limit-407 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-407
+ inet6/filter/limit-407 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-163
inet6/filter/limit-407 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-163 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-163 -j DROP
Filter 409 {"conn-limit":{"addr":"dest","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-408
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-408
inet/filter/limit-408 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-164
- inet6/filter/limit-408 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-164
+ inet/filter/limit-408 -m limit --limit 1/second -j LOG
+ inet/filter/limit-408 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-164 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-164 -m limit --limit 1/second -j LOG
inet/filter/logdrop-164 -j DROP
- inet6/filter/logdrop-164 -j DROP
- inet/filter/limit-408 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-408
+ inet6/filter/limit-408 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-164
inet6/filter/limit-408 -m limit --limit 1/second -j LOG
- inet/filter/limit-408 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-408 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-164 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-164 -j DROP
Filter 410 {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-409
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-409
inet/filter/limit-409 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-165
- inet6/filter/limit-409 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-165
+ inet/filter/limit-409 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-165 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-165 -m limit --limit 1/second -j LOG
inet/filter/logdrop-165 -j DROP
- inet6/filter/logdrop-165 -j DROP
- inet/filter/limit-409 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-409
+ inet6/filter/limit-409 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-165
inet6/filter/limit-409 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-165 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-165 -j DROP
Filter 411 {"conn-limit":{"addr":"dest","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-410
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-410
inet/filter/limit-410 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-166
- inet6/filter/limit-410 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-166
+ inet/filter/limit-410 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-166 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-166 -m limit --limit 1/second -j LOG
inet/filter/logdrop-166 -j DROP
- inet6/filter/logdrop-166 -j DROP
- inet/filter/limit-410 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-410
+ inet6/filter/limit-410 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-166
inet6/filter/limit-410 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-166 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-166 -j DROP
Filter 412 {"action":"pass","conn-limit":{"addr":"dest","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-411
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-411
inet/filter/limit-411 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-167
- inet6/filter/limit-411 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-167
+ inet/filter/limit-411 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-167 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-167 -m limit --limit 1/second -j LOG
inet/filter/logdrop-167 -j DROP
- inet6/filter/logdrop-167 -j DROP
- inet/filter/limit-411 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-411
+ inet6/filter/limit-411 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-167
inet6/filter/limit-411 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-167 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-167 -j DROP
Filter 413 {"conn-limit":{"addr":"dest","name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-412
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-412
inet/filter/limit-412 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-168
- inet6/filter/limit-412 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-168
+ inet/filter/limit-412 -j ACCEPT
inet/filter/logdrop-168 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-168 -m limit --limit 1/second -j LOG
inet/filter/logdrop-168 -j DROP
- inet6/filter/logdrop-168 -j DROP
- inet/filter/limit-412 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-412
+ inet6/filter/limit-412 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-168
inet6/filter/limit-412 -j ACCEPT
+ inet6/filter/logdrop-168 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-168 -j DROP
Filter 414 {"action":"pass","conn-limit":{"addr":"dest","name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-169
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-169
inet/filter/logdrop-169 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-169 -m limit --limit 1/second -j LOG
inet/filter/logdrop-169 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-169
+ inet6/filter/logdrop-169 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-169 -j DROP
Filter 415 {"conn-limit":{"addr":"dest","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-414
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-414
inet/filter/limit-414 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-170
- inet6/filter/limit-414 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-170
+ inet/filter/limit-414 -m limit --limit 1/second -j LOG
+ inet/filter/limit-414 -j ACCEPT
inet/filter/logdrop-170 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-170 -m limit --limit 1/second -j LOG
inet/filter/logdrop-170 -j DROP
- inet6/filter/logdrop-170 -j DROP
- inet/filter/limit-414 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-414
+ inet6/filter/limit-414 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-170
inet6/filter/limit-414 -m limit --limit 1/second -j LOG
- inet/filter/limit-414 -j ACCEPT
inet6/filter/limit-414 -j ACCEPT
+ inet6/filter/logdrop-170 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-170 -j DROP
Filter 416 {"action":"pass","conn-limit":{"addr":"dest","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-415
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-415
inet/filter/limit-415 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-171
- inet6/filter/limit-415 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-171
+ inet/filter/limit-415 -m limit --limit 1/second -j LOG
inet/filter/logdrop-171 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-171 -m limit --limit 1/second -j LOG
inet/filter/logdrop-171 -j DROP
- inet6/filter/logdrop-171 -j DROP
- inet/filter/limit-415 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-415
+ inet6/filter/limit-415 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-171
inet6/filter/limit-415 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-171 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-171 -j DROP
Filter 417 {"conn-limit":{"addr":"dest","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-416
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-416
inet/filter/limit-416 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-172
- inet6/filter/limit-416 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-172
+ inet/filter/limit-416 -j ACCEPT
inet/filter/logdrop-172 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-172 -m limit --limit 1/second -j LOG
inet/filter/logdrop-172 -j DROP
- inet6/filter/logdrop-172 -j DROP
- inet/filter/limit-416 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-416
+ inet6/filter/limit-416 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-172
inet6/filter/limit-416 -j ACCEPT
+ inet6/filter/logdrop-172 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-172 -j DROP
Filter 418 {"action":"pass","conn-limit":{"addr":"dest","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-173
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-173
inet/filter/logdrop-173 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-173 -m limit --limit 1/second -j LOG
inet/filter/logdrop-173 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-173
+ inet6/filter/logdrop-173 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-173 -j DROP
Filter 419 {"conn-limit":{"log":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-418
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-418
inet/filter/limit-418 -m recent --name limit-418 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-418 -m recent --name limit-418 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-418 -m recent --name limit-418 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-418
+ inet6/filter/limit-418 -m recent --name limit-418 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-418 -m recent --name limit-418 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 420 {"action":"pass","conn-limit":{"log":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-419
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-419
inet/filter/limit-419 -m recent --name limit-419 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-419 -m recent --name limit-419 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-419 -m recent --name limit-419 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-419
+ inet6/filter/limit-419 -m recent --name limit-419 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-419 -m recent --name limit-419 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 421 {"conn-limit":{"log":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-420
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-420
inet/filter/limit-420 -m recent --name limit-420 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-420 -m recent --name limit-420 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-420 -m limit --limit 1/second -j LOG
- inet6/filter/limit-420 -m limit --limit 1/second -j LOG
inet/filter/limit-420 -m recent --name limit-420 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-420
+ inet6/filter/limit-420 -m recent --name limit-420 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-420 -m limit --limit 1/second -j LOG
inet6/filter/limit-420 -m recent --name limit-420 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 422 {"action":"pass","conn-limit":{"log":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-421
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-421
inet/filter/limit-421 -m recent --name limit-421 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-421 -m recent --name limit-421 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-421 -m recent --name limit-421 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-421
+ inet6/filter/limit-421 -m recent --name limit-421 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-421 -m recent --name limit-421 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 423 {"conn-limit":{"log":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-422
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-422
inet/filter/limit-422 -m recent --name limit-422 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-422 -m recent --name limit-422 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-422 -m recent --name limit-422 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-422
+ inet6/filter/limit-422 -m recent --name limit-422 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-422 -m recent --name limit-422 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 424 {"action":"pass","conn-limit":{"log":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-423
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-423
inet/filter/limit-423 -m recent --name limit-423 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-423 -m recent --name limit-423 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-423 -m recent --name limit-423 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-423
+ inet6/filter/limit-423 -m recent --name limit-423 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-423 -m recent --name limit-423 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 425 {"conn-limit":{"log":false,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-424
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-424
inet/filter/limit-424 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-424 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-424 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-424
+ inet6/filter/limit-424 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-424 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 426 {"action":"pass","conn-limit":{"log":false,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-425
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-425
inet/filter/limit-425 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-425 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-425 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-425
+ inet6/filter/limit-425 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-425 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 427 {"conn-limit":{"log":false,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-426
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-426
inet/filter/limit-426 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-426 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-426 -m limit --limit 1/second -j LOG
- inet6/filter/limit-426 -m limit --limit 1/second -j LOG
inet/filter/limit-426 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-426
+ inet6/filter/limit-426 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-426 -m limit --limit 1/second -j LOG
inet6/filter/limit-426 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 428 {"action":"pass","conn-limit":{"log":false,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-427
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-427
inet/filter/limit-427 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-427 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-427 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-427
+ inet6/filter/limit-427 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-427 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 429 {"conn-limit":{"log":false,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-428
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-428
inet/filter/limit-428 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-428 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-428 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-428
+ inet6/filter/limit-428 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-428 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 430 {"action":"pass","conn-limit":{"log":false,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-429
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-429
inet/filter/limit-429 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-429 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-429 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-429
+ inet6/filter/limit-429 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-429 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 431 {"conn-limit":{"log":false,"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-430
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-430
inet/filter/limit-430 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-430 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-430 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-430
+ inet6/filter/limit-430 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-430 -j ACCEPT
Filter 432 {"action":"pass","conn-limit":{"log":false,"name":"A","update":false},"in":"_fw","out":"B"}
@@ -5365,30 +5365,30 @@ Filter 432 {"action":"pass","conn-limit":{"log":false,"n
Filter 433 {"conn-limit":{"log":false,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-432
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-432
inet/filter/limit-432 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-432 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-432 -m limit --limit 1/second -j LOG
- inet6/filter/limit-432 -m limit --limit 1/second -j LOG
inet/filter/limit-432 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-432
+ inet6/filter/limit-432 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-432 -m limit --limit 1/second -j LOG
inet6/filter/limit-432 -j ACCEPT
Filter 434 {"action":"pass","conn-limit":{"log":false,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-433
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-433
inet/filter/limit-433 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-433 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-433 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-433
+ inet6/filter/limit-433 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-433 -m limit --limit 1/second -j LOG
Filter 435 {"conn-limit":{"log":false,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-434
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-434
inet/filter/limit-434 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-434 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-434 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-434
+ inet6/filter/limit-434 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-434 -j ACCEPT
Filter 436 {"action":"pass","conn-limit":{"log":false,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
@@ -5399,66 +5399,66 @@ Filter 436 {"action":"pass","conn-limit":{"log":false,"n
Filter 437 {"conn-limit":{"addr":"dest","log":false,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-436
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-436
inet/filter/limit-436 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-436 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-436 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-436
+ inet6/filter/limit-436 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-436 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 438 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-437
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-437
inet/filter/limit-437 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-437 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-437 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-437
+ inet6/filter/limit-437 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-437 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 439 {"conn-limit":{"addr":"dest","log":false,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-438
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-438
inet/filter/limit-438 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-438 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-438 -m limit --limit 1/second -j LOG
- inet6/filter/limit-438 -m limit --limit 1/second -j LOG
inet/filter/limit-438 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-438
+ inet6/filter/limit-438 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-438 -m limit --limit 1/second -j LOG
inet6/filter/limit-438 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 440 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-439
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-439
inet/filter/limit-439 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-439 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-439 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-439
+ inet6/filter/limit-439 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-439 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 441 {"conn-limit":{"addr":"dest","log":false,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-440
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-440
inet/filter/limit-440 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-440 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-440 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-440
+ inet6/filter/limit-440 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-440 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 442 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-441
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-441
inet/filter/limit-441 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-441 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-441 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-441
+ inet6/filter/limit-441 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-441 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 443 {"conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-442
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-442
inet/filter/limit-442 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-442 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-442 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-442
+ inet6/filter/limit-442 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-442 -j ACCEPT
Filter 444 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"_fw","out":"B"}
@@ -5469,30 +5469,30 @@ Filter 444 {"action":"pass","conn-limit":{"addr":"dest",
Filter 445 {"conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-444
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-444
inet/filter/limit-444 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-444 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-444 -m limit --limit 1/second -j LOG
- inet6/filter/limit-444 -m limit --limit 1/second -j LOG
inet/filter/limit-444 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-444
+ inet6/filter/limit-444 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-444 -m limit --limit 1/second -j LOG
inet6/filter/limit-444 -j ACCEPT
Filter 446 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-445
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-445
inet/filter/limit-445 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-445 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-445 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-445
+ inet6/filter/limit-445 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-445 -m limit --limit 1/second -j LOG
Filter 447 {"conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-446
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-446
inet/filter/limit-446 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-446 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-446 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-446
+ inet6/filter/limit-446 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-446 -j ACCEPT
Filter 448 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
@@ -5503,66 +5503,66 @@ Filter 448 {"action":"pass","conn-limit":{"addr":"dest",
Filter 449 {"conn-limit":{"log":false,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-448
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-448
inet/filter/limit-448 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-448 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-448 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-448
+ inet6/filter/limit-448 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-448 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 450 {"action":"pass","conn-limit":{"log":false,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-449
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-449
inet/filter/limit-449 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-449 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-449 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-449
+ inet6/filter/limit-449 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-449 -m recent --name user:C --rsource --mask fe00:: --set
Filter 451 {"conn-limit":{"log":false,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-450
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-450
inet/filter/limit-450 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-450 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-450 -m limit --limit 1/second -j LOG
- inet6/filter/limit-450 -m limit --limit 1/second -j LOG
inet/filter/limit-450 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-450
+ inet6/filter/limit-450 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-450 -m limit --limit 1/second -j LOG
inet6/filter/limit-450 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 452 {"action":"pass","conn-limit":{"log":false,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-451
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-451
inet/filter/limit-451 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-451 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-451 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-451
+ inet6/filter/limit-451 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-451 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 453 {"conn-limit":{"log":false,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-452
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-452
inet/filter/limit-452 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-452 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-452 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-452
+ inet6/filter/limit-452 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-452 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 454 {"action":"pass","conn-limit":{"log":false,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-453
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-453
inet/filter/limit-453 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-453 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-453 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-453
+ inet6/filter/limit-453 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-453 -m recent --name user:C --rsource --mask fe00:: --set
Filter 455 {"conn-limit":{"log":false,"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-454
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-454
inet/filter/limit-454 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-454 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-454 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-454
+ inet6/filter/limit-454 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-454 -j ACCEPT
Filter 456 {"action":"pass","conn-limit":{"log":false,"name":"C","update":false},"in":"_fw","out":"B"}
@@ -5573,30 +5573,30 @@ Filter 456 {"action":"pass","conn-limit":{"log":false,"n
Filter 457 {"conn-limit":{"log":false,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-456
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-456
inet/filter/limit-456 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-456 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-456 -m limit --limit 1/second -j LOG
- inet6/filter/limit-456 -m limit --limit 1/second -j LOG
inet/filter/limit-456 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-456
+ inet6/filter/limit-456 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-456 -m limit --limit 1/second -j LOG
inet6/filter/limit-456 -j ACCEPT
Filter 458 {"action":"pass","conn-limit":{"log":false,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-457
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-457
inet/filter/limit-457 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-457 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-457 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-457
+ inet6/filter/limit-457 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-457 -m limit --limit 1/second -j LOG
Filter 459 {"conn-limit":{"log":false,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-458
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-458
inet/filter/limit-458 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-458 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-458 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-458
+ inet6/filter/limit-458 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-458 -j ACCEPT
Filter 460 {"action":"pass","conn-limit":{"log":false,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
@@ -5607,66 +5607,66 @@ Filter 460 {"action":"pass","conn-limit":{"log":false,"n
Filter 461 {"conn-limit":{"addr":"dest","log":false,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-460
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-460
inet/filter/limit-460 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-460 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-460 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-460
+ inet6/filter/limit-460 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-460 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 462 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-461
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-461
inet/filter/limit-461 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-461 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-461 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-461
+ inet6/filter/limit-461 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-461 -m recent --name user:C --rdest --mask fe00:: --set
Filter 463 {"conn-limit":{"addr":"dest","log":false,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-462
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-462
inet/filter/limit-462 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-462 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-462 -m limit --limit 1/second -j LOG
- inet6/filter/limit-462 -m limit --limit 1/second -j LOG
inet/filter/limit-462 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-462
+ inet6/filter/limit-462 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-462 -m limit --limit 1/second -j LOG
inet6/filter/limit-462 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 464 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-463
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-463
inet/filter/limit-463 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-463 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-463 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-463
+ inet6/filter/limit-463 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-463 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 465 {"conn-limit":{"addr":"dest","log":false,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-464
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-464
inet/filter/limit-464 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-464 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-464 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-464
+ inet6/filter/limit-464 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-464 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 466 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-465
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-465
inet/filter/limit-465 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-465 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-465 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-465
+ inet6/filter/limit-465 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-465 -m recent --name user:C --rdest --mask fe00:: --set
Filter 467 {"conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-466
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-466
inet/filter/limit-466 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-466 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-466 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-466
+ inet6/filter/limit-466 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-466 -j ACCEPT
Filter 468 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"_fw","out":"B"}
@@ -5677,30 +5677,30 @@ Filter 468 {"action":"pass","conn-limit":{"addr":"dest",
Filter 469 {"conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-468
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-468
inet/filter/limit-468 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-468 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-468 -m limit --limit 1/second -j LOG
- inet6/filter/limit-468 -m limit --limit 1/second -j LOG
inet/filter/limit-468 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-468
+ inet6/filter/limit-468 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-468 -m limit --limit 1/second -j LOG
inet6/filter/limit-468 -j ACCEPT
Filter 470 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-469
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-469
inet/filter/limit-469 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-469 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-469 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-469
+ inet6/filter/limit-469 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-469 -m limit --limit 1/second -j LOG
Filter 471 {"conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-470
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-470
inet/filter/limit-470 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-470 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-470 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-470
+ inet6/filter/limit-470 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-470 -j ACCEPT
Filter 472 {"action":"pass","conn-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
@@ -5711,122 +5711,122 @@ Filter 472 {"action":"pass","conn-limit":{"addr":"dest",
Filter 473 {"conn-limit":{"log":"none"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-472
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-472
inet/filter/limit-472 -m recent --name limit-472 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-472 -m recent --name limit-472 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-472 -m recent --name limit-472 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-472
+ inet6/filter/limit-472 -m recent --name limit-472 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-472 -m recent --name limit-472 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 474 {"action":"pass","conn-limit":{"log":"none"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-473
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-473
inet/filter/limit-473 -m recent --name limit-473 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-473 -m recent --name limit-473 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-473 -m recent --name limit-473 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-473
+ inet6/filter/limit-473 -m recent --name limit-473 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-473 -m recent --name limit-473 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 475 {"conn-limit":{"log":"none"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-474
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-474
inet/filter/limit-474 -m recent --name limit-474 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-474 -m recent --name limit-474 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-474 -m limit --limit 1/second -j LOG
- inet6/filter/limit-474 -m limit --limit 1/second -j LOG
inet/filter/limit-474 -m recent --name limit-474 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-474
+ inet6/filter/limit-474 -m recent --name limit-474 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-474 -m limit --limit 1/second -j LOG
inet6/filter/limit-474 -m recent --name limit-474 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 476 {"action":"pass","conn-limit":{"log":"none"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-475
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-475
inet/filter/limit-475 -m recent --name limit-475 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-475 -m recent --name limit-475 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-475 -m recent --name limit-475 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-475
+ inet6/filter/limit-475 -m recent --name limit-475 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-475 -m recent --name limit-475 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 477 {"conn-limit":{"log":"none"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-476
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-476
inet/filter/limit-476 -m recent --name limit-476 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-476 -m recent --name limit-476 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-476 -m recent --name limit-476 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-476
+ inet6/filter/limit-476 -m recent --name limit-476 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-476 -m recent --name limit-476 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 478 {"action":"pass","conn-limit":{"log":"none"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-477
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-477
inet/filter/limit-477 -m recent --name limit-477 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-477 -m recent --name limit-477 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-477 -m recent --name limit-477 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-477
+ inet6/filter/limit-477 -m recent --name limit-477 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-477 -m recent --name limit-477 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 479 {"conn-limit":{"log":"none","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-478
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-478
inet/filter/limit-478 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-478 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-478 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-478
+ inet6/filter/limit-478 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-478 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 480 {"action":"pass","conn-limit":{"log":"none","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-479
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-479
inet/filter/limit-479 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-479 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-479 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-479
+ inet6/filter/limit-479 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-479 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 481 {"conn-limit":{"log":"none","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-480
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-480
inet/filter/limit-480 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-480 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-480 -m limit --limit 1/second -j LOG
- inet6/filter/limit-480 -m limit --limit 1/second -j LOG
inet/filter/limit-480 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-480
+ inet6/filter/limit-480 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-480 -m limit --limit 1/second -j LOG
inet6/filter/limit-480 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 482 {"action":"pass","conn-limit":{"log":"none","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-481
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-481
inet/filter/limit-481 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-481 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-481 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-481
+ inet6/filter/limit-481 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-481 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 483 {"conn-limit":{"log":"none","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-482
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-482
inet/filter/limit-482 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-482 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-482 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-482
+ inet6/filter/limit-482 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-482 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 484 {"action":"pass","conn-limit":{"log":"none","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-483
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-483
inet/filter/limit-483 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-483 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-483 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-483
+ inet6/filter/limit-483 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-483 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 485 {"conn-limit":{"log":"none","name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-484
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-484
inet/filter/limit-484 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-484 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-484 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-484
+ inet6/filter/limit-484 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-484 -j ACCEPT
Filter 486 {"action":"pass","conn-limit":{"log":"none","name":"A","update":false},"in":"_fw","out":"B"}
@@ -5837,30 +5837,30 @@ Filter 486 {"action":"pass","conn-limit":{"log":"none","
Filter 487 {"conn-limit":{"log":"none","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-486
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-486
inet/filter/limit-486 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-486 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-486 -m limit --limit 1/second -j LOG
- inet6/filter/limit-486 -m limit --limit 1/second -j LOG
inet/filter/limit-486 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-486
+ inet6/filter/limit-486 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-486 -m limit --limit 1/second -j LOG
inet6/filter/limit-486 -j ACCEPT
Filter 488 {"action":"pass","conn-limit":{"log":"none","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-487
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-487
inet/filter/limit-487 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-487 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-487 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-487
+ inet6/filter/limit-487 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-487 -m limit --limit 1/second -j LOG
Filter 489 {"conn-limit":{"log":"none","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-488
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-488
inet/filter/limit-488 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-488 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-488 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-488
+ inet6/filter/limit-488 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-488 -j ACCEPT
Filter 490 {"action":"pass","conn-limit":{"log":"none","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
@@ -5871,66 +5871,66 @@ Filter 490 {"action":"pass","conn-limit":{"log":"none","
Filter 491 {"conn-limit":{"addr":"dest","log":"none","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-490
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-490
inet/filter/limit-490 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-490 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-490 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-490
+ inet6/filter/limit-490 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-490 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 492 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-491
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-491
inet/filter/limit-491 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-491 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-491 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-491
+ inet6/filter/limit-491 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-491 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 493 {"conn-limit":{"addr":"dest","log":"none","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-492
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-492
inet/filter/limit-492 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-492 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-492 -m limit --limit 1/second -j LOG
- inet6/filter/limit-492 -m limit --limit 1/second -j LOG
inet/filter/limit-492 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-492
+ inet6/filter/limit-492 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-492 -m limit --limit 1/second -j LOG
inet6/filter/limit-492 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 494 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-493
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-493
inet/filter/limit-493 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-493 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-493 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-493
+ inet6/filter/limit-493 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-493 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 495 {"conn-limit":{"addr":"dest","log":"none","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-494
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-494
inet/filter/limit-494 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-494 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-494 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-494
+ inet6/filter/limit-494 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-494 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 496 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-495
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-495
inet/filter/limit-495 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-495 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-495 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-495
+ inet6/filter/limit-495 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-495 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 497 {"conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-496
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-496
inet/filter/limit-496 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-496 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-496 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-496
+ inet6/filter/limit-496 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-496 -j ACCEPT
Filter 498 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"_fw","out":"B"}
@@ -5941,30 +5941,30 @@ Filter 498 {"action":"pass","conn-limit":{"addr":"dest",
Filter 499 {"conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-498
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-498
inet/filter/limit-498 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-498 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-498 -m limit --limit 1/second -j LOG
- inet6/filter/limit-498 -m limit --limit 1/second -j LOG
inet/filter/limit-498 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-498
+ inet6/filter/limit-498 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-498 -m limit --limit 1/second -j LOG
inet6/filter/limit-498 -j ACCEPT
Filter 500 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-499
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-499
inet/filter/limit-499 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-499 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-499 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-499
+ inet6/filter/limit-499 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-499 -m limit --limit 1/second -j LOG
Filter 501 {"conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-500
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-500
inet/filter/limit-500 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-500 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-500 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-500
+ inet6/filter/limit-500 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-500 -j ACCEPT
Filter 502 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
@@ -5975,66 +5975,66 @@ Filter 502 {"action":"pass","conn-limit":{"addr":"dest",
Filter 503 {"conn-limit":{"log":"none","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-502
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-502
inet/filter/limit-502 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-502 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-502 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-502
+ inet6/filter/limit-502 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-502 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 504 {"action":"pass","conn-limit":{"log":"none","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-503
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-503
inet/filter/limit-503 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-503 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-503 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-503
+ inet6/filter/limit-503 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-503 -m recent --name user:C --rsource --mask fe00:: --set
Filter 505 {"conn-limit":{"log":"none","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-504
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-504
inet/filter/limit-504 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-504 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-504 -m limit --limit 1/second -j LOG
- inet6/filter/limit-504 -m limit --limit 1/second -j LOG
inet/filter/limit-504 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-504
+ inet6/filter/limit-504 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-504 -m limit --limit 1/second -j LOG
inet6/filter/limit-504 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 506 {"action":"pass","conn-limit":{"log":"none","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-505
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-505
inet/filter/limit-505 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-505 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-505 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-505
+ inet6/filter/limit-505 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-505 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 507 {"conn-limit":{"log":"none","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-506
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-506
inet/filter/limit-506 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-506 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-506 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-506
+ inet6/filter/limit-506 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-506 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 508 {"action":"pass","conn-limit":{"log":"none","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-507
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-507
inet/filter/limit-507 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-507 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-507 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-507
+ inet6/filter/limit-507 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-507 -m recent --name user:C --rsource --mask fe00:: --set
Filter 509 {"conn-limit":{"log":"none","name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-508
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-508
inet/filter/limit-508 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-508 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-508 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-508
+ inet6/filter/limit-508 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-508 -j ACCEPT
Filter 510 {"action":"pass","conn-limit":{"log":"none","name":"C","update":false},"in":"_fw","out":"B"}
@@ -6045,30 +6045,30 @@ Filter 510 {"action":"pass","conn-limit":{"log":"none","
Filter 511 {"conn-limit":{"log":"none","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-510
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-510
inet/filter/limit-510 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-510 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-510 -m limit --limit 1/second -j LOG
- inet6/filter/limit-510 -m limit --limit 1/second -j LOG
inet/filter/limit-510 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-510
+ inet6/filter/limit-510 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-510 -m limit --limit 1/second -j LOG
inet6/filter/limit-510 -j ACCEPT
Filter 512 {"action":"pass","conn-limit":{"log":"none","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-511
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-511
inet/filter/limit-511 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-511 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-511 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-511
+ inet6/filter/limit-511 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-511 -m limit --limit 1/second -j LOG
Filter 513 {"conn-limit":{"log":"none","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-512
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-512
inet/filter/limit-512 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-512 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-512 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-512
+ inet6/filter/limit-512 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-512 -j ACCEPT
Filter 514 {"action":"pass","conn-limit":{"log":"none","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
@@ -6079,66 +6079,66 @@ Filter 514 {"action":"pass","conn-limit":{"log":"none","
Filter 515 {"conn-limit":{"addr":"dest","log":"none","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-514
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-514
inet/filter/limit-514 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-514 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-514 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-514
+ inet6/filter/limit-514 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-514 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 516 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-515
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-515
inet/filter/limit-515 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-515 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-515 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-515
+ inet6/filter/limit-515 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-515 -m recent --name user:C --rdest --mask fe00:: --set
Filter 517 {"conn-limit":{"addr":"dest","log":"none","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-516
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-516
inet/filter/limit-516 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-516 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-516 -m limit --limit 1/second -j LOG
- inet6/filter/limit-516 -m limit --limit 1/second -j LOG
inet/filter/limit-516 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-516
+ inet6/filter/limit-516 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-516 -m limit --limit 1/second -j LOG
inet6/filter/limit-516 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 518 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-517
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-517
inet/filter/limit-517 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-517 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-517 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-517
+ inet6/filter/limit-517 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-517 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 519 {"conn-limit":{"addr":"dest","log":"none","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-518
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-518
inet/filter/limit-518 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-518 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-518 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-518
+ inet6/filter/limit-518 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-518 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 520 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-519
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-519
inet/filter/limit-519 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-519 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-519 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-519
+ inet6/filter/limit-519 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-519 -m recent --name user:C --rdest --mask fe00:: --set
Filter 521 {"conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-520
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-520
inet/filter/limit-520 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-520 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-520 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-520
+ inet6/filter/limit-520 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-520 -j ACCEPT
Filter 522 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"_fw","out":"B"}
@@ -6149,30 +6149,30 @@ Filter 522 {"action":"pass","conn-limit":{"addr":"dest",
Filter 523 {"conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-522
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-522
inet/filter/limit-522 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-522 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-522 -m limit --limit 1/second -j LOG
- inet6/filter/limit-522 -m limit --limit 1/second -j LOG
inet/filter/limit-522 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-522
+ inet6/filter/limit-522 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-522 -m limit --limit 1/second -j LOG
inet6/filter/limit-522 -j ACCEPT
Filter 524 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-523
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-523
inet/filter/limit-523 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-523 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-523 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-523
+ inet6/filter/limit-523 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-523 -m limit --limit 1/second -j LOG
Filter 525 {"conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-524
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-524
inet/filter/limit-524 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-524 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-524 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-524
+ inet6/filter/limit-524 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-524 -j ACCEPT
Filter 526 {"action":"pass","conn-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
@@ -6183,810 +6183,810 @@ Filter 526 {"action":"pass","conn-limit":{"addr":"dest",
Filter 527 {"conn-limit":{"interval":5},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-526
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-526
inet/filter/limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-174
- inet6/filter/limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-174
+ inet/filter/limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-174 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-174 -m limit --limit 1/second -j LOG
inet/filter/logdrop-174 -j DROP
- inet6/filter/logdrop-174 -j DROP
- inet/filter/limit-526 -m recent --name limit-526 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-526
+ inet6/filter/limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-174
inet6/filter/limit-526 -m recent --name limit-526 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-174 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-174 -j DROP
Filter 528 {"action":"pass","conn-limit":{"interval":5},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-527
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-527
inet/filter/limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-175
- inet6/filter/limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-175
+ inet/filter/limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-175 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-175 -m limit --limit 1/second -j LOG
inet/filter/logdrop-175 -j DROP
- inet6/filter/logdrop-175 -j DROP
- inet/filter/limit-527 -m recent --name limit-527 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-527
+ inet6/filter/limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-175
inet6/filter/limit-527 -m recent --name limit-527 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-175 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-175 -j DROP
Filter 529 {"conn-limit":{"interval":5},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-528
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-528
inet/filter/limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-176
- inet6/filter/limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-176
+ inet/filter/limit-528 -m limit --limit 1/second -j LOG
+ inet/filter/limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-176 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-176 -m limit --limit 1/second -j LOG
inet/filter/logdrop-176 -j DROP
- inet6/filter/logdrop-176 -j DROP
- inet/filter/limit-528 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-528
+ inet6/filter/limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-176
inet6/filter/limit-528 -m limit --limit 1/second -j LOG
- inet/filter/limit-528 -m recent --name limit-528 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-528 -m recent --name limit-528 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-176 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-176 -j DROP
Filter 530 {"action":"pass","conn-limit":{"interval":5},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-529
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-529
inet/filter/limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-177
- inet6/filter/limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-177
+ inet/filter/limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-177 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-177 -m limit --limit 1/second -j LOG
inet/filter/logdrop-177 -j DROP
- inet6/filter/logdrop-177 -j DROP
- inet/filter/limit-529 -m recent --name limit-529 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-529
+ inet6/filter/limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-177
inet6/filter/limit-529 -m recent --name limit-529 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-177 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-177 -j DROP
Filter 531 {"conn-limit":{"interval":5},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-530
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-530
inet/filter/limit-530 -m recent --name limit-530 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-178
- inet6/filter/limit-530 -m recent --name limit-530 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-178
+ inet/filter/limit-530 -m recent --name limit-530 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-178 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-178 -m limit --limit 1/second -j LOG
inet/filter/logdrop-178 -j DROP
- inet6/filter/logdrop-178 -j DROP
- inet/filter/limit-530 -m recent --name limit-530 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-530
+ inet6/filter/limit-530 -m recent --name limit-530 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-178
inet6/filter/limit-530 -m recent --name limit-530 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-178 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-178 -j DROP
Filter 532 {"action":"pass","conn-limit":{"interval":5},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-531
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-531
inet/filter/limit-531 -m recent --name limit-531 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-179
- inet6/filter/limit-531 -m recent --name limit-531 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-179
+ inet/filter/limit-531 -m recent --name limit-531 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-179 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-179 -m limit --limit 1/second -j LOG
inet/filter/logdrop-179 -j DROP
- inet6/filter/logdrop-179 -j DROP
- inet/filter/limit-531 -m recent --name limit-531 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-531
+ inet6/filter/limit-531 -m recent --name limit-531 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-179
inet6/filter/limit-531 -m recent --name limit-531 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-179 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-179 -j DROP
Filter 533 {"conn-limit":{"interval":5,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-532
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-532
inet/filter/limit-532 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-180
- inet6/filter/limit-532 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-180
+ inet/filter/limit-532 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-180 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-180 -m limit --limit 1/second -j LOG
inet/filter/logdrop-180 -j DROP
- inet6/filter/logdrop-180 -j DROP
- inet/filter/limit-532 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-532
+ inet6/filter/limit-532 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-180
inet6/filter/limit-532 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-180 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-180 -j DROP
Filter 534 {"action":"pass","conn-limit":{"interval":5,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-533
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-533
inet/filter/limit-533 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-181
- inet6/filter/limit-533 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-181
+ inet/filter/limit-533 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-181 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-181 -m limit --limit 1/second -j LOG
inet/filter/logdrop-181 -j DROP
- inet6/filter/logdrop-181 -j DROP
- inet/filter/limit-533 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-533
+ inet6/filter/limit-533 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-181
inet6/filter/limit-533 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-181 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-181 -j DROP
Filter 535 {"conn-limit":{"interval":5,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-534
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-534
inet/filter/limit-534 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-182
- inet6/filter/limit-534 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-182
+ inet/filter/limit-534 -m limit --limit 1/second -j LOG
+ inet/filter/limit-534 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-182 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-182 -m limit --limit 1/second -j LOG
inet/filter/logdrop-182 -j DROP
- inet6/filter/logdrop-182 -j DROP
- inet/filter/limit-534 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-534
+ inet6/filter/limit-534 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-182
inet6/filter/limit-534 -m limit --limit 1/second -j LOG
- inet/filter/limit-534 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-534 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-182 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-182 -j DROP
Filter 536 {"action":"pass","conn-limit":{"interval":5,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-535
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-535
inet/filter/limit-535 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-183
- inet6/filter/limit-535 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-183
+ inet/filter/limit-535 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-183 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-183 -m limit --limit 1/second -j LOG
inet/filter/logdrop-183 -j DROP
- inet6/filter/logdrop-183 -j DROP
- inet/filter/limit-535 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-535
+ inet6/filter/limit-535 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-183
inet6/filter/limit-535 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-183 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-183 -j DROP
Filter 537 {"conn-limit":{"interval":5,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-536
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-536
inet/filter/limit-536 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-184
- inet6/filter/limit-536 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-184
+ inet/filter/limit-536 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-184 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-184 -m limit --limit 1/second -j LOG
inet/filter/logdrop-184 -j DROP
- inet6/filter/logdrop-184 -j DROP
- inet/filter/limit-536 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-536
+ inet6/filter/limit-536 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-184
inet6/filter/limit-536 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-184 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-184 -j DROP
Filter 538 {"action":"pass","conn-limit":{"interval":5,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-537
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-537
inet/filter/limit-537 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-185
- inet6/filter/limit-537 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-185
+ inet/filter/limit-537 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-185 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-185 -m limit --limit 1/second -j LOG
inet/filter/logdrop-185 -j DROP
- inet6/filter/logdrop-185 -j DROP
- inet/filter/limit-537 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-537
+ inet6/filter/limit-537 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-185
inet6/filter/limit-537 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-185 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-185 -j DROP
Filter 539 {"conn-limit":{"interval":5,"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-538
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-538
inet/filter/limit-538 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-186
- inet6/filter/limit-538 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-186
+ inet/filter/limit-538 -j ACCEPT
inet/filter/logdrop-186 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-186 -m limit --limit 1/second -j LOG
inet/filter/logdrop-186 -j DROP
- inet6/filter/logdrop-186 -j DROP
- inet/filter/limit-538 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-538
+ inet6/filter/limit-538 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-186
inet6/filter/limit-538 -j ACCEPT
+ inet6/filter/logdrop-186 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-186 -j DROP
Filter 540 {"action":"pass","conn-limit":{"interval":5,"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-187
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-187
inet/filter/logdrop-187 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-187 -m limit --limit 1/second -j LOG
inet/filter/logdrop-187 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-187
+ inet6/filter/logdrop-187 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-187 -j DROP
Filter 541 {"conn-limit":{"interval":5,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-540
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-540
inet/filter/limit-540 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-188
- inet6/filter/limit-540 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-188
+ inet/filter/limit-540 -m limit --limit 1/second -j LOG
+ inet/filter/limit-540 -j ACCEPT
inet/filter/logdrop-188 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-188 -m limit --limit 1/second -j LOG
inet/filter/logdrop-188 -j DROP
- inet6/filter/logdrop-188 -j DROP
- inet/filter/limit-540 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-540
+ inet6/filter/limit-540 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-188
inet6/filter/limit-540 -m limit --limit 1/second -j LOG
- inet/filter/limit-540 -j ACCEPT
inet6/filter/limit-540 -j ACCEPT
+ inet6/filter/logdrop-188 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-188 -j DROP
Filter 542 {"action":"pass","conn-limit":{"interval":5,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-541
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-541
inet/filter/limit-541 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-189
- inet6/filter/limit-541 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-189
+ inet/filter/limit-541 -m limit --limit 1/second -j LOG
inet/filter/logdrop-189 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-189 -m limit --limit 1/second -j LOG
inet/filter/logdrop-189 -j DROP
- inet6/filter/logdrop-189 -j DROP
- inet/filter/limit-541 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-541
+ inet6/filter/limit-541 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-189
inet6/filter/limit-541 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-189 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-189 -j DROP
Filter 543 {"conn-limit":{"interval":5,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-542
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-542
inet/filter/limit-542 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-190
- inet6/filter/limit-542 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-190
+ inet/filter/limit-542 -j ACCEPT
inet/filter/logdrop-190 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-190 -m limit --limit 1/second -j LOG
inet/filter/logdrop-190 -j DROP
- inet6/filter/logdrop-190 -j DROP
- inet/filter/limit-542 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-542
+ inet6/filter/limit-542 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-190
inet6/filter/limit-542 -j ACCEPT
+ inet6/filter/logdrop-190 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-190 -j DROP
Filter 544 {"action":"pass","conn-limit":{"interval":5,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-191
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-191
inet/filter/logdrop-191 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-191 -m limit --limit 1/second -j LOG
inet/filter/logdrop-191 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-191
+ inet6/filter/logdrop-191 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-191 -j DROP
Filter 545 {"conn-limit":{"addr":"dest","interval":5,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-544
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-544
inet/filter/limit-544 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-192
- inet6/filter/limit-544 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-192
+ inet/filter/limit-544 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-192 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-192 -m limit --limit 1/second -j LOG
inet/filter/logdrop-192 -j DROP
- inet6/filter/logdrop-192 -j DROP
- inet/filter/limit-544 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-544
+ inet6/filter/limit-544 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-192
inet6/filter/limit-544 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-192 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-192 -j DROP
Filter 546 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-545
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-545
inet/filter/limit-545 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-193
- inet6/filter/limit-545 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-193
+ inet/filter/limit-545 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-193 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-193 -m limit --limit 1/second -j LOG
inet/filter/logdrop-193 -j DROP
- inet6/filter/logdrop-193 -j DROP
- inet/filter/limit-545 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-545
+ inet6/filter/limit-545 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-193
inet6/filter/limit-545 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-193 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-193 -j DROP
Filter 547 {"conn-limit":{"addr":"dest","interval":5,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-546
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-546
inet/filter/limit-546 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-194
- inet6/filter/limit-546 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-194
+ inet/filter/limit-546 -m limit --limit 1/second -j LOG
+ inet/filter/limit-546 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-194 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-194 -m limit --limit 1/second -j LOG
inet/filter/logdrop-194 -j DROP
- inet6/filter/logdrop-194 -j DROP
- inet/filter/limit-546 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-546
+ inet6/filter/limit-546 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-194
inet6/filter/limit-546 -m limit --limit 1/second -j LOG
- inet/filter/limit-546 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-546 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-194 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-194 -j DROP
Filter 548 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-547
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-547
inet/filter/limit-547 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-195
- inet6/filter/limit-547 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-195
+ inet/filter/limit-547 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-195 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-195 -m limit --limit 1/second -j LOG
inet/filter/logdrop-195 -j DROP
- inet6/filter/logdrop-195 -j DROP
- inet/filter/limit-547 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-547
+ inet6/filter/limit-547 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-195
inet6/filter/limit-547 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-195 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-195 -j DROP
Filter 549 {"conn-limit":{"addr":"dest","interval":5,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-548
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-548
inet/filter/limit-548 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-196
- inet6/filter/limit-548 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-196
+ inet/filter/limit-548 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-196 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-196 -m limit --limit 1/second -j LOG
inet/filter/logdrop-196 -j DROP
- inet6/filter/logdrop-196 -j DROP
- inet/filter/limit-548 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-548
+ inet6/filter/limit-548 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-196
inet6/filter/limit-548 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-196 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-196 -j DROP
Filter 550 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-549
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-549
inet/filter/limit-549 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-197
- inet6/filter/limit-549 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-197
+ inet/filter/limit-549 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-197 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-197 -m limit --limit 1/second -j LOG
inet/filter/logdrop-197 -j DROP
- inet6/filter/logdrop-197 -j DROP
- inet/filter/limit-549 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-549
+ inet6/filter/limit-549 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-197
inet6/filter/limit-549 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-197 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-197 -j DROP
Filter 551 {"conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-550
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-550
inet/filter/limit-550 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-198
- inet6/filter/limit-550 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-198
+ inet/filter/limit-550 -j ACCEPT
inet/filter/logdrop-198 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-198 -m limit --limit 1/second -j LOG
inet/filter/logdrop-198 -j DROP
- inet6/filter/logdrop-198 -j DROP
- inet/filter/limit-550 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-550
+ inet6/filter/limit-550 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-198
inet6/filter/limit-550 -j ACCEPT
+ inet6/filter/logdrop-198 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-198 -j DROP
Filter 552 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-199
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-199
inet/filter/logdrop-199 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-199 -m limit --limit 1/second -j LOG
inet/filter/logdrop-199 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-199
+ inet6/filter/logdrop-199 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-199 -j DROP
Filter 553 {"conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-552
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-552
inet/filter/limit-552 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-200
- inet6/filter/limit-552 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-200
+ inet/filter/limit-552 -m limit --limit 1/second -j LOG
+ inet/filter/limit-552 -j ACCEPT
inet/filter/logdrop-200 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-200 -m limit --limit 1/second -j LOG
inet/filter/logdrop-200 -j DROP
- inet6/filter/logdrop-200 -j DROP
- inet/filter/limit-552 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-552
+ inet6/filter/limit-552 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-200
inet6/filter/limit-552 -m limit --limit 1/second -j LOG
- inet/filter/limit-552 -j ACCEPT
inet6/filter/limit-552 -j ACCEPT
+ inet6/filter/logdrop-200 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-200 -j DROP
Filter 554 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-553
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-553
inet/filter/limit-553 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-201
- inet6/filter/limit-553 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-201
+ inet/filter/limit-553 -m limit --limit 1/second -j LOG
inet/filter/logdrop-201 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-201 -m limit --limit 1/second -j LOG
inet/filter/logdrop-201 -j DROP
- inet6/filter/logdrop-201 -j DROP
- inet/filter/limit-553 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-553
+ inet6/filter/limit-553 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-201
inet6/filter/limit-553 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-201 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-201 -j DROP
Filter 555 {"conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-554
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-554
inet/filter/limit-554 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-202
- inet6/filter/limit-554 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-202
+ inet/filter/limit-554 -j ACCEPT
inet/filter/logdrop-202 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-202 -m limit --limit 1/second -j LOG
inet/filter/logdrop-202 -j DROP
- inet6/filter/logdrop-202 -j DROP
- inet/filter/limit-554 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-554
+ inet6/filter/limit-554 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-202
inet6/filter/limit-554 -j ACCEPT
+ inet6/filter/logdrop-202 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-202 -j DROP
Filter 556 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-203
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-203
inet/filter/logdrop-203 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-203 -m limit --limit 1/second -j LOG
inet/filter/logdrop-203 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-203
+ inet6/filter/logdrop-203 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-203 -j DROP
Filter 557 {"conn-limit":{"interval":5,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-556
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-556
inet/filter/limit-556 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-204
- inet6/filter/limit-556 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-204
+ inet/filter/limit-556 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-204 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-204 -m limit --limit 1/second -j LOG
inet/filter/logdrop-204 -j DROP
- inet6/filter/logdrop-204 -j DROP
- inet/filter/limit-556 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-556
+ inet6/filter/limit-556 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-204
inet6/filter/limit-556 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-204 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-204 -j DROP
Filter 558 {"action":"pass","conn-limit":{"interval":5,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-557
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-557
inet/filter/limit-557 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-205
- inet6/filter/limit-557 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-205
+ inet/filter/limit-557 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-205 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-205 -m limit --limit 1/second -j LOG
inet/filter/logdrop-205 -j DROP
- inet6/filter/logdrop-205 -j DROP
- inet/filter/limit-557 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-557
+ inet6/filter/limit-557 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-205
inet6/filter/limit-557 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-205 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-205 -j DROP
Filter 559 {"conn-limit":{"interval":5,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-558
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-558
inet/filter/limit-558 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-206
- inet6/filter/limit-558 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-206
+ inet/filter/limit-558 -m limit --limit 1/second -j LOG
+ inet/filter/limit-558 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-206 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-206 -m limit --limit 1/second -j LOG
inet/filter/logdrop-206 -j DROP
- inet6/filter/logdrop-206 -j DROP
- inet/filter/limit-558 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-558
+ inet6/filter/limit-558 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-206
inet6/filter/limit-558 -m limit --limit 1/second -j LOG
- inet/filter/limit-558 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-558 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-206 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-206 -j DROP
Filter 560 {"action":"pass","conn-limit":{"interval":5,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-559
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-559
inet/filter/limit-559 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-207
- inet6/filter/limit-559 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-207
+ inet/filter/limit-559 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-207 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-207 -m limit --limit 1/second -j LOG
inet/filter/logdrop-207 -j DROP
- inet6/filter/logdrop-207 -j DROP
- inet/filter/limit-559 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-559
+ inet6/filter/limit-559 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-207
inet6/filter/limit-559 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-207 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-207 -j DROP
Filter 561 {"conn-limit":{"interval":5,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-560
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-560
inet/filter/limit-560 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-208
- inet6/filter/limit-560 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-208
+ inet/filter/limit-560 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-208 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-208 -m limit --limit 1/second -j LOG
inet/filter/logdrop-208 -j DROP
- inet6/filter/logdrop-208 -j DROP
- inet/filter/limit-560 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-560
+ inet6/filter/limit-560 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-208
inet6/filter/limit-560 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-208 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-208 -j DROP
Filter 562 {"action":"pass","conn-limit":{"interval":5,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-561
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-561
inet/filter/limit-561 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-209
- inet6/filter/limit-561 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-209
+ inet/filter/limit-561 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-209 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-209 -m limit --limit 1/second -j LOG
inet/filter/logdrop-209 -j DROP
- inet6/filter/logdrop-209 -j DROP
- inet/filter/limit-561 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-561
+ inet6/filter/limit-561 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-209
inet6/filter/limit-561 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-209 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-209 -j DROP
Filter 563 {"conn-limit":{"interval":5,"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-562
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-562
inet/filter/limit-562 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-210
- inet6/filter/limit-562 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-210
+ inet/filter/limit-562 -j ACCEPT
inet/filter/logdrop-210 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-210 -m limit --limit 1/second -j LOG
inet/filter/logdrop-210 -j DROP
- inet6/filter/logdrop-210 -j DROP
- inet/filter/limit-562 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-562
+ inet6/filter/limit-562 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-210
inet6/filter/limit-562 -j ACCEPT
+ inet6/filter/logdrop-210 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-210 -j DROP
Filter 564 {"action":"pass","conn-limit":{"interval":5,"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-211
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-211
inet/filter/logdrop-211 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-211 -m limit --limit 1/second -j LOG
inet/filter/logdrop-211 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-211
+ inet6/filter/logdrop-211 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-211 -j DROP
Filter 565 {"conn-limit":{"interval":5,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-564
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-564
inet/filter/limit-564 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-212
- inet6/filter/limit-564 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-212
+ inet/filter/limit-564 -m limit --limit 1/second -j LOG
+ inet/filter/limit-564 -j ACCEPT
inet/filter/logdrop-212 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-212 -m limit --limit 1/second -j LOG
inet/filter/logdrop-212 -j DROP
- inet6/filter/logdrop-212 -j DROP
- inet/filter/limit-564 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-564
+ inet6/filter/limit-564 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-212
inet6/filter/limit-564 -m limit --limit 1/second -j LOG
- inet/filter/limit-564 -j ACCEPT
inet6/filter/limit-564 -j ACCEPT
+ inet6/filter/logdrop-212 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-212 -j DROP
Filter 566 {"action":"pass","conn-limit":{"interval":5,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-565
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-565
inet/filter/limit-565 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-213
- inet6/filter/limit-565 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-213
+ inet/filter/limit-565 -m limit --limit 1/second -j LOG
inet/filter/logdrop-213 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-213 -m limit --limit 1/second -j LOG
inet/filter/logdrop-213 -j DROP
- inet6/filter/logdrop-213 -j DROP
- inet/filter/limit-565 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-565
+ inet6/filter/limit-565 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-213
inet6/filter/limit-565 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-213 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-213 -j DROP
Filter 567 {"conn-limit":{"interval":5,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-566
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-566
inet/filter/limit-566 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-214
- inet6/filter/limit-566 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-214
+ inet/filter/limit-566 -j ACCEPT
inet/filter/logdrop-214 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-214 -m limit --limit 1/second -j LOG
inet/filter/logdrop-214 -j DROP
- inet6/filter/logdrop-214 -j DROP
- inet/filter/limit-566 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-566
+ inet6/filter/limit-566 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-214
inet6/filter/limit-566 -j ACCEPT
+ inet6/filter/logdrop-214 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-214 -j DROP
Filter 568 {"action":"pass","conn-limit":{"interval":5,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-215
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-215
inet/filter/logdrop-215 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-215 -m limit --limit 1/second -j LOG
inet/filter/logdrop-215 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-215
+ inet6/filter/logdrop-215 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-215 -j DROP
Filter 569 {"conn-limit":{"addr":"dest","interval":5,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-568
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-568
inet/filter/limit-568 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-216
- inet6/filter/limit-568 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-216
+ inet/filter/limit-568 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-216 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-216 -m limit --limit 1/second -j LOG
inet/filter/logdrop-216 -j DROP
- inet6/filter/logdrop-216 -j DROP
- inet/filter/limit-568 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-568
+ inet6/filter/limit-568 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-216
inet6/filter/limit-568 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-216 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-216 -j DROP
Filter 570 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-569
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-569
inet/filter/limit-569 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-217
- inet6/filter/limit-569 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-217
+ inet/filter/limit-569 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-217 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-217 -m limit --limit 1/second -j LOG
inet/filter/logdrop-217 -j DROP
- inet6/filter/logdrop-217 -j DROP
- inet/filter/limit-569 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-569
+ inet6/filter/limit-569 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-217
inet6/filter/limit-569 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-217 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-217 -j DROP
Filter 571 {"conn-limit":{"addr":"dest","interval":5,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-570
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-570
inet/filter/limit-570 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-218
- inet6/filter/limit-570 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-218
+ inet/filter/limit-570 -m limit --limit 1/second -j LOG
+ inet/filter/limit-570 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-218 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-218 -m limit --limit 1/second -j LOG
inet/filter/logdrop-218 -j DROP
- inet6/filter/logdrop-218 -j DROP
- inet/filter/limit-570 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-570
+ inet6/filter/limit-570 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-218
inet6/filter/limit-570 -m limit --limit 1/second -j LOG
- inet/filter/limit-570 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-570 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-218 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-218 -j DROP
Filter 572 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-571
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-571
inet/filter/limit-571 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-219
- inet6/filter/limit-571 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-219
+ inet/filter/limit-571 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-219 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-219 -m limit --limit 1/second -j LOG
inet/filter/logdrop-219 -j DROP
- inet6/filter/logdrop-219 -j DROP
- inet/filter/limit-571 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-571
+ inet6/filter/limit-571 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-219
inet6/filter/limit-571 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-219 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-219 -j DROP
Filter 573 {"conn-limit":{"addr":"dest","interval":5,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-572
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-572
inet/filter/limit-572 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-220
- inet6/filter/limit-572 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-220
+ inet/filter/limit-572 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-220 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-220 -m limit --limit 1/second -j LOG
inet/filter/logdrop-220 -j DROP
- inet6/filter/logdrop-220 -j DROP
- inet/filter/limit-572 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-572
+ inet6/filter/limit-572 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-220
inet6/filter/limit-572 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-220 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-220 -j DROP
Filter 574 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-573
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-573
inet/filter/limit-573 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-221
- inet6/filter/limit-573 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-221
+ inet/filter/limit-573 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-221 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-221 -m limit --limit 1/second -j LOG
inet/filter/logdrop-221 -j DROP
- inet6/filter/logdrop-221 -j DROP
- inet/filter/limit-573 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-573
+ inet6/filter/limit-573 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-221
inet6/filter/limit-573 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-221 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-221 -j DROP
Filter 575 {"conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-574
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-574
inet/filter/limit-574 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-222
- inet6/filter/limit-574 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-222
+ inet/filter/limit-574 -j ACCEPT
inet/filter/logdrop-222 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-222 -m limit --limit 1/second -j LOG
inet/filter/logdrop-222 -j DROP
- inet6/filter/logdrop-222 -j DROP
- inet/filter/limit-574 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-574
+ inet6/filter/limit-574 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-222
inet6/filter/limit-574 -j ACCEPT
+ inet6/filter/logdrop-222 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-222 -j DROP
Filter 576 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-223
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-223
inet/filter/logdrop-223 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-223 -m limit --limit 1/second -j LOG
inet/filter/logdrop-223 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-223
+ inet6/filter/logdrop-223 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-223 -j DROP
Filter 577 {"conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-576
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-576
inet/filter/limit-576 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-224
- inet6/filter/limit-576 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-224
+ inet/filter/limit-576 -m limit --limit 1/second -j LOG
+ inet/filter/limit-576 -j ACCEPT
inet/filter/logdrop-224 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-224 -m limit --limit 1/second -j LOG
inet/filter/logdrop-224 -j DROP
- inet6/filter/logdrop-224 -j DROP
- inet/filter/limit-576 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-576
+ inet6/filter/limit-576 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-224
inet6/filter/limit-576 -m limit --limit 1/second -j LOG
- inet/filter/limit-576 -j ACCEPT
inet6/filter/limit-576 -j ACCEPT
+ inet6/filter/logdrop-224 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-224 -j DROP
Filter 578 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-577
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-577
inet/filter/limit-577 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-225
- inet6/filter/limit-577 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-225
+ inet/filter/limit-577 -m limit --limit 1/second -j LOG
inet/filter/logdrop-225 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-225 -m limit --limit 1/second -j LOG
inet/filter/logdrop-225 -j DROP
- inet6/filter/logdrop-225 -j DROP
- inet/filter/limit-577 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-577
+ inet6/filter/limit-577 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-225
inet6/filter/limit-577 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-225 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-225 -j DROP
Filter 579 {"conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-578
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-578
inet/filter/limit-578 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-226
- inet6/filter/limit-578 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-226
+ inet/filter/limit-578 -j ACCEPT
inet/filter/logdrop-226 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-226 -m limit --limit 1/second -j LOG
inet/filter/logdrop-226 -j DROP
- inet6/filter/logdrop-226 -j DROP
- inet/filter/limit-578 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-578
+ inet6/filter/limit-578 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-226
inet6/filter/limit-578 -j ACCEPT
+ inet6/filter/logdrop-226 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-226 -j DROP
Filter 580 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-227
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-227
inet/filter/logdrop-227 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-227 -m limit --limit 1/second -j LOG
inet/filter/logdrop-227 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-227
+ inet6/filter/logdrop-227 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-227 -j DROP
Filter 581 {"conn-limit":{"interval":5,"log":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-580
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-580
inet/filter/limit-580 -m recent --name limit-580 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-580 -m recent --name limit-580 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-580 -m recent --name limit-580 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-580
+ inet6/filter/limit-580 -m recent --name limit-580 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-580 -m recent --name limit-580 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 582 {"action":"pass","conn-limit":{"interval":5,"log":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-581
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-581
inet/filter/limit-581 -m recent --name limit-581 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-581 -m recent --name limit-581 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-581 -m recent --name limit-581 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-581
+ inet6/filter/limit-581 -m recent --name limit-581 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-581 -m recent --name limit-581 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 583 {"conn-limit":{"interval":5,"log":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-582
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-582
inet/filter/limit-582 -m recent --name limit-582 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-582 -m recent --name limit-582 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-582 -m limit --limit 1/second -j LOG
- inet6/filter/limit-582 -m limit --limit 1/second -j LOG
inet/filter/limit-582 -m recent --name limit-582 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-582
+ inet6/filter/limit-582 -m recent --name limit-582 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-582 -m limit --limit 1/second -j LOG
inet6/filter/limit-582 -m recent --name limit-582 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 584 {"action":"pass","conn-limit":{"interval":5,"log":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-583
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-583
inet/filter/limit-583 -m recent --name limit-583 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-583 -m recent --name limit-583 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-583 -m recent --name limit-583 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-583
+ inet6/filter/limit-583 -m recent --name limit-583 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-583 -m recent --name limit-583 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 585 {"conn-limit":{"interval":5,"log":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-584
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-584
inet/filter/limit-584 -m recent --name limit-584 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-584 -m recent --name limit-584 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-584
+ inet6/filter/limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-584 -m recent --name limit-584 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 586 {"action":"pass","conn-limit":{"interval":5,"log":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-585
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-585
inet/filter/limit-585 -m recent --name limit-585 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-585 -m recent --name limit-585 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-585
+ inet6/filter/limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-585 -m recent --name limit-585 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 587 {"conn-limit":{"interval":5,"log":false,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-586
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-586
inet/filter/limit-586 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-586 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-586 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-586
+ inet6/filter/limit-586 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-586 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 588 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-587
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-587
inet/filter/limit-587 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-587 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-587 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-587
+ inet6/filter/limit-587 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-587 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 589 {"conn-limit":{"interval":5,"log":false,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-588
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-588
inet/filter/limit-588 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-588 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-588 -m limit --limit 1/second -j LOG
- inet6/filter/limit-588 -m limit --limit 1/second -j LOG
inet/filter/limit-588 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-588
+ inet6/filter/limit-588 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-588 -m limit --limit 1/second -j LOG
inet6/filter/limit-588 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 590 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-589
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-589
inet/filter/limit-589 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-589 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-589 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-589
+ inet6/filter/limit-589 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-589 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 591 {"conn-limit":{"interval":5,"log":false,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-590
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-590
inet/filter/limit-590 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-590 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-590 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-590
+ inet6/filter/limit-590 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-590 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 592 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-591
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-591
inet/filter/limit-591 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-591 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-591 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-591
+ inet6/filter/limit-591 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-591 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 593 {"conn-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-592
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-592
inet/filter/limit-592 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-592 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-592 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-592
+ inet6/filter/limit-592 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-592 -j ACCEPT
Filter 594 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"_fw","out":"B"}
@@ -6997,30 +6997,30 @@ Filter 594 {"action":"pass","conn-limit":{"interval":5,"
Filter 595 {"conn-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-594
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-594
inet/filter/limit-594 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-594 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-594 -m limit --limit 1/second -j LOG
- inet6/filter/limit-594 -m limit --limit 1/second -j LOG
inet/filter/limit-594 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-594
+ inet6/filter/limit-594 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-594 -m limit --limit 1/second -j LOG
inet6/filter/limit-594 -j ACCEPT
Filter 596 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-595
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-595
inet/filter/limit-595 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-595 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-595 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-595
+ inet6/filter/limit-595 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-595 -m limit --limit 1/second -j LOG
Filter 597 {"conn-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-596
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-596
inet/filter/limit-596 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-596 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-596 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-596
+ inet6/filter/limit-596 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-596 -j ACCEPT
Filter 598 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
@@ -7031,66 +7031,66 @@ Filter 598 {"action":"pass","conn-limit":{"interval":5,"
Filter 599 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-598
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-598
inet/filter/limit-598 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-598 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-598 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-598
+ inet6/filter/limit-598 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-598 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 600 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-599
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-599
inet/filter/limit-599 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-599 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-599 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-599
+ inet6/filter/limit-599 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-599 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 601 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-600
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-600
inet/filter/limit-600 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-600 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-600 -m limit --limit 1/second -j LOG
- inet6/filter/limit-600 -m limit --limit 1/second -j LOG
inet/filter/limit-600 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-600
+ inet6/filter/limit-600 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-600 -m limit --limit 1/second -j LOG
inet6/filter/limit-600 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 602 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-601
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-601
inet/filter/limit-601 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-601 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-601 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-601
+ inet6/filter/limit-601 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-601 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 603 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-602
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-602
inet/filter/limit-602 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-602 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-602 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-602
+ inet6/filter/limit-602 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-602 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 604 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-603
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-603
inet/filter/limit-603 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-603 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-603 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-603
+ inet6/filter/limit-603 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-603 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 605 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-604
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-604
inet/filter/limit-604 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-604 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-604 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-604
+ inet6/filter/limit-604 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-604 -j ACCEPT
Filter 606 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"_fw","out":"B"}
@@ -7101,30 +7101,30 @@ Filter 606 {"action":"pass","conn-limit":{"addr":"dest",
Filter 607 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-606
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-606
inet/filter/limit-606 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-606 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-606 -m limit --limit 1/second -j LOG
- inet6/filter/limit-606 -m limit --limit 1/second -j LOG
inet/filter/limit-606 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-606
+ inet6/filter/limit-606 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-606 -m limit --limit 1/second -j LOG
inet6/filter/limit-606 -j ACCEPT
Filter 608 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-607
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-607
inet/filter/limit-607 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-607 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-607 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-607
+ inet6/filter/limit-607 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-607 -m limit --limit 1/second -j LOG
Filter 609 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-608
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-608
inet/filter/limit-608 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-608 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-608 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-608
+ inet6/filter/limit-608 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-608 -j ACCEPT
Filter 610 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"_fw","log":"none","out":"B"}
@@ -7135,66 +7135,66 @@ Filter 610 {"action":"pass","conn-limit":{"addr":"dest",
Filter 611 {"conn-limit":{"interval":5,"log":false,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-610
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-610
inet/filter/limit-610 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-610 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-610 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-610
+ inet6/filter/limit-610 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-610 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 612 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-611
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-611
inet/filter/limit-611 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-611 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-611 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-611
+ inet6/filter/limit-611 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-611 -m recent --name user:C --rsource --mask fe00:: --set
Filter 613 {"conn-limit":{"interval":5,"log":false,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-612
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-612
inet/filter/limit-612 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-612 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-612 -m limit --limit 1/second -j LOG
- inet6/filter/limit-612 -m limit --limit 1/second -j LOG
inet/filter/limit-612 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-612
+ inet6/filter/limit-612 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-612 -m limit --limit 1/second -j LOG
inet6/filter/limit-612 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 614 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-613
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-613
inet/filter/limit-613 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-613 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-613 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-613
+ inet6/filter/limit-613 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-613 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 615 {"conn-limit":{"interval":5,"log":false,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-614
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-614
inet/filter/limit-614 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-614 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-614 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-614
+ inet6/filter/limit-614 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-614 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 616 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-615
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-615
inet/filter/limit-615 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-615 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-615 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-615
+ inet6/filter/limit-615 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-615 -m recent --name user:C --rsource --mask fe00:: --set
Filter 617 {"conn-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-616
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-616
inet/filter/limit-616 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-616 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-616 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-616
+ inet6/filter/limit-616 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-616 -j ACCEPT
Filter 618 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"_fw","out":"B"}
@@ -7205,30 +7205,30 @@ Filter 618 {"action":"pass","conn-limit":{"interval":5,"
Filter 619 {"conn-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-618
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-618
inet/filter/limit-618 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-618 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-618 -m limit --limit 1/second -j LOG
- inet6/filter/limit-618 -m limit --limit 1/second -j LOG
inet/filter/limit-618 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-618
+ inet6/filter/limit-618 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-618 -m limit --limit 1/second -j LOG
inet6/filter/limit-618 -j ACCEPT
Filter 620 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-619
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-619
inet/filter/limit-619 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-619 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-619 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-619
+ inet6/filter/limit-619 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-619 -m limit --limit 1/second -j LOG
Filter 621 {"conn-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-620
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-620
inet/filter/limit-620 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-620 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-620 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-620
+ inet6/filter/limit-620 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-620 -j ACCEPT
Filter 622 {"action":"pass","conn-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
@@ -7239,66 +7239,66 @@ Filter 622 {"action":"pass","conn-limit":{"interval":5,"
Filter 623 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-622
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-622
inet/filter/limit-622 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-622 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-622 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-622
+ inet6/filter/limit-622 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-622 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 624 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-623
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-623
inet/filter/limit-623 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-623 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-623 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-623
+ inet6/filter/limit-623 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-623 -m recent --name user:C --rdest --mask fe00:: --set
Filter 625 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-624
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-624
inet/filter/limit-624 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-624 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-624 -m limit --limit 1/second -j LOG
- inet6/filter/limit-624 -m limit --limit 1/second -j LOG
inet/filter/limit-624 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-624
+ inet6/filter/limit-624 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-624 -m limit --limit 1/second -j LOG
inet6/filter/limit-624 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 626 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-625
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-625
inet/filter/limit-625 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-625 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-625 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-625
+ inet6/filter/limit-625 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-625 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 627 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-626
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-626
inet/filter/limit-626 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-626 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-626 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-626
+ inet6/filter/limit-626 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-626 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 628 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-627
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-627
inet/filter/limit-627 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-627 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-627 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-627
+ inet6/filter/limit-627 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-627 -m recent --name user:C --rdest --mask fe00:: --set
Filter 629 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-628
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-628
inet/filter/limit-628 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-628 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-628 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-628
+ inet6/filter/limit-628 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-628 -j ACCEPT
Filter 630 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"_fw","out":"B"}
@@ -7309,30 +7309,30 @@ Filter 630 {"action":"pass","conn-limit":{"addr":"dest",
Filter 631 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-630
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-630
inet/filter/limit-630 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-630 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-630 -m limit --limit 1/second -j LOG
- inet6/filter/limit-630 -m limit --limit 1/second -j LOG
inet/filter/limit-630 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-630
+ inet6/filter/limit-630 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-630 -m limit --limit 1/second -j LOG
inet6/filter/limit-630 -j ACCEPT
Filter 632 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-631
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-631
inet/filter/limit-631 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-631 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-631 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-631
+ inet6/filter/limit-631 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-631 -m limit --limit 1/second -j LOG
Filter 633 {"conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-632
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-632
inet/filter/limit-632 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-632 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-632 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-632
+ inet6/filter/limit-632 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-632 -j ACCEPT
Filter 634 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"_fw","log":"none","out":"B"}
@@ -7343,122 +7343,122 @@ Filter 634 {"action":"pass","conn-limit":{"addr":"dest",
Filter 635 {"conn-limit":{"interval":5,"log":"none"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-634
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-634
inet/filter/limit-634 -m recent --name limit-634 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-634 -m recent --name limit-634 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-634 -m recent --name limit-634 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-634
+ inet6/filter/limit-634 -m recent --name limit-634 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-634 -m recent --name limit-634 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 636 {"action":"pass","conn-limit":{"interval":5,"log":"none"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-635
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-635
inet/filter/limit-635 -m recent --name limit-635 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-635 -m recent --name limit-635 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-635 -m recent --name limit-635 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-635
+ inet6/filter/limit-635 -m recent --name limit-635 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-635 -m recent --name limit-635 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 637 {"conn-limit":{"interval":5,"log":"none"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-636
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-636
inet/filter/limit-636 -m recent --name limit-636 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-636 -m recent --name limit-636 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-636 -m limit --limit 1/second -j LOG
- inet6/filter/limit-636 -m limit --limit 1/second -j LOG
inet/filter/limit-636 -m recent --name limit-636 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-636
+ inet6/filter/limit-636 -m recent --name limit-636 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-636 -m limit --limit 1/second -j LOG
inet6/filter/limit-636 -m recent --name limit-636 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 638 {"action":"pass","conn-limit":{"interval":5,"log":"none"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-637
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-637
inet/filter/limit-637 -m recent --name limit-637 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-637 -m recent --name limit-637 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-637 -m recent --name limit-637 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-637
+ inet6/filter/limit-637 -m recent --name limit-637 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-637 -m recent --name limit-637 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 639 {"conn-limit":{"interval":5,"log":"none"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-638
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-638
inet/filter/limit-638 -m recent --name limit-638 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-638 -m recent --name limit-638 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-638 -m recent --name limit-638 --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-638
+ inet6/filter/limit-638 -m recent --name limit-638 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-638 -m recent --name limit-638 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 640 {"action":"pass","conn-limit":{"interval":5,"log":"none"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-639
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-639
inet/filter/limit-639 -m recent --name limit-639 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-639 -m recent --name limit-639 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-639 -m recent --name limit-639 --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-639
+ inet6/filter/limit-639 -m recent --name limit-639 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-639 -m recent --name limit-639 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 641 {"conn-limit":{"interval":5,"log":"none","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-640
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-640
inet/filter/limit-640 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-640 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-640 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-640
+ inet6/filter/limit-640 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-640 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 642 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-641
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-641
inet/filter/limit-641 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-641 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-641 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-641
+ inet6/filter/limit-641 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-641 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 643 {"conn-limit":{"interval":5,"log":"none","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-642
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-642
inet/filter/limit-642 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-642 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-642 -m limit --limit 1/second -j LOG
- inet6/filter/limit-642 -m limit --limit 1/second -j LOG
inet/filter/limit-642 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-642
+ inet6/filter/limit-642 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-642 -m limit --limit 1/second -j LOG
inet6/filter/limit-642 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 644 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-643
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-643
inet/filter/limit-643 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-643 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-643 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-643
+ inet6/filter/limit-643 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-643 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 645 {"conn-limit":{"interval":5,"log":"none","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-644
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-644
inet/filter/limit-644 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-644 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-644 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-644
+ inet6/filter/limit-644 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-644 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 646 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-645
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-645
inet/filter/limit-645 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-645 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-645 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-645
+ inet6/filter/limit-645 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-645 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 647 {"conn-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-646
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-646
inet/filter/limit-646 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-646 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-646 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-646
+ inet6/filter/limit-646 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-646 -j ACCEPT
Filter 648 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"_fw","out":"B"}
@@ -7469,30 +7469,30 @@ Filter 648 {"action":"pass","conn-limit":{"interval":5,"
Filter 649 {"conn-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-648
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-648
inet/filter/limit-648 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-648 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-648 -m limit --limit 1/second -j LOG
- inet6/filter/limit-648 -m limit --limit 1/second -j LOG
inet/filter/limit-648 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-648
+ inet6/filter/limit-648 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-648 -m limit --limit 1/second -j LOG
inet6/filter/limit-648 -j ACCEPT
Filter 650 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-649
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-649
inet/filter/limit-649 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-649 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-649 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-649
+ inet6/filter/limit-649 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-649 -m limit --limit 1/second -j LOG
Filter 651 {"conn-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-650
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-650
inet/filter/limit-650 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-650 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-650 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-650
+ inet6/filter/limit-650 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-650 -j ACCEPT
Filter 652 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
@@ -7503,66 +7503,66 @@ Filter 652 {"action":"pass","conn-limit":{"interval":5,"
Filter 653 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-652
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-652
inet/filter/limit-652 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-652 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-652 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-652
+ inet6/filter/limit-652 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-652 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 654 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-653
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-653
inet/filter/limit-653 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-653 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-653 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-653
+ inet6/filter/limit-653 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-653 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 655 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-654
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-654
inet/filter/limit-654 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-654 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-654 -m limit --limit 1/second -j LOG
- inet6/filter/limit-654 -m limit --limit 1/second -j LOG
inet/filter/limit-654 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-654
+ inet6/filter/limit-654 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-654 -m limit --limit 1/second -j LOG
inet6/filter/limit-654 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 656 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-655
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-655
inet/filter/limit-655 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-655 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-655 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-655
+ inet6/filter/limit-655 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-655 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 657 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-656
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-656
inet/filter/limit-656 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-656 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-656 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-656
+ inet6/filter/limit-656 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-656 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
Filter 658 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-657
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-657
inet/filter/limit-657 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-657 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-657 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-657
+ inet6/filter/limit-657 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-657 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 659 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-658
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-658
inet/filter/limit-658 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-658 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-658 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-658
+ inet6/filter/limit-658 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-658 -j ACCEPT
Filter 660 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"_fw","out":"B"}
@@ -7573,30 +7573,30 @@ Filter 660 {"action":"pass","conn-limit":{"addr":"dest",
Filter 661 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-660
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-660
inet/filter/limit-660 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-660 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-660 -m limit --limit 1/second -j LOG
- inet6/filter/limit-660 -m limit --limit 1/second -j LOG
inet/filter/limit-660 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-660
+ inet6/filter/limit-660 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-660 -m limit --limit 1/second -j LOG
inet6/filter/limit-660 -j ACCEPT
Filter 662 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-661
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-661
inet/filter/limit-661 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-661 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-661 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-661
+ inet6/filter/limit-661 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-661 -m limit --limit 1/second -j LOG
Filter 663 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-662
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-662
inet/filter/limit-662 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-662 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-662 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-662
+ inet6/filter/limit-662 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-662 -j ACCEPT
Filter 664 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"_fw","log":"none","out":"B"}
@@ -7607,66 +7607,66 @@ Filter 664 {"action":"pass","conn-limit":{"addr":"dest",
Filter 665 {"conn-limit":{"interval":5,"log":"none","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-664
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-664
inet/filter/limit-664 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-664 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-664 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-664
+ inet6/filter/limit-664 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-664 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 666 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-665
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-665
inet/filter/limit-665 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-665 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-665 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-665
+ inet6/filter/limit-665 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-665 -m recent --name user:C --rsource --mask fe00:: --set
Filter 667 {"conn-limit":{"interval":5,"log":"none","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-666
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-666
inet/filter/limit-666 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-666 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-666 -m limit --limit 1/second -j LOG
- inet6/filter/limit-666 -m limit --limit 1/second -j LOG
inet/filter/limit-666 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-666
+ inet6/filter/limit-666 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-666 -m limit --limit 1/second -j LOG
inet6/filter/limit-666 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 668 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-667
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-667
inet/filter/limit-667 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-667 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-667 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-667
+ inet6/filter/limit-667 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-667 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 669 {"conn-limit":{"interval":5,"log":"none","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-668
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-668
inet/filter/limit-668 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-668 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-668 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-668
+ inet6/filter/limit-668 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-668 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
Filter 670 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-669
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-669
inet/filter/limit-669 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-669 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-669 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-669
+ inet6/filter/limit-669 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-669 -m recent --name user:C --rsource --mask fe00:: --set
Filter 671 {"conn-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-670
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-670
inet/filter/limit-670 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-670 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-670 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-670
+ inet6/filter/limit-670 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-670 -j ACCEPT
Filter 672 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"_fw","out":"B"}
@@ -7677,30 +7677,30 @@ Filter 672 {"action":"pass","conn-limit":{"interval":5,"
Filter 673 {"conn-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-672
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-672
inet/filter/limit-672 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-672 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-672 -m limit --limit 1/second -j LOG
- inet6/filter/limit-672 -m limit --limit 1/second -j LOG
inet/filter/limit-672 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-672
+ inet6/filter/limit-672 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-672 -m limit --limit 1/second -j LOG
inet6/filter/limit-672 -j ACCEPT
Filter 674 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-673
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-673
inet/filter/limit-673 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-673 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-673 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-673
+ inet6/filter/limit-673 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-673 -m limit --limit 1/second -j LOG
Filter 675 {"conn-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-674
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-674
inet/filter/limit-674 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-674 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-674 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-674
+ inet6/filter/limit-674 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-674 -j ACCEPT
Filter 676 {"action":"pass","conn-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
@@ -7711,66 +7711,66 @@ Filter 676 {"action":"pass","conn-limit":{"interval":5,"
Filter 677 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-676
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-676
inet/filter/limit-676 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-676 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-676 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-676
+ inet6/filter/limit-676 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-676 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 678 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-677
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-677
inet/filter/limit-677 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-677 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-677 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-677
+ inet6/filter/limit-677 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-677 -m recent --name user:C --rdest --mask fe00:: --set
Filter 679 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-678
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-678
inet/filter/limit-678 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-678 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-678 -m limit --limit 1/second -j LOG
- inet6/filter/limit-678 -m limit --limit 1/second -j LOG
inet/filter/limit-678 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-678
+ inet6/filter/limit-678 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-678 -m limit --limit 1/second -j LOG
inet6/filter/limit-678 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 680 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-679
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-679
inet/filter/limit-679 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-679 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-679 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-679
+ inet6/filter/limit-679 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-679 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 681 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-680
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-680
inet/filter/limit-680 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-680 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-680 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-680
+ inet6/filter/limit-680 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-680 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
Filter 682 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-681
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-681
inet/filter/limit-681 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-681 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-681 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-681
+ inet6/filter/limit-681 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-681 -m recent --name user:C --rdest --mask fe00:: --set
Filter 683 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-682
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-682
inet/filter/limit-682 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-682 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-682 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-682
+ inet6/filter/limit-682 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-682 -j ACCEPT
Filter 684 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"_fw","out":"B"}
@@ -7781,30 +7781,30 @@ Filter 684 {"action":"pass","conn-limit":{"addr":"dest",
Filter 685 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-684
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-684
inet/filter/limit-684 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-684 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-684 -m limit --limit 1/second -j LOG
- inet6/filter/limit-684 -m limit --limit 1/second -j LOG
inet/filter/limit-684 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-684
+ inet6/filter/limit-684 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-684 -m limit --limit 1/second -j LOG
inet6/filter/limit-684 -j ACCEPT
Filter 686 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-685
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-685
inet/filter/limit-685 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-685 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-685 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-685
+ inet6/filter/limit-685 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-685 -m limit --limit 1/second -j LOG
Filter 687 {"conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-686
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-686
inet/filter/limit-686 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-686 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-686 -j ACCEPT
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-686
+ inet6/filter/limit-686 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-686 -j ACCEPT
Filter 688 {"action":"pass","conn-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"_fw","log":"none","out":"B"}
@@ -7815,11875 +7815,11875 @@ Filter 688 {"action":"pass","conn-limit":{"addr":"dest",
Filter 689 {"conn-limit":150,"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-688
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-688
inet/filter/limit-688 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-688 -j ACCEPT
- inet6/filter/limit-688 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-688 -j ACCEPT
inet/filter/limit-688 -m limit --limit 1/second -j LOG
- inet6/filter/limit-688 -m limit --limit 1/second -j LOG
inet/filter/limit-688 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-688
+ inet6/filter/limit-688 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-688 -j ACCEPT
+ inet6/filter/limit-688 -m limit --limit 1/second -j LOG
inet6/filter/limit-688 -j DROP
Filter 690 {"action":"pass","conn-limit":150,"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-689
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-689
inet/filter/limit-689 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-689 -j RETURN
- inet6/filter/limit-689 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-689 -j RETURN
inet/filter/limit-689 -m limit --limit 1/second -j LOG
- inet6/filter/limit-689 -m limit --limit 1/second -j LOG
inet/filter/limit-689 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-689
+ inet6/filter/limit-689 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-689 -j RETURN
+ inet6/filter/limit-689 -m limit --limit 1/second -j LOG
inet6/filter/limit-689 -j DROP
Filter 691 {"conn-limit":150,"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-690
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-690
inet/filter/limit-690 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-690 -j logaccept-7
- inet6/filter/limit-690 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-690 -j logaccept-7
+ inet/filter/limit-690 -m limit --limit 1/second -j LOG
+ inet/filter/limit-690 -j DROP
inet/filter/logaccept-7 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-7 -m limit --limit 1/second -j LOG
inet/filter/logaccept-7 -j ACCEPT
- inet6/filter/logaccept-7 -j ACCEPT
- inet/filter/limit-690 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-690
+ inet6/filter/limit-690 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-690 -j logaccept-7
inet6/filter/limit-690 -m limit --limit 1/second -j LOG
- inet/filter/limit-690 -j DROP
inet6/filter/limit-690 -j DROP
+ inet6/filter/logaccept-7 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-7 -j ACCEPT
Filter 692 {"conn-limit":150,"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-691
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-691
inet/filter/limit-691 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-691 -j ACCEPT
- inet6/filter/limit-691 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-691 -j ACCEPT
inet/filter/limit-691 -m limit --limit 1/second -j LOG
- inet6/filter/limit-691 -m limit --limit 1/second -j LOG
inet/filter/limit-691 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-691
+ inet6/filter/limit-691 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-691 -j ACCEPT
+ inet6/filter/limit-691 -m limit --limit 1/second -j LOG
inet6/filter/limit-691 -j DROP
Filter 693 {"conn-limit":{"count":150},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-692
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-692
inet/filter/limit-692 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-692 -j ACCEPT
- inet6/filter/limit-692 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-692 -j ACCEPT
inet/filter/limit-692 -m limit --limit 1/second -j LOG
- inet6/filter/limit-692 -m limit --limit 1/second -j LOG
inet/filter/limit-692 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-692
+ inet6/filter/limit-692 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-692 -j ACCEPT
+ inet6/filter/limit-692 -m limit --limit 1/second -j LOG
inet6/filter/limit-692 -j DROP
Filter 694 {"action":"pass","conn-limit":{"count":150},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-693
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-693
inet/filter/limit-693 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-693 -j RETURN
- inet6/filter/limit-693 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-693 -j RETURN
inet/filter/limit-693 -m limit --limit 1/second -j LOG
- inet6/filter/limit-693 -m limit --limit 1/second -j LOG
inet/filter/limit-693 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-693
+ inet6/filter/limit-693 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-693 -j RETURN
+ inet6/filter/limit-693 -m limit --limit 1/second -j LOG
inet6/filter/limit-693 -j DROP
Filter 695 {"conn-limit":{"count":150},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-694
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-694
inet/filter/limit-694 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-694 -j logaccept-8
- inet6/filter/limit-694 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-694 -j logaccept-8
+ inet/filter/limit-694 -m limit --limit 1/second -j LOG
+ inet/filter/limit-694 -j DROP
inet/filter/logaccept-8 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-8 -m limit --limit 1/second -j LOG
inet/filter/logaccept-8 -j ACCEPT
- inet6/filter/logaccept-8 -j ACCEPT
- inet/filter/limit-694 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-694
+ inet6/filter/limit-694 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-694 -j logaccept-8
inet6/filter/limit-694 -m limit --limit 1/second -j LOG
- inet/filter/limit-694 -j DROP
inet6/filter/limit-694 -j DROP
+ inet6/filter/logaccept-8 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-8 -j ACCEPT
Filter 696 {"conn-limit":{"count":150},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-695
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-695
inet/filter/limit-695 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-695 -j ACCEPT
- inet6/filter/limit-695 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-695 -j ACCEPT
inet/filter/limit-695 -m limit --limit 1/second -j LOG
- inet6/filter/limit-695 -m limit --limit 1/second -j LOG
inet/filter/limit-695 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-695
+ inet6/filter/limit-695 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-695 -j ACCEPT
+ inet6/filter/limit-695 -m limit --limit 1/second -j LOG
inet6/filter/limit-695 -j DROP
Filter 697 {"conn-limit":{"count":150,"log":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-696
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-696
inet/filter/limit-696 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-696 -j ACCEPT
- inet6/filter/limit-696 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-696 -j ACCEPT
inet/filter/limit-696 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-696
+ inet6/filter/limit-696 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-696 -j ACCEPT
inet6/filter/limit-696 -j DROP
Filter 698 {"action":"pass","conn-limit":{"count":150,"log":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-697
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-697
inet/filter/limit-697 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-697 -j RETURN
- inet6/filter/limit-697 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-697 -j RETURN
inet/filter/limit-697 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-697
+ inet6/filter/limit-697 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-697 -j RETURN
inet6/filter/limit-697 -j DROP
Filter 699 {"conn-limit":{"count":150,"log":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-698
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-698
inet/filter/limit-698 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-698 -j logaccept-9
- inet6/filter/limit-698 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-698 -j logaccept-9
+ inet/filter/limit-698 -j DROP
inet/filter/logaccept-9 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-9 -m limit --limit 1/second -j LOG
inet/filter/logaccept-9 -j ACCEPT
- inet6/filter/logaccept-9 -j ACCEPT
- inet/filter/limit-698 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-698
+ inet6/filter/limit-698 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-698 -j logaccept-9
inet6/filter/limit-698 -j DROP
+ inet6/filter/logaccept-9 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-9 -j ACCEPT
Filter 700 {"conn-limit":{"count":150,"log":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-699
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-699
inet/filter/limit-699 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-699 -j ACCEPT
- inet6/filter/limit-699 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-699 -j ACCEPT
inet/filter/limit-699 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-699
+ inet6/filter/limit-699 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-699 -j ACCEPT
inet6/filter/limit-699 -j DROP
Filter 701 {"conn-limit":{"count":150,"log":"none"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-700
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-700
inet/filter/limit-700 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-700 -j ACCEPT
- inet6/filter/limit-700 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-700 -j ACCEPT
inet/filter/limit-700 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-700
+ inet6/filter/limit-700 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-700 -j ACCEPT
inet6/filter/limit-700 -j DROP
Filter 702 {"action":"pass","conn-limit":{"count":150,"log":"none"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-701
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-701
inet/filter/limit-701 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-701 -j RETURN
- inet6/filter/limit-701 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-701 -j RETURN
inet/filter/limit-701 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-701
+ inet6/filter/limit-701 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-701 -j RETURN
inet6/filter/limit-701 -j DROP
Filter 703 {"conn-limit":{"count":150,"log":"none"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-702
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-702
inet/filter/limit-702 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-702 -j logaccept-10
- inet6/filter/limit-702 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-702 -j logaccept-10
+ inet/filter/limit-702 -j DROP
inet/filter/logaccept-10 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-10 -m limit --limit 1/second -j LOG
inet/filter/logaccept-10 -j ACCEPT
- inet6/filter/logaccept-10 -j ACCEPT
- inet/filter/limit-702 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-702
+ inet6/filter/limit-702 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-702 -j logaccept-10
inet6/filter/limit-702 -j DROP
+ inet6/filter/logaccept-10 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-10 -j ACCEPT
Filter 704 {"conn-limit":{"count":150,"log":"none"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-703
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-703
inet/filter/limit-703 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-703 -j ACCEPT
- inet6/filter/limit-703 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-703 -j ACCEPT
inet/filter/limit-703 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-703
+ inet6/filter/limit-703 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-703 -j ACCEPT
inet6/filter/limit-703 -j DROP
Filter 705 {"conn-limit":{"count":150,"interval":5},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-704
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-704
inet/filter/limit-704 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-704 -j ACCEPT
- inet6/filter/limit-704 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-704 -j ACCEPT
inet/filter/limit-704 -m limit --limit 1/second -j LOG
- inet6/filter/limit-704 -m limit --limit 1/second -j LOG
inet/filter/limit-704 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-704
+ inet6/filter/limit-704 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-704 -j ACCEPT
+ inet6/filter/limit-704 -m limit --limit 1/second -j LOG
inet6/filter/limit-704 -j DROP
Filter 706 {"action":"pass","conn-limit":{"count":150,"interval":5},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-705
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-705
inet/filter/limit-705 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-705 -j RETURN
- inet6/filter/limit-705 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-705 -j RETURN
inet/filter/limit-705 -m limit --limit 1/second -j LOG
- inet6/filter/limit-705 -m limit --limit 1/second -j LOG
inet/filter/limit-705 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-705
+ inet6/filter/limit-705 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-705 -j RETURN
+ inet6/filter/limit-705 -m limit --limit 1/second -j LOG
inet6/filter/limit-705 -j DROP
Filter 707 {"conn-limit":{"count":150,"interval":5},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-706
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-706
inet/filter/limit-706 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-706 -j logaccept-11
- inet6/filter/limit-706 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-706 -j logaccept-11
+ inet/filter/limit-706 -m limit --limit 1/second -j LOG
+ inet/filter/limit-706 -j DROP
inet/filter/logaccept-11 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-11 -m limit --limit 1/second -j LOG
inet/filter/logaccept-11 -j ACCEPT
- inet6/filter/logaccept-11 -j ACCEPT
- inet/filter/limit-706 -m limit --limit 1/second -j LOG
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-706
+ inet6/filter/limit-706 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-706 -j logaccept-11
inet6/filter/limit-706 -m limit --limit 1/second -j LOG
- inet/filter/limit-706 -j DROP
inet6/filter/limit-706 -j DROP
+ inet6/filter/logaccept-11 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-11 -j ACCEPT
Filter 708 {"conn-limit":{"count":150,"interval":5},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-707
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-707
inet/filter/limit-707 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-707 -j ACCEPT
- inet6/filter/limit-707 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-707 -j ACCEPT
inet/filter/limit-707 -m limit --limit 1/second -j LOG
- inet6/filter/limit-707 -m limit --limit 1/second -j LOG
inet/filter/limit-707 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-707
+ inet6/filter/limit-707 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-707 -j ACCEPT
+ inet6/filter/limit-707 -m limit --limit 1/second -j LOG
inet6/filter/limit-707 -j DROP
Filter 709 {"conn-limit":{"count":150,"interval":5,"log":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-708
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-708
inet/filter/limit-708 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-708 -j ACCEPT
- inet6/filter/limit-708 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-708 -j ACCEPT
inet/filter/limit-708 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-708
+ inet6/filter/limit-708 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-708 -j ACCEPT
inet6/filter/limit-708 -j DROP
Filter 710 {"action":"pass","conn-limit":{"count":150,"interval":5,"log":false},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-709
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-709
inet/filter/limit-709 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-709 -j RETURN
- inet6/filter/limit-709 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-709 -j RETURN
inet/filter/limit-709 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-709
+ inet6/filter/limit-709 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-709 -j RETURN
inet6/filter/limit-709 -j DROP
Filter 711 {"conn-limit":{"count":150,"interval":5,"log":false},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-710
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-710
inet/filter/limit-710 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-710 -j logaccept-12
- inet6/filter/limit-710 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-710 -j logaccept-12
+ inet/filter/limit-710 -j DROP
inet/filter/logaccept-12 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-12 -m limit --limit 1/second -j LOG
inet/filter/logaccept-12 -j ACCEPT
- inet6/filter/logaccept-12 -j ACCEPT
- inet/filter/limit-710 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-710
+ inet6/filter/limit-710 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-710 -j logaccept-12
inet6/filter/limit-710 -j DROP
+ inet6/filter/logaccept-12 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-12 -j ACCEPT
Filter 712 {"conn-limit":{"count":150,"interval":5,"log":false},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-711
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-711
inet/filter/limit-711 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-711 -j ACCEPT
- inet6/filter/limit-711 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-711 -j ACCEPT
inet/filter/limit-711 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-711
+ inet6/filter/limit-711 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-711 -j ACCEPT
inet6/filter/limit-711 -j DROP
Filter 713 {"conn-limit":{"count":150,"interval":5,"log":"none"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-712
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-712
inet/filter/limit-712 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-712 -j ACCEPT
- inet6/filter/limit-712 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-712 -j ACCEPT
inet/filter/limit-712 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-712
+ inet6/filter/limit-712 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-712 -j ACCEPT
inet6/filter/limit-712 -j DROP
Filter 714 {"action":"pass","conn-limit":{"count":150,"interval":5,"log":"none"},"in":"_fw","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-713
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-713
inet/filter/limit-713 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-713 -j RETURN
- inet6/filter/limit-713 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-713 -j RETURN
inet/filter/limit-713 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-713
+ inet6/filter/limit-713 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-713 -j RETURN
inet6/filter/limit-713 -j DROP
Filter 715 {"conn-limit":{"count":150,"interval":5,"log":"none"},"in":"_fw","log":true,"out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-714
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-714
inet/filter/limit-714 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-714 -j logaccept-13
- inet6/filter/limit-714 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-714 -j logaccept-13
+ inet/filter/limit-714 -j DROP
inet/filter/logaccept-13 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-13 -m limit --limit 1/second -j LOG
inet/filter/logaccept-13 -j ACCEPT
- inet6/filter/logaccept-13 -j ACCEPT
- inet/filter/limit-714 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-714
+ inet6/filter/limit-714 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-714 -j logaccept-13
inet6/filter/limit-714 -j DROP
+ inet6/filter/logaccept-13 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-13 -j ACCEPT
Filter 716 {"conn-limit":{"count":150,"interval":5,"log":"none"},"in":"_fw","log":"none","out":"B"}
(filter-limit)
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-715
- inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-715
inet/filter/limit-715 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-715 -j ACCEPT
- inet6/filter/limit-715 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-715 -j ACCEPT
inet/filter/limit-715 -j DROP
+ inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-715
+ inet6/filter/limit-715 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-715 -j ACCEPT
inet6/filter/limit-715 -j DROP
Filter 717 {"flow-limit":1}
(filter-limit)
inet/filter/FORWARD -j limit-716
- inet6/filter/FORWARD -j limit-716
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-716
- inet6/filter/INPUT -j limit-716
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-716
- inet6/filter/OUTPUT -j limit-716
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-716 -m recent --name limit-716 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-228
- inet6/filter/limit-716 -m recent --name limit-716 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-228
+ inet/filter/limit-716 -m recent --name limit-716 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-228 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-228 -m limit --limit 1/second -j LOG
inet/filter/logdrop-228 -j DROP
- inet6/filter/logdrop-228 -j DROP
- inet/filter/limit-716 -m recent --name limit-716 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-716 -m recent --name limit-716 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-716
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-716
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-716
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-716 -m recent --name limit-716 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-228
+ inet6/filter/limit-716 -m recent --name limit-716 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-228 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-228 -j DROP
Filter 718 {"action":"pass","flow-limit":1}
(filter-limit)
inet/filter/FORWARD -j limit-717
- inet6/filter/FORWARD -j limit-717
inet/filter/INPUT -j limit-717
- inet6/filter/INPUT -j limit-717
inet/filter/OUTPUT -j limit-717
- inet6/filter/OUTPUT -j limit-717
inet/filter/limit-717 -m recent --name limit-717 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-229
- inet6/filter/limit-717 -m recent --name limit-717 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-229
+ inet/filter/limit-717 -m recent --name limit-717 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-229 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-229 -m limit --limit 1/second -j LOG
inet/filter/logdrop-229 -j DROP
- inet6/filter/logdrop-229 -j DROP
- inet/filter/limit-717 -m recent --name limit-717 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-717
+ inet6/filter/INPUT -j limit-717
+ inet6/filter/OUTPUT -j limit-717
+ inet6/filter/limit-717 -m recent --name limit-717 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-229
inet6/filter/limit-717 -m recent --name limit-717 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-229 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-229 -j DROP
Filter 719 {"flow-limit":1,"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-718
- inet6/filter/FORWARD -j limit-718
+ inet/filter/FORWARD -j logaccept-final-0
inet/filter/INPUT -j limit-718
- inet6/filter/INPUT -j limit-718
+ inet/filter/INPUT -j logaccept-final-0
inet/filter/OUTPUT -j limit-718
- inet6/filter/OUTPUT -j limit-718
+ inet/filter/OUTPUT -j logaccept-final-0
inet/filter/limit-718 -m recent --name limit-718 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-230
- inet6/filter/limit-718 -m recent --name limit-718 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-230
+ inet/filter/limit-718 -m recent --name limit-718 --rsource --mask 255.255.255.255 --set
+ inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-0 -j ACCEPT
inet/filter/logdrop-230 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-230 -m limit --limit 1/second -j LOG
inet/filter/logdrop-230 -j DROP
- inet6/filter/logdrop-230 -j DROP
- inet/filter/limit-718 -m recent --name limit-718 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-718 -m recent --name limit-718 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-0
+ inet6/filter/FORWARD -j limit-718
inet6/filter/FORWARD -j logaccept-final-0
- inet/filter/INPUT -j logaccept-final-0
+ inet6/filter/INPUT -j limit-718
inet6/filter/INPUT -j logaccept-final-0
- inet/filter/OUTPUT -j logaccept-final-0
+ inet6/filter/OUTPUT -j limit-718
inet6/filter/OUTPUT -j logaccept-final-0
- inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-718 -m recent --name limit-718 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-230
+ inet6/filter/limit-718 -m recent --name limit-718 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-0 -j ACCEPT
inet6/filter/logaccept-final-0 -j ACCEPT
+ inet6/filter/logdrop-230 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-230 -j DROP
Filter 720 {"action":"pass","flow-limit":1,"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-719
- inet6/filter/FORWARD -j limit-719
inet/filter/INPUT -j limit-719
- inet6/filter/INPUT -j limit-719
inet/filter/OUTPUT -j limit-719
- inet6/filter/OUTPUT -j limit-719
inet/filter/limit-719 -m recent --name limit-719 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-231
- inet6/filter/limit-719 -m recent --name limit-719 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-231
+ inet/filter/limit-719 -m recent --name limit-719 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-231 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-231 -m limit --limit 1/second -j LOG
inet/filter/logdrop-231 -j DROP
- inet6/filter/logdrop-231 -j DROP
- inet/filter/limit-719 -m recent --name limit-719 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-719
+ inet6/filter/INPUT -j limit-719
+ inet6/filter/OUTPUT -j limit-719
+ inet6/filter/limit-719 -m recent --name limit-719 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-231
inet6/filter/limit-719 -m recent --name limit-719 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-231 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-231 -j DROP
Filter 721 {"flow-limit":1,"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-720
- inet6/filter/FORWARD -j limit-720
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-720
- inet6/filter/INPUT -j limit-720
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-720
- inet6/filter/OUTPUT -j limit-720
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-720 -m recent --name limit-720 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-232
- inet6/filter/limit-720 -m recent --name limit-720 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-232
+ inet/filter/limit-720 -m recent --name limit-720 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-232 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-232 -m limit --limit 1/second -j LOG
inet/filter/logdrop-232 -j DROP
- inet6/filter/logdrop-232 -j DROP
- inet/filter/limit-720 -m recent --name limit-720 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-720 -m recent --name limit-720 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-720
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-720
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-720
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-720 -m recent --name limit-720 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-232
+ inet6/filter/limit-720 -m recent --name limit-720 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-232 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-232 -j DROP
Filter 722 {"action":"pass","flow-limit":1,"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-721
- inet6/filter/FORWARD -j limit-721
inet/filter/INPUT -j limit-721
- inet6/filter/INPUT -j limit-721
inet/filter/OUTPUT -j limit-721
- inet6/filter/OUTPUT -j limit-721
inet/filter/limit-721 -m recent --name limit-721 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-233
- inet6/filter/limit-721 -m recent --name limit-721 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-233
+ inet/filter/limit-721 -m recent --name limit-721 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-233 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-233 -m limit --limit 1/second -j LOG
inet/filter/logdrop-233 -j DROP
- inet6/filter/logdrop-233 -j DROP
- inet/filter/limit-721 -m recent --name limit-721 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-721
+ inet6/filter/INPUT -j limit-721
+ inet6/filter/OUTPUT -j limit-721
+ inet6/filter/limit-721 -m recent --name limit-721 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-233
inet6/filter/limit-721 -m recent --name limit-721 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-233 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-233 -j DROP
Filter 723 {"flow-limit":{}}
(filter-limit)
inet/filter/FORWARD -j limit-722
- inet6/filter/FORWARD -j limit-722
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-722
- inet6/filter/INPUT -j limit-722
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-722
- inet6/filter/OUTPUT -j limit-722
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-722 -m recent --name limit-722 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-234
- inet6/filter/limit-722 -m recent --name limit-722 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-234
+ inet/filter/limit-722 -m recent --name limit-722 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-234 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-234 -m limit --limit 1/second -j LOG
inet/filter/logdrop-234 -j DROP
- inet6/filter/logdrop-234 -j DROP
- inet/filter/limit-722 -m recent --name limit-722 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-722 -m recent --name limit-722 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-722
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-722
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-722
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-722 -m recent --name limit-722 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-234
+ inet6/filter/limit-722 -m recent --name limit-722 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-234 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-234 -j DROP
Filter 724 {"action":"pass","flow-limit":{}}
(filter-limit)
inet/filter/FORWARD -j limit-723
- inet6/filter/FORWARD -j limit-723
inet/filter/INPUT -j limit-723
- inet6/filter/INPUT -j limit-723
inet/filter/OUTPUT -j limit-723
- inet6/filter/OUTPUT -j limit-723
inet/filter/limit-723 -m recent --name limit-723 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-235
- inet6/filter/limit-723 -m recent --name limit-723 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-235
+ inet/filter/limit-723 -m recent --name limit-723 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-235 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-235 -m limit --limit 1/second -j LOG
inet/filter/logdrop-235 -j DROP
- inet6/filter/logdrop-235 -j DROP
- inet/filter/limit-723 -m recent --name limit-723 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-723
+ inet6/filter/INPUT -j limit-723
+ inet6/filter/OUTPUT -j limit-723
+ inet6/filter/limit-723 -m recent --name limit-723 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-235
inet6/filter/limit-723 -m recent --name limit-723 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-235 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-235 -j DROP
Filter 725 {"flow-limit":{},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-724
- inet6/filter/FORWARD -j limit-724
+ inet/filter/FORWARD -j logaccept-final-1
inet/filter/INPUT -j limit-724
- inet6/filter/INPUT -j limit-724
+ inet/filter/INPUT -j logaccept-final-1
inet/filter/OUTPUT -j limit-724
- inet6/filter/OUTPUT -j limit-724
+ inet/filter/OUTPUT -j logaccept-final-1
inet/filter/limit-724 -m recent --name limit-724 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-236
- inet6/filter/limit-724 -m recent --name limit-724 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-236
+ inet/filter/limit-724 -m recent --name limit-724 --rsource --mask 255.255.255.255 --set
+ inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-1 -j ACCEPT
inet/filter/logdrop-236 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-236 -m limit --limit 1/second -j LOG
inet/filter/logdrop-236 -j DROP
- inet6/filter/logdrop-236 -j DROP
- inet/filter/limit-724 -m recent --name limit-724 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-724 -m recent --name limit-724 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-1
+ inet6/filter/FORWARD -j limit-724
inet6/filter/FORWARD -j logaccept-final-1
- inet/filter/INPUT -j logaccept-final-1
+ inet6/filter/INPUT -j limit-724
inet6/filter/INPUT -j logaccept-final-1
- inet/filter/OUTPUT -j logaccept-final-1
+ inet6/filter/OUTPUT -j limit-724
inet6/filter/OUTPUT -j logaccept-final-1
- inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-724 -m recent --name limit-724 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-236
+ inet6/filter/limit-724 -m recent --name limit-724 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-1 -j ACCEPT
inet6/filter/logaccept-final-1 -j ACCEPT
+ inet6/filter/logdrop-236 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-236 -j DROP
Filter 726 {"action":"pass","flow-limit":{},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-725
- inet6/filter/FORWARD -j limit-725
inet/filter/INPUT -j limit-725
- inet6/filter/INPUT -j limit-725
inet/filter/OUTPUT -j limit-725
- inet6/filter/OUTPUT -j limit-725
inet/filter/limit-725 -m recent --name limit-725 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-237
- inet6/filter/limit-725 -m recent --name limit-725 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-237
+ inet/filter/limit-725 -m recent --name limit-725 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-237 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-237 -m limit --limit 1/second -j LOG
inet/filter/logdrop-237 -j DROP
- inet6/filter/logdrop-237 -j DROP
- inet/filter/limit-725 -m recent --name limit-725 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-725
+ inet6/filter/INPUT -j limit-725
+ inet6/filter/OUTPUT -j limit-725
+ inet6/filter/limit-725 -m recent --name limit-725 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-237
inet6/filter/limit-725 -m recent --name limit-725 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-237 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-237 -j DROP
Filter 727 {"flow-limit":{},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-726
- inet6/filter/FORWARD -j limit-726
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-726
- inet6/filter/INPUT -j limit-726
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-726
- inet6/filter/OUTPUT -j limit-726
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-726 -m recent --name limit-726 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-238
- inet6/filter/limit-726 -m recent --name limit-726 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-238
+ inet/filter/limit-726 -m recent --name limit-726 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-238 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-238 -m limit --limit 1/second -j LOG
inet/filter/logdrop-238 -j DROP
- inet6/filter/logdrop-238 -j DROP
- inet/filter/limit-726 -m recent --name limit-726 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-726 -m recent --name limit-726 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-726
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-726
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-726
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-726 -m recent --name limit-726 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-238
+ inet6/filter/limit-726 -m recent --name limit-726 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-238 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-238 -j DROP
Filter 728 {"action":"pass","flow-limit":{},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-727
- inet6/filter/FORWARD -j limit-727
inet/filter/INPUT -j limit-727
- inet6/filter/INPUT -j limit-727
inet/filter/OUTPUT -j limit-727
- inet6/filter/OUTPUT -j limit-727
inet/filter/limit-727 -m recent --name limit-727 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-239
- inet6/filter/limit-727 -m recent --name limit-727 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-239
+ inet/filter/limit-727 -m recent --name limit-727 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-239 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-239 -m limit --limit 1/second -j LOG
inet/filter/logdrop-239 -j DROP
- inet6/filter/logdrop-239 -j DROP
- inet/filter/limit-727 -m recent --name limit-727 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-727
+ inet6/filter/INPUT -j limit-727
+ inet6/filter/OUTPUT -j limit-727
+ inet6/filter/limit-727 -m recent --name limit-727 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-239
inet6/filter/limit-727 -m recent --name limit-727 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-239 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-239 -j DROP
Filter 729 {"flow-limit":{"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-728
- inet6/filter/FORWARD -j limit-728
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-728
- inet6/filter/INPUT -j limit-728
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-728
- inet6/filter/OUTPUT -j limit-728
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-728 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-240
- inet6/filter/limit-728 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-240
+ inet/filter/limit-728 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-240 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-240 -m limit --limit 1/second -j LOG
inet/filter/logdrop-240 -j DROP
- inet6/filter/logdrop-240 -j DROP
- inet/filter/limit-728 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-728 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-728
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-728
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-728
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-728 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-240
+ inet6/filter/limit-728 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-240 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-240 -j DROP
Filter 730 {"action":"pass","flow-limit":{"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-729
- inet6/filter/FORWARD -j limit-729
inet/filter/INPUT -j limit-729
- inet6/filter/INPUT -j limit-729
inet/filter/OUTPUT -j limit-729
- inet6/filter/OUTPUT -j limit-729
inet/filter/limit-729 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-241
- inet6/filter/limit-729 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-241
+ inet/filter/limit-729 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-241 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-241 -m limit --limit 1/second -j LOG
inet/filter/logdrop-241 -j DROP
- inet6/filter/logdrop-241 -j DROP
- inet/filter/limit-729 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-729
+ inet6/filter/INPUT -j limit-729
+ inet6/filter/OUTPUT -j limit-729
+ inet6/filter/limit-729 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-241
inet6/filter/limit-729 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-241 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-241 -j DROP
Filter 731 {"flow-limit":{"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-730
- inet6/filter/FORWARD -j limit-730
+ inet/filter/FORWARD -j logaccept-final-2
inet/filter/INPUT -j limit-730
- inet6/filter/INPUT -j limit-730
+ inet/filter/INPUT -j logaccept-final-2
inet/filter/OUTPUT -j limit-730
- inet6/filter/OUTPUT -j limit-730
+ inet/filter/OUTPUT -j logaccept-final-2
inet/filter/limit-730 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-242
- inet6/filter/limit-730 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-242
+ inet/filter/limit-730 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-2 -j ACCEPT
inet/filter/logdrop-242 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-242 -m limit --limit 1/second -j LOG
inet/filter/logdrop-242 -j DROP
- inet6/filter/logdrop-242 -j DROP
- inet/filter/limit-730 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-730 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-2
+ inet6/filter/FORWARD -j limit-730
inet6/filter/FORWARD -j logaccept-final-2
- inet/filter/INPUT -j logaccept-final-2
+ inet6/filter/INPUT -j limit-730
inet6/filter/INPUT -j logaccept-final-2
- inet/filter/OUTPUT -j logaccept-final-2
+ inet6/filter/OUTPUT -j limit-730
inet6/filter/OUTPUT -j logaccept-final-2
- inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-730 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-242
+ inet6/filter/limit-730 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-2 -j ACCEPT
inet6/filter/logaccept-final-2 -j ACCEPT
+ inet6/filter/logdrop-242 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-242 -j DROP
Filter 732 {"action":"pass","flow-limit":{"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-731
- inet6/filter/FORWARD -j limit-731
inet/filter/INPUT -j limit-731
- inet6/filter/INPUT -j limit-731
inet/filter/OUTPUT -j limit-731
- inet6/filter/OUTPUT -j limit-731
inet/filter/limit-731 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-243
- inet6/filter/limit-731 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-243
+ inet/filter/limit-731 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-243 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-243 -m limit --limit 1/second -j LOG
inet/filter/logdrop-243 -j DROP
- inet6/filter/logdrop-243 -j DROP
- inet/filter/limit-731 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-731
+ inet6/filter/INPUT -j limit-731
+ inet6/filter/OUTPUT -j limit-731
+ inet6/filter/limit-731 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-243
inet6/filter/limit-731 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-243 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-243 -j DROP
Filter 733 {"flow-limit":{"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-732
- inet6/filter/FORWARD -j limit-732
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-732
- inet6/filter/INPUT -j limit-732
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-732
- inet6/filter/OUTPUT -j limit-732
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-732 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-244
- inet6/filter/limit-732 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-244
+ inet/filter/limit-732 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-244 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-244 -m limit --limit 1/second -j LOG
inet/filter/logdrop-244 -j DROP
- inet6/filter/logdrop-244 -j DROP
- inet/filter/limit-732 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-732 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-732
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-732
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-732
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-732 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-244
+ inet6/filter/limit-732 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-244 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-244 -j DROP
Filter 734 {"action":"pass","flow-limit":{"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-733
- inet6/filter/FORWARD -j limit-733
inet/filter/INPUT -j limit-733
- inet6/filter/INPUT -j limit-733
inet/filter/OUTPUT -j limit-733
- inet6/filter/OUTPUT -j limit-733
inet/filter/limit-733 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-245
- inet6/filter/limit-733 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-245
+ inet/filter/limit-733 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-245 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-245 -m limit --limit 1/second -j LOG
inet/filter/logdrop-245 -j DROP
- inet6/filter/logdrop-245 -j DROP
- inet/filter/limit-733 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-733
+ inet6/filter/INPUT -j limit-733
+ inet6/filter/OUTPUT -j limit-733
+ inet6/filter/limit-733 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-245
inet6/filter/limit-733 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-245 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-245 -j DROP
Filter 735 {"flow-limit":{"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-734
- inet6/filter/FORWARD -j limit-734
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-734
- inet6/filter/INPUT -j limit-734
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-734
- inet6/filter/OUTPUT -j limit-734
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-734 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-246
- inet6/filter/limit-734 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-246
inet/filter/logdrop-246 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-246 -m limit --limit 1/second -j LOG
inet/filter/logdrop-246 -j DROP
- inet6/filter/logdrop-246 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-734
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-734
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-734
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-734 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-246
+ inet6/filter/logdrop-246 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-246 -j DROP
Filter 736 {"action":"pass","flow-limit":{"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-735
- inet6/filter/FORWARD -j limit-735
inet/filter/INPUT -j limit-735
- inet6/filter/INPUT -j limit-735
inet/filter/OUTPUT -j limit-735
- inet6/filter/OUTPUT -j limit-735
inet/filter/limit-735 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-247
- inet6/filter/limit-735 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-247
inet/filter/logdrop-247 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-247 -m limit --limit 1/second -j LOG
inet/filter/logdrop-247 -j DROP
+ inet6/filter/FORWARD -j limit-735
+ inet6/filter/INPUT -j limit-735
+ inet6/filter/OUTPUT -j limit-735
+ inet6/filter/limit-735 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-247
+ inet6/filter/logdrop-247 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-247 -j DROP
Filter 737 {"flow-limit":{"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-736
- inet6/filter/FORWARD -j limit-736
+ inet/filter/FORWARD -j logaccept-final-3
inet/filter/INPUT -j limit-736
- inet6/filter/INPUT -j limit-736
+ inet/filter/INPUT -j logaccept-final-3
inet/filter/OUTPUT -j limit-736
- inet6/filter/OUTPUT -j limit-736
+ inet/filter/OUTPUT -j logaccept-final-3
inet/filter/limit-736 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-248
- inet6/filter/limit-736 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-248
+ inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-3 -j ACCEPT
inet/filter/logdrop-248 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-248 -m limit --limit 1/second -j LOG
inet/filter/logdrop-248 -j DROP
- inet6/filter/logdrop-248 -j DROP
- inet/filter/FORWARD -j logaccept-final-3
+ inet6/filter/FORWARD -j limit-736
inet6/filter/FORWARD -j logaccept-final-3
- inet/filter/INPUT -j logaccept-final-3
+ inet6/filter/INPUT -j limit-736
inet6/filter/INPUT -j logaccept-final-3
- inet/filter/OUTPUT -j logaccept-final-3
+ inet6/filter/OUTPUT -j limit-736
inet6/filter/OUTPUT -j logaccept-final-3
- inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-736 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-248
inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-3 -j ACCEPT
inet6/filter/logaccept-final-3 -j ACCEPT
+ inet6/filter/logdrop-248 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-248 -j DROP
Filter 738 {"action":"pass","flow-limit":{"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-737
- inet6/filter/FORWARD -j limit-737
inet/filter/INPUT -j limit-737
- inet6/filter/INPUT -j limit-737
inet/filter/OUTPUT -j limit-737
- inet6/filter/OUTPUT -j limit-737
inet/filter/limit-737 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-249
- inet6/filter/limit-737 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-249
+ inet/filter/limit-737 -m limit --limit 1/second -j LOG
inet/filter/logdrop-249 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-249 -m limit --limit 1/second -j LOG
inet/filter/logdrop-249 -j DROP
- inet6/filter/logdrop-249 -j DROP
- inet/filter/limit-737 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-737
+ inet6/filter/INPUT -j limit-737
+ inet6/filter/OUTPUT -j limit-737
+ inet6/filter/limit-737 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-249
inet6/filter/limit-737 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-249 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-249 -j DROP
Filter 739 {"flow-limit":{"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-738
- inet6/filter/FORWARD -j limit-738
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-738
- inet6/filter/INPUT -j limit-738
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-738
- inet6/filter/OUTPUT -j limit-738
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-738 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-250
- inet6/filter/limit-738 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-250
inet/filter/logdrop-250 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-250 -m limit --limit 1/second -j LOG
inet/filter/logdrop-250 -j DROP
- inet6/filter/logdrop-250 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-738
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-738
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-738
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-738 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-250
+ inet6/filter/logdrop-250 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-250 -j DROP
Filter 740 {"action":"pass","flow-limit":{"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-739
- inet6/filter/FORWARD -j limit-739
inet/filter/INPUT -j limit-739
- inet6/filter/INPUT -j limit-739
inet/filter/OUTPUT -j limit-739
- inet6/filter/OUTPUT -j limit-739
inet/filter/limit-739 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-251
- inet6/filter/limit-739 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-251
inet/filter/logdrop-251 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-251 -m limit --limit 1/second -j LOG
inet/filter/logdrop-251 -j DROP
+ inet6/filter/FORWARD -j limit-739
+ inet6/filter/INPUT -j limit-739
+ inet6/filter/OUTPUT -j limit-739
+ inet6/filter/limit-739 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-251
+ inet6/filter/logdrop-251 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-251 -j DROP
Filter 741 {"flow-limit":{"addr":"dest","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-740
- inet6/filter/FORWARD -j limit-740
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-740
- inet6/filter/INPUT -j limit-740
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-740
- inet6/filter/OUTPUT -j limit-740
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-740 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-252
- inet6/filter/limit-740 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-252
+ inet/filter/limit-740 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-252 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-252 -m limit --limit 1/second -j LOG
inet/filter/logdrop-252 -j DROP
- inet6/filter/logdrop-252 -j DROP
- inet/filter/limit-740 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-740 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-740
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-740
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-740
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-740 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-252
+ inet6/filter/limit-740 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-252 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-252 -j DROP
Filter 742 {"action":"pass","flow-limit":{"addr":"dest","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-741
- inet6/filter/FORWARD -j limit-741
inet/filter/INPUT -j limit-741
- inet6/filter/INPUT -j limit-741
inet/filter/OUTPUT -j limit-741
- inet6/filter/OUTPUT -j limit-741
inet/filter/limit-741 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-253
- inet6/filter/limit-741 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-253
+ inet/filter/limit-741 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-253 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-253 -m limit --limit 1/second -j LOG
inet/filter/logdrop-253 -j DROP
- inet6/filter/logdrop-253 -j DROP
- inet/filter/limit-741 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-741
+ inet6/filter/INPUT -j limit-741
+ inet6/filter/OUTPUT -j limit-741
+ inet6/filter/limit-741 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-253
inet6/filter/limit-741 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-253 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-253 -j DROP
Filter 743 {"flow-limit":{"addr":"dest","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-742
- inet6/filter/FORWARD -j limit-742
+ inet/filter/FORWARD -j logaccept-final-4
inet/filter/INPUT -j limit-742
- inet6/filter/INPUT -j limit-742
+ inet/filter/INPUT -j logaccept-final-4
inet/filter/OUTPUT -j limit-742
- inet6/filter/OUTPUT -j limit-742
+ inet/filter/OUTPUT -j logaccept-final-4
inet/filter/limit-742 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-254
- inet6/filter/limit-742 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-254
+ inet/filter/limit-742 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-4 -j ACCEPT
inet/filter/logdrop-254 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-254 -m limit --limit 1/second -j LOG
inet/filter/logdrop-254 -j DROP
- inet6/filter/logdrop-254 -j DROP
- inet/filter/limit-742 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-742 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-4
+ inet6/filter/FORWARD -j limit-742
inet6/filter/FORWARD -j logaccept-final-4
- inet/filter/INPUT -j logaccept-final-4
+ inet6/filter/INPUT -j limit-742
inet6/filter/INPUT -j logaccept-final-4
- inet/filter/OUTPUT -j logaccept-final-4
+ inet6/filter/OUTPUT -j limit-742
inet6/filter/OUTPUT -j logaccept-final-4
- inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-742 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-254
+ inet6/filter/limit-742 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-4 -j ACCEPT
inet6/filter/logaccept-final-4 -j ACCEPT
+ inet6/filter/logdrop-254 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-254 -j DROP
Filter 744 {"action":"pass","flow-limit":{"addr":"dest","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-743
- inet6/filter/FORWARD -j limit-743
inet/filter/INPUT -j limit-743
- inet6/filter/INPUT -j limit-743
inet/filter/OUTPUT -j limit-743
- inet6/filter/OUTPUT -j limit-743
inet/filter/limit-743 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-255
- inet6/filter/limit-743 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-255
+ inet/filter/limit-743 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-255 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-255 -m limit --limit 1/second -j LOG
inet/filter/logdrop-255 -j DROP
- inet6/filter/logdrop-255 -j DROP
- inet/filter/limit-743 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-743
+ inet6/filter/INPUT -j limit-743
+ inet6/filter/OUTPUT -j limit-743
+ inet6/filter/limit-743 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-255
inet6/filter/limit-743 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-255 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-255 -j DROP
Filter 745 {"flow-limit":{"addr":"dest","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-744
- inet6/filter/FORWARD -j limit-744
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-744
- inet6/filter/INPUT -j limit-744
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-744
- inet6/filter/OUTPUT -j limit-744
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-744 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-256
- inet6/filter/limit-744 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-256
+ inet/filter/limit-744 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-256 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-256 -m limit --limit 1/second -j LOG
inet/filter/logdrop-256 -j DROP
- inet6/filter/logdrop-256 -j DROP
- inet/filter/limit-744 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-744 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-744
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-744
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-744
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-744 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-256
+ inet6/filter/limit-744 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-256 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-256 -j DROP
Filter 746 {"action":"pass","flow-limit":{"addr":"dest","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-745
- inet6/filter/FORWARD -j limit-745
inet/filter/INPUT -j limit-745
- inet6/filter/INPUT -j limit-745
inet/filter/OUTPUT -j limit-745
- inet6/filter/OUTPUT -j limit-745
inet/filter/limit-745 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-257
- inet6/filter/limit-745 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-257
+ inet/filter/limit-745 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-257 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-257 -m limit --limit 1/second -j LOG
inet/filter/logdrop-257 -j DROP
- inet6/filter/logdrop-257 -j DROP
- inet/filter/limit-745 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-745
+ inet6/filter/INPUT -j limit-745
+ inet6/filter/OUTPUT -j limit-745
+ inet6/filter/limit-745 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-257
inet6/filter/limit-745 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-257 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-257 -j DROP
Filter 747 {"flow-limit":{"addr":"dest","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-746
- inet6/filter/FORWARD -j limit-746
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-746
- inet6/filter/INPUT -j limit-746
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-746
- inet6/filter/OUTPUT -j limit-746
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-746 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-258
- inet6/filter/limit-746 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-258
inet/filter/logdrop-258 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-258 -m limit --limit 1/second -j LOG
inet/filter/logdrop-258 -j DROP
- inet6/filter/logdrop-258 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-746
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-746
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-746
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-746 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-258
+ inet6/filter/logdrop-258 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-258 -j DROP
Filter 748 {"action":"pass","flow-limit":{"addr":"dest","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-747
- inet6/filter/FORWARD -j limit-747
inet/filter/INPUT -j limit-747
- inet6/filter/INPUT -j limit-747
inet/filter/OUTPUT -j limit-747
- inet6/filter/OUTPUT -j limit-747
inet/filter/limit-747 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-259
- inet6/filter/limit-747 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-259
inet/filter/logdrop-259 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-259 -m limit --limit 1/second -j LOG
inet/filter/logdrop-259 -j DROP
+ inet6/filter/FORWARD -j limit-747
+ inet6/filter/INPUT -j limit-747
+ inet6/filter/OUTPUT -j limit-747
+ inet6/filter/limit-747 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-259
+ inet6/filter/logdrop-259 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-259 -j DROP
Filter 749 {"flow-limit":{"addr":"dest","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-748
- inet6/filter/FORWARD -j limit-748
+ inet/filter/FORWARD -j logaccept-final-5
inet/filter/INPUT -j limit-748
- inet6/filter/INPUT -j limit-748
+ inet/filter/INPUT -j logaccept-final-5
inet/filter/OUTPUT -j limit-748
- inet6/filter/OUTPUT -j limit-748
+ inet/filter/OUTPUT -j logaccept-final-5
inet/filter/limit-748 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-260
- inet6/filter/limit-748 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-260
+ inet/filter/logaccept-final-5 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-5 -j ACCEPT
inet/filter/logdrop-260 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-260 -m limit --limit 1/second -j LOG
inet/filter/logdrop-260 -j DROP
- inet6/filter/logdrop-260 -j DROP
- inet/filter/FORWARD -j logaccept-final-5
+ inet6/filter/FORWARD -j limit-748
inet6/filter/FORWARD -j logaccept-final-5
- inet/filter/INPUT -j logaccept-final-5
+ inet6/filter/INPUT -j limit-748
inet6/filter/INPUT -j logaccept-final-5
- inet/filter/OUTPUT -j logaccept-final-5
+ inet6/filter/OUTPUT -j limit-748
inet6/filter/OUTPUT -j logaccept-final-5
- inet/filter/logaccept-final-5 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-748 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-260
inet6/filter/logaccept-final-5 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-5 -j ACCEPT
inet6/filter/logaccept-final-5 -j ACCEPT
+ inet6/filter/logdrop-260 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-260 -j DROP
Filter 750 {"action":"pass","flow-limit":{"addr":"dest","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-749
- inet6/filter/FORWARD -j limit-749
inet/filter/INPUT -j limit-749
- inet6/filter/INPUT -j limit-749
inet/filter/OUTPUT -j limit-749
- inet6/filter/OUTPUT -j limit-749
inet/filter/limit-749 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-261
- inet6/filter/limit-749 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-261
+ inet/filter/limit-749 -m limit --limit 1/second -j LOG
inet/filter/logdrop-261 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-261 -m limit --limit 1/second -j LOG
inet/filter/logdrop-261 -j DROP
- inet6/filter/logdrop-261 -j DROP
- inet/filter/limit-749 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-749
+ inet6/filter/INPUT -j limit-749
+ inet6/filter/OUTPUT -j limit-749
+ inet6/filter/limit-749 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-261
inet6/filter/limit-749 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-261 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-261 -j DROP
Filter 751 {"flow-limit":{"addr":"dest","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-750
- inet6/filter/FORWARD -j limit-750
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-750
- inet6/filter/INPUT -j limit-750
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-750
- inet6/filter/OUTPUT -j limit-750
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-750 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-262
- inet6/filter/limit-750 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-262
inet/filter/logdrop-262 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-262 -m limit --limit 1/second -j LOG
inet/filter/logdrop-262 -j DROP
- inet6/filter/logdrop-262 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-750
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-750
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-750
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-750 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-262
+ inet6/filter/logdrop-262 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-262 -j DROP
Filter 752 {"action":"pass","flow-limit":{"addr":"dest","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-751
- inet6/filter/FORWARD -j limit-751
inet/filter/INPUT -j limit-751
- inet6/filter/INPUT -j limit-751
inet/filter/OUTPUT -j limit-751
- inet6/filter/OUTPUT -j limit-751
inet/filter/limit-751 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-263
- inet6/filter/limit-751 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-263
inet/filter/logdrop-263 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-263 -m limit --limit 1/second -j LOG
inet/filter/logdrop-263 -j DROP
+ inet6/filter/FORWARD -j limit-751
+ inet6/filter/INPUT -j limit-751
+ inet6/filter/OUTPUT -j limit-751
+ inet6/filter/limit-751 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-263
+ inet6/filter/logdrop-263 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-263 -j DROP
Filter 753 {"flow-limit":{"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-752
- inet6/filter/FORWARD -j limit-752
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-752
- inet6/filter/INPUT -j limit-752
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-752
- inet6/filter/OUTPUT -j limit-752
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-752 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-264
- inet6/filter/limit-752 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-264
+ inet/filter/limit-752 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-264 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-264 -m limit --limit 1/second -j LOG
inet/filter/logdrop-264 -j DROP
- inet6/filter/logdrop-264 -j DROP
- inet/filter/limit-752 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-752 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-752
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-752
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-752
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-752 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-264
+ inet6/filter/limit-752 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-264 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-264 -j DROP
Filter 754 {"action":"pass","flow-limit":{"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-753
- inet6/filter/FORWARD -j limit-753
inet/filter/INPUT -j limit-753
- inet6/filter/INPUT -j limit-753
inet/filter/OUTPUT -j limit-753
- inet6/filter/OUTPUT -j limit-753
inet/filter/limit-753 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-265
- inet6/filter/limit-753 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-265
+ inet/filter/limit-753 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-265 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-265 -m limit --limit 1/second -j LOG
inet/filter/logdrop-265 -j DROP
- inet6/filter/logdrop-265 -j DROP
- inet/filter/limit-753 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-753
+ inet6/filter/INPUT -j limit-753
+ inet6/filter/OUTPUT -j limit-753
+ inet6/filter/limit-753 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-265
inet6/filter/limit-753 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-265 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-265 -j DROP
Filter 755 {"flow-limit":{"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-754
- inet6/filter/FORWARD -j limit-754
+ inet/filter/FORWARD -j logaccept-final-6
inet/filter/INPUT -j limit-754
- inet6/filter/INPUT -j limit-754
+ inet/filter/INPUT -j logaccept-final-6
inet/filter/OUTPUT -j limit-754
- inet6/filter/OUTPUT -j limit-754
+ inet/filter/OUTPUT -j logaccept-final-6
inet/filter/limit-754 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-266
- inet6/filter/limit-754 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-266
+ inet/filter/limit-754 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-6 -j ACCEPT
inet/filter/logdrop-266 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-266 -m limit --limit 1/second -j LOG
inet/filter/logdrop-266 -j DROP
- inet6/filter/logdrop-266 -j DROP
- inet/filter/limit-754 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-754 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-6
+ inet6/filter/FORWARD -j limit-754
inet6/filter/FORWARD -j logaccept-final-6
- inet/filter/INPUT -j logaccept-final-6
+ inet6/filter/INPUT -j limit-754
inet6/filter/INPUT -j logaccept-final-6
- inet/filter/OUTPUT -j logaccept-final-6
+ inet6/filter/OUTPUT -j limit-754
inet6/filter/OUTPUT -j logaccept-final-6
- inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-754 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-266
+ inet6/filter/limit-754 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logaccept-final-6 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-6 -j ACCEPT
inet6/filter/logaccept-final-6 -j ACCEPT
+ inet6/filter/logdrop-266 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-266 -j DROP
Filter 756 {"action":"pass","flow-limit":{"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-755
- inet6/filter/FORWARD -j limit-755
inet/filter/INPUT -j limit-755
- inet6/filter/INPUT -j limit-755
inet/filter/OUTPUT -j limit-755
- inet6/filter/OUTPUT -j limit-755
inet/filter/limit-755 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-267
- inet6/filter/limit-755 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-267
+ inet/filter/limit-755 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-267 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-267 -m limit --limit 1/second -j LOG
inet/filter/logdrop-267 -j DROP
- inet6/filter/logdrop-267 -j DROP
- inet/filter/limit-755 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-755
+ inet6/filter/INPUT -j limit-755
+ inet6/filter/OUTPUT -j limit-755
+ inet6/filter/limit-755 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-267
inet6/filter/limit-755 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-267 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-267 -j DROP
Filter 757 {"flow-limit":{"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-756
- inet6/filter/FORWARD -j limit-756
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-756
- inet6/filter/INPUT -j limit-756
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-756
- inet6/filter/OUTPUT -j limit-756
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-756 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-268
- inet6/filter/limit-756 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-268
+ inet/filter/limit-756 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-268 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-268 -m limit --limit 1/second -j LOG
inet/filter/logdrop-268 -j DROP
- inet6/filter/logdrop-268 -j DROP
- inet/filter/limit-756 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-756 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-756
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-756
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-756
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-756 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-268
+ inet6/filter/limit-756 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-268 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-268 -j DROP
Filter 758 {"action":"pass","flow-limit":{"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-757
- inet6/filter/FORWARD -j limit-757
inet/filter/INPUT -j limit-757
- inet6/filter/INPUT -j limit-757
inet/filter/OUTPUT -j limit-757
- inet6/filter/OUTPUT -j limit-757
inet/filter/limit-757 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-269
- inet6/filter/limit-757 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-269
+ inet/filter/limit-757 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-269 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-269 -m limit --limit 1/second -j LOG
inet/filter/logdrop-269 -j DROP
- inet6/filter/logdrop-269 -j DROP
- inet/filter/limit-757 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-757
+ inet6/filter/INPUT -j limit-757
+ inet6/filter/OUTPUT -j limit-757
+ inet6/filter/limit-757 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-269
inet6/filter/limit-757 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-269 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-269 -j DROP
Filter 759 {"flow-limit":{"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-758
- inet6/filter/FORWARD -j limit-758
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-758
- inet6/filter/INPUT -j limit-758
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-758
- inet6/filter/OUTPUT -j limit-758
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-758 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-270
- inet6/filter/limit-758 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-270
inet/filter/logdrop-270 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-270 -m limit --limit 1/second -j LOG
inet/filter/logdrop-270 -j DROP
- inet6/filter/logdrop-270 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-758
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-758
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-758
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-758 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-270
+ inet6/filter/logdrop-270 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-270 -j DROP
Filter 760 {"action":"pass","flow-limit":{"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-759
- inet6/filter/FORWARD -j limit-759
inet/filter/INPUT -j limit-759
- inet6/filter/INPUT -j limit-759
inet/filter/OUTPUT -j limit-759
- inet6/filter/OUTPUT -j limit-759
inet/filter/limit-759 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-271
- inet6/filter/limit-759 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-271
inet/filter/logdrop-271 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-271 -m limit --limit 1/second -j LOG
inet/filter/logdrop-271 -j DROP
+ inet6/filter/FORWARD -j limit-759
+ inet6/filter/INPUT -j limit-759
+ inet6/filter/OUTPUT -j limit-759
+ inet6/filter/limit-759 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-271
+ inet6/filter/logdrop-271 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-271 -j DROP
Filter 761 {"flow-limit":{"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-760
- inet6/filter/FORWARD -j limit-760
+ inet/filter/FORWARD -j logaccept-final-7
inet/filter/INPUT -j limit-760
- inet6/filter/INPUT -j limit-760
+ inet/filter/INPUT -j logaccept-final-7
inet/filter/OUTPUT -j limit-760
- inet6/filter/OUTPUT -j limit-760
+ inet/filter/OUTPUT -j logaccept-final-7
inet/filter/limit-760 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-272
- inet6/filter/limit-760 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-272
+ inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-7 -j ACCEPT
inet/filter/logdrop-272 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-272 -m limit --limit 1/second -j LOG
inet/filter/logdrop-272 -j DROP
- inet6/filter/logdrop-272 -j DROP
- inet/filter/FORWARD -j logaccept-final-7
+ inet6/filter/FORWARD -j limit-760
inet6/filter/FORWARD -j logaccept-final-7
- inet/filter/INPUT -j logaccept-final-7
+ inet6/filter/INPUT -j limit-760
inet6/filter/INPUT -j logaccept-final-7
- inet/filter/OUTPUT -j logaccept-final-7
+ inet6/filter/OUTPUT -j limit-760
inet6/filter/OUTPUT -j logaccept-final-7
- inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-760 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-272
inet6/filter/logaccept-final-7 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-7 -j ACCEPT
inet6/filter/logaccept-final-7 -j ACCEPT
+ inet6/filter/logdrop-272 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-272 -j DROP
Filter 762 {"action":"pass","flow-limit":{"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-761
- inet6/filter/FORWARD -j limit-761
inet/filter/INPUT -j limit-761
- inet6/filter/INPUT -j limit-761
inet/filter/OUTPUT -j limit-761
- inet6/filter/OUTPUT -j limit-761
inet/filter/limit-761 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-273
- inet6/filter/limit-761 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-273
+ inet/filter/limit-761 -m limit --limit 1/second -j LOG
inet/filter/logdrop-273 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-273 -m limit --limit 1/second -j LOG
inet/filter/logdrop-273 -j DROP
- inet6/filter/logdrop-273 -j DROP
- inet/filter/limit-761 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-761
+ inet6/filter/INPUT -j limit-761
+ inet6/filter/OUTPUT -j limit-761
+ inet6/filter/limit-761 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-273
inet6/filter/limit-761 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-273 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-273 -j DROP
Filter 763 {"flow-limit":{"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-762
- inet6/filter/FORWARD -j limit-762
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-762
- inet6/filter/INPUT -j limit-762
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-762
- inet6/filter/OUTPUT -j limit-762
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-762 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-274
- inet6/filter/limit-762 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-274
inet/filter/logdrop-274 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-274 -m limit --limit 1/second -j LOG
inet/filter/logdrop-274 -j DROP
- inet6/filter/logdrop-274 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-762
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-762
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-762
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-762 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-274
+ inet6/filter/logdrop-274 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-274 -j DROP
Filter 764 {"action":"pass","flow-limit":{"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-763
- inet6/filter/FORWARD -j limit-763
inet/filter/INPUT -j limit-763
- inet6/filter/INPUT -j limit-763
inet/filter/OUTPUT -j limit-763
- inet6/filter/OUTPUT -j limit-763
inet/filter/limit-763 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-275
- inet6/filter/limit-763 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-275
inet/filter/logdrop-275 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-275 -m limit --limit 1/second -j LOG
inet/filter/logdrop-275 -j DROP
+ inet6/filter/FORWARD -j limit-763
+ inet6/filter/INPUT -j limit-763
+ inet6/filter/OUTPUT -j limit-763
+ inet6/filter/limit-763 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-275
+ inet6/filter/logdrop-275 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-275 -j DROP
Filter 765 {"flow-limit":{"addr":"dest","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-764
- inet6/filter/FORWARD -j limit-764
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-764
- inet6/filter/INPUT -j limit-764
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-764
- inet6/filter/OUTPUT -j limit-764
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-764 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-276
- inet6/filter/limit-764 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-276
+ inet/filter/limit-764 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-276 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-276 -m limit --limit 1/second -j LOG
inet/filter/logdrop-276 -j DROP
- inet6/filter/logdrop-276 -j DROP
- inet/filter/limit-764 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-764 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-764
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-764
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-764
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-764 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-276
+ inet6/filter/limit-764 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-276 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-276 -j DROP
Filter 766 {"action":"pass","flow-limit":{"addr":"dest","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-765
- inet6/filter/FORWARD -j limit-765
inet/filter/INPUT -j limit-765
- inet6/filter/INPUT -j limit-765
inet/filter/OUTPUT -j limit-765
- inet6/filter/OUTPUT -j limit-765
inet/filter/limit-765 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-277
- inet6/filter/limit-765 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-277
+ inet/filter/limit-765 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-277 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-277 -m limit --limit 1/second -j LOG
inet/filter/logdrop-277 -j DROP
- inet6/filter/logdrop-277 -j DROP
- inet/filter/limit-765 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-765
+ inet6/filter/INPUT -j limit-765
+ inet6/filter/OUTPUT -j limit-765
+ inet6/filter/limit-765 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-277
inet6/filter/limit-765 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-277 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-277 -j DROP
Filter 767 {"flow-limit":{"addr":"dest","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-766
- inet6/filter/FORWARD -j limit-766
+ inet/filter/FORWARD -j logaccept-final-8
inet/filter/INPUT -j limit-766
- inet6/filter/INPUT -j limit-766
+ inet/filter/INPUT -j logaccept-final-8
inet/filter/OUTPUT -j limit-766
- inet6/filter/OUTPUT -j limit-766
+ inet/filter/OUTPUT -j logaccept-final-8
inet/filter/limit-766 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-278
- inet6/filter/limit-766 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-278
+ inet/filter/limit-766 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet/filter/logaccept-final-8 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-8 -j ACCEPT
inet/filter/logdrop-278 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-278 -m limit --limit 1/second -j LOG
inet/filter/logdrop-278 -j DROP
- inet6/filter/logdrop-278 -j DROP
- inet/filter/limit-766 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-766 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-8
+ inet6/filter/FORWARD -j limit-766
inet6/filter/FORWARD -j logaccept-final-8
- inet/filter/INPUT -j logaccept-final-8
+ inet6/filter/INPUT -j limit-766
inet6/filter/INPUT -j logaccept-final-8
- inet/filter/OUTPUT -j logaccept-final-8
+ inet6/filter/OUTPUT -j limit-766
inet6/filter/OUTPUT -j logaccept-final-8
- inet/filter/logaccept-final-8 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-766 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-278
+ inet6/filter/limit-766 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logaccept-final-8 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-8 -j ACCEPT
inet6/filter/logaccept-final-8 -j ACCEPT
+ inet6/filter/logdrop-278 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-278 -j DROP
Filter 768 {"action":"pass","flow-limit":{"addr":"dest","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-767
- inet6/filter/FORWARD -j limit-767
inet/filter/INPUT -j limit-767
- inet6/filter/INPUT -j limit-767
inet/filter/OUTPUT -j limit-767
- inet6/filter/OUTPUT -j limit-767
inet/filter/limit-767 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-279
- inet6/filter/limit-767 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-279
+ inet/filter/limit-767 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-279 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-279 -m limit --limit 1/second -j LOG
inet/filter/logdrop-279 -j DROP
- inet6/filter/logdrop-279 -j DROP
- inet/filter/limit-767 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-767
+ inet6/filter/INPUT -j limit-767
+ inet6/filter/OUTPUT -j limit-767
+ inet6/filter/limit-767 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-279
inet6/filter/limit-767 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-279 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-279 -j DROP
Filter 769 {"flow-limit":{"addr":"dest","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-768
- inet6/filter/FORWARD -j limit-768
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-768
- inet6/filter/INPUT -j limit-768
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-768
- inet6/filter/OUTPUT -j limit-768
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-768 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-280
- inet6/filter/limit-768 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-280
+ inet/filter/limit-768 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-280 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-280 -m limit --limit 1/second -j LOG
inet/filter/logdrop-280 -j DROP
- inet6/filter/logdrop-280 -j DROP
- inet/filter/limit-768 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-768 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-768
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-768
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-768
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-768 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-280
+ inet6/filter/limit-768 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-280 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-280 -j DROP
Filter 770 {"action":"pass","flow-limit":{"addr":"dest","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-769
- inet6/filter/FORWARD -j limit-769
inet/filter/INPUT -j limit-769
- inet6/filter/INPUT -j limit-769
inet/filter/OUTPUT -j limit-769
- inet6/filter/OUTPUT -j limit-769
inet/filter/limit-769 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-281
- inet6/filter/limit-769 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-281
+ inet/filter/limit-769 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-281 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-281 -m limit --limit 1/second -j LOG
inet/filter/logdrop-281 -j DROP
- inet6/filter/logdrop-281 -j DROP
- inet/filter/limit-769 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-769
+ inet6/filter/INPUT -j limit-769
+ inet6/filter/OUTPUT -j limit-769
+ inet6/filter/limit-769 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-281
inet6/filter/limit-769 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-281 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-281 -j DROP
Filter 771 {"flow-limit":{"addr":"dest","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-770
- inet6/filter/FORWARD -j limit-770
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-770
- inet6/filter/INPUT -j limit-770
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-770
- inet6/filter/OUTPUT -j limit-770
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-770 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-282
- inet6/filter/limit-770 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-282
inet/filter/logdrop-282 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-282 -m limit --limit 1/second -j LOG
inet/filter/logdrop-282 -j DROP
- inet6/filter/logdrop-282 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-770
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-770
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-770
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-770 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-282
+ inet6/filter/logdrop-282 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-282 -j DROP
Filter 772 {"action":"pass","flow-limit":{"addr":"dest","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-771
- inet6/filter/FORWARD -j limit-771
inet/filter/INPUT -j limit-771
- inet6/filter/INPUT -j limit-771
inet/filter/OUTPUT -j limit-771
- inet6/filter/OUTPUT -j limit-771
inet/filter/limit-771 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-283
- inet6/filter/limit-771 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-283
inet/filter/logdrop-283 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-283 -m limit --limit 1/second -j LOG
inet/filter/logdrop-283 -j DROP
+ inet6/filter/FORWARD -j limit-771
+ inet6/filter/INPUT -j limit-771
+ inet6/filter/OUTPUT -j limit-771
+ inet6/filter/limit-771 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-283
+ inet6/filter/logdrop-283 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-283 -j DROP
Filter 773 {"flow-limit":{"addr":"dest","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-772
- inet6/filter/FORWARD -j limit-772
+ inet/filter/FORWARD -j logaccept-final-9
inet/filter/INPUT -j limit-772
- inet6/filter/INPUT -j limit-772
+ inet/filter/INPUT -j logaccept-final-9
inet/filter/OUTPUT -j limit-772
- inet6/filter/OUTPUT -j limit-772
+ inet/filter/OUTPUT -j logaccept-final-9
inet/filter/limit-772 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-284
- inet6/filter/limit-772 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-284
+ inet/filter/logaccept-final-9 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-9 -j ACCEPT
inet/filter/logdrop-284 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-284 -m limit --limit 1/second -j LOG
inet/filter/logdrop-284 -j DROP
- inet6/filter/logdrop-284 -j DROP
- inet/filter/FORWARD -j logaccept-final-9
+ inet6/filter/FORWARD -j limit-772
inet6/filter/FORWARD -j logaccept-final-9
- inet/filter/INPUT -j logaccept-final-9
+ inet6/filter/INPUT -j limit-772
inet6/filter/INPUT -j logaccept-final-9
- inet/filter/OUTPUT -j logaccept-final-9
+ inet6/filter/OUTPUT -j limit-772
inet6/filter/OUTPUT -j logaccept-final-9
- inet/filter/logaccept-final-9 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-772 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-284
inet6/filter/logaccept-final-9 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-9 -j ACCEPT
inet6/filter/logaccept-final-9 -j ACCEPT
+ inet6/filter/logdrop-284 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-284 -j DROP
Filter 774 {"action":"pass","flow-limit":{"addr":"dest","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-773
- inet6/filter/FORWARD -j limit-773
inet/filter/INPUT -j limit-773
- inet6/filter/INPUT -j limit-773
inet/filter/OUTPUT -j limit-773
- inet6/filter/OUTPUT -j limit-773
inet/filter/limit-773 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-285
- inet6/filter/limit-773 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-285
+ inet/filter/limit-773 -m limit --limit 1/second -j LOG
inet/filter/logdrop-285 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-285 -m limit --limit 1/second -j LOG
inet/filter/logdrop-285 -j DROP
- inet6/filter/logdrop-285 -j DROP
- inet/filter/limit-773 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-773
+ inet6/filter/INPUT -j limit-773
+ inet6/filter/OUTPUT -j limit-773
+ inet6/filter/limit-773 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-285
inet6/filter/limit-773 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-285 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-285 -j DROP
Filter 775 {"flow-limit":{"addr":"dest","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-774
- inet6/filter/FORWARD -j limit-774
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-774
- inet6/filter/INPUT -j limit-774
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-774
- inet6/filter/OUTPUT -j limit-774
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-774 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-286
- inet6/filter/limit-774 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-286
inet/filter/logdrop-286 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-286 -m limit --limit 1/second -j LOG
inet/filter/logdrop-286 -j DROP
- inet6/filter/logdrop-286 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-774
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-774
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-774
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-774 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-286
+ inet6/filter/logdrop-286 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-286 -j DROP
Filter 776 {"action":"pass","flow-limit":{"addr":"dest","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-775
- inet6/filter/FORWARD -j limit-775
inet/filter/INPUT -j limit-775
- inet6/filter/INPUT -j limit-775
inet/filter/OUTPUT -j limit-775
- inet6/filter/OUTPUT -j limit-775
inet/filter/limit-775 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-287
- inet6/filter/limit-775 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-287
inet/filter/logdrop-287 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-287 -m limit --limit 1/second -j LOG
inet/filter/logdrop-287 -j DROP
+ inet6/filter/FORWARD -j limit-775
+ inet6/filter/INPUT -j limit-775
+ inet6/filter/OUTPUT -j limit-775
+ inet6/filter/limit-775 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-287
+ inet6/filter/logdrop-287 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-287 -j DROP
Filter 777 {"flow-limit":{"log":false}}
(filter-limit)
inet/filter/FORWARD -j limit-776
- inet6/filter/FORWARD -j limit-776
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-776
- inet6/filter/INPUT -j limit-776
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-776
- inet6/filter/OUTPUT -j limit-776
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-776 -m recent --name limit-776 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-776 -m recent --name limit-776 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-776 -m recent --name limit-776 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-776 -m recent --name limit-776 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-776
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-776
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-776
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-776 -m recent --name limit-776 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-776 -m recent --name limit-776 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 778 {"action":"pass","flow-limit":{"log":false}}
(filter-limit)
inet/filter/FORWARD -j limit-777
- inet6/filter/FORWARD -j limit-777
inet/filter/INPUT -j limit-777
- inet6/filter/INPUT -j limit-777
inet/filter/OUTPUT -j limit-777
- inet6/filter/OUTPUT -j limit-777
inet/filter/limit-777 -m recent --name limit-777 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-777 -m recent --name limit-777 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-777 -m recent --name limit-777 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-777
+ inet6/filter/INPUT -j limit-777
+ inet6/filter/OUTPUT -j limit-777
+ inet6/filter/limit-777 -m recent --name limit-777 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-777 -m recent --name limit-777 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 779 {"flow-limit":{"log":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-778
- inet6/filter/FORWARD -j limit-778
+ inet/filter/FORWARD -j logaccept-final-10
inet/filter/INPUT -j limit-778
- inet6/filter/INPUT -j limit-778
+ inet/filter/INPUT -j logaccept-final-10
inet/filter/OUTPUT -j limit-778
- inet6/filter/OUTPUT -j limit-778
+ inet/filter/OUTPUT -j logaccept-final-10
inet/filter/limit-778 -m recent --name limit-778 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-778 -m recent --name limit-778 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-778 -m recent --name limit-778 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-778 -m recent --name limit-778 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-10
+ inet/filter/logaccept-final-10 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-10 -j ACCEPT
+ inet6/filter/FORWARD -j limit-778
inet6/filter/FORWARD -j logaccept-final-10
- inet/filter/INPUT -j logaccept-final-10
+ inet6/filter/INPUT -j limit-778
inet6/filter/INPUT -j logaccept-final-10
- inet/filter/OUTPUT -j logaccept-final-10
+ inet6/filter/OUTPUT -j limit-778
inet6/filter/OUTPUT -j logaccept-final-10
- inet/filter/logaccept-final-10 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-778 -m recent --name limit-778 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-778 -m recent --name limit-778 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-10 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-10 -j ACCEPT
inet6/filter/logaccept-final-10 -j ACCEPT
Filter 780 {"action":"pass","flow-limit":{"log":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-779
- inet6/filter/FORWARD -j limit-779
inet/filter/INPUT -j limit-779
- inet6/filter/INPUT -j limit-779
inet/filter/OUTPUT -j limit-779
- inet6/filter/OUTPUT -j limit-779
inet/filter/limit-779 -m recent --name limit-779 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-779 -m recent --name limit-779 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-779 -m recent --name limit-779 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-779
+ inet6/filter/INPUT -j limit-779
+ inet6/filter/OUTPUT -j limit-779
+ inet6/filter/limit-779 -m recent --name limit-779 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-779 -m recent --name limit-779 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 781 {"flow-limit":{"log":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-780
- inet6/filter/FORWARD -j limit-780
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-780
- inet6/filter/INPUT -j limit-780
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-780
- inet6/filter/OUTPUT -j limit-780
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-780 -m recent --name limit-780 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-780 -m recent --name limit-780 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-780 -m recent --name limit-780 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-780 -m recent --name limit-780 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-780
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-780
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-780
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-780 -m recent --name limit-780 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-780 -m recent --name limit-780 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 782 {"action":"pass","flow-limit":{"log":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-781
- inet6/filter/FORWARD -j limit-781
inet/filter/INPUT -j limit-781
- inet6/filter/INPUT -j limit-781
inet/filter/OUTPUT -j limit-781
- inet6/filter/OUTPUT -j limit-781
inet/filter/limit-781 -m recent --name limit-781 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-781 -m recent --name limit-781 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-781 -m recent --name limit-781 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-781
+ inet6/filter/INPUT -j limit-781
+ inet6/filter/OUTPUT -j limit-781
+ inet6/filter/limit-781 -m recent --name limit-781 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-781 -m recent --name limit-781 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 783 {"flow-limit":{"log":false,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-782
- inet6/filter/FORWARD -j limit-782
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-782
- inet6/filter/INPUT -j limit-782
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-782
- inet6/filter/OUTPUT -j limit-782
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-782 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-782 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-782 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-782 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-782
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-782
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-782
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-782 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-782 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 784 {"action":"pass","flow-limit":{"log":false,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-783
- inet6/filter/FORWARD -j limit-783
inet/filter/INPUT -j limit-783
- inet6/filter/INPUT -j limit-783
inet/filter/OUTPUT -j limit-783
- inet6/filter/OUTPUT -j limit-783
inet/filter/limit-783 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-783 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-783 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-783
+ inet6/filter/INPUT -j limit-783
+ inet6/filter/OUTPUT -j limit-783
+ inet6/filter/limit-783 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-783 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 785 {"flow-limit":{"log":false,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-784
- inet6/filter/FORWARD -j limit-784
+ inet/filter/FORWARD -j logaccept-final-11
inet/filter/INPUT -j limit-784
- inet6/filter/INPUT -j limit-784
+ inet/filter/INPUT -j logaccept-final-11
inet/filter/OUTPUT -j limit-784
- inet6/filter/OUTPUT -j limit-784
+ inet/filter/OUTPUT -j logaccept-final-11
inet/filter/limit-784 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-784 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-784 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-784 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-11
+ inet/filter/logaccept-final-11 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-11 -j ACCEPT
+ inet6/filter/FORWARD -j limit-784
inet6/filter/FORWARD -j logaccept-final-11
- inet/filter/INPUT -j logaccept-final-11
+ inet6/filter/INPUT -j limit-784
inet6/filter/INPUT -j logaccept-final-11
- inet/filter/OUTPUT -j logaccept-final-11
+ inet6/filter/OUTPUT -j limit-784
inet6/filter/OUTPUT -j logaccept-final-11
- inet/filter/logaccept-final-11 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-784 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-784 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-11 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-11 -j ACCEPT
inet6/filter/logaccept-final-11 -j ACCEPT
Filter 786 {"action":"pass","flow-limit":{"log":false,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-785
- inet6/filter/FORWARD -j limit-785
inet/filter/INPUT -j limit-785
- inet6/filter/INPUT -j limit-785
inet/filter/OUTPUT -j limit-785
- inet6/filter/OUTPUT -j limit-785
inet/filter/limit-785 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-785 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-785 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-785
+ inet6/filter/INPUT -j limit-785
+ inet6/filter/OUTPUT -j limit-785
+ inet6/filter/limit-785 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-785 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 787 {"flow-limit":{"log":false,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-786
- inet6/filter/FORWARD -j limit-786
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-786
- inet6/filter/INPUT -j limit-786
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-786
- inet6/filter/OUTPUT -j limit-786
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-786 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-786 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-786 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-786 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-786
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-786
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-786
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-786 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-786 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 788 {"action":"pass","flow-limit":{"log":false,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-787
- inet6/filter/FORWARD -j limit-787
inet/filter/INPUT -j limit-787
- inet6/filter/INPUT -j limit-787
inet/filter/OUTPUT -j limit-787
- inet6/filter/OUTPUT -j limit-787
inet/filter/limit-787 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-787 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-787 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-787
+ inet6/filter/INPUT -j limit-787
+ inet6/filter/OUTPUT -j limit-787
+ inet6/filter/limit-787 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-787 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 789 {"flow-limit":{"log":false,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-788
- inet6/filter/FORWARD -j limit-788
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-788
- inet6/filter/INPUT -j limit-788
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-788
- inet6/filter/OUTPUT -j limit-788
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-788 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-788 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-788
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-788
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-788
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-788 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 790 {"action":"pass","flow-limit":{"log":false,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-789
- inet6/filter/FORWARD -j limit-789
inet/filter/INPUT -j limit-789
- inet6/filter/INPUT -j limit-789
inet/filter/OUTPUT -j limit-789
- inet6/filter/OUTPUT -j limit-789
inet/filter/limit-789 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-789
+ inet6/filter/INPUT -j limit-789
+ inet6/filter/OUTPUT -j limit-789
inet6/filter/limit-789 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 791 {"flow-limit":{"log":false,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-790
- inet6/filter/FORWARD -j limit-790
+ inet/filter/FORWARD -j logaccept-final-12
inet/filter/INPUT -j limit-790
- inet6/filter/INPUT -j limit-790
+ inet/filter/INPUT -j logaccept-final-12
inet/filter/OUTPUT -j limit-790
- inet6/filter/OUTPUT -j limit-790
+ inet/filter/OUTPUT -j logaccept-final-12
inet/filter/limit-790 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-790 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j logaccept-final-12
+ inet/filter/logaccept-final-12 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-12 -j ACCEPT
+ inet6/filter/FORWARD -j limit-790
inet6/filter/FORWARD -j logaccept-final-12
- inet/filter/INPUT -j logaccept-final-12
+ inet6/filter/INPUT -j limit-790
inet6/filter/INPUT -j logaccept-final-12
- inet/filter/OUTPUT -j logaccept-final-12
+ inet6/filter/OUTPUT -j limit-790
inet6/filter/OUTPUT -j logaccept-final-12
- inet/filter/logaccept-final-12 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-790 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/logaccept-final-12 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-12 -j ACCEPT
inet6/filter/logaccept-final-12 -j ACCEPT
Filter 792 {"action":"pass","flow-limit":{"log":false,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-791
- inet6/filter/FORWARD -j limit-791
inet/filter/INPUT -j limit-791
- inet6/filter/INPUT -j limit-791
inet/filter/OUTPUT -j limit-791
- inet6/filter/OUTPUT -j limit-791
inet/filter/limit-791 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-791 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-791 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-791
+ inet6/filter/INPUT -j limit-791
+ inet6/filter/OUTPUT -j limit-791
+ inet6/filter/limit-791 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-791 -m limit --limit 1/second -j LOG
Filter 793 {"flow-limit":{"log":false,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-792
- inet6/filter/FORWARD -j limit-792
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-792
- inet6/filter/INPUT -j limit-792
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-792
- inet6/filter/OUTPUT -j limit-792
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-792 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-792 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-792
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-792
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-792
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-792 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 794 {"action":"pass","flow-limit":{"log":false,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-793
- inet6/filter/FORWARD -j limit-793
inet/filter/INPUT -j limit-793
- inet6/filter/INPUT -j limit-793
inet/filter/OUTPUT -j limit-793
- inet6/filter/OUTPUT -j limit-793
inet/filter/limit-793 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-793
+ inet6/filter/INPUT -j limit-793
+ inet6/filter/OUTPUT -j limit-793
inet6/filter/limit-793 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 795 {"flow-limit":{"addr":"dest","log":false,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-794
- inet6/filter/FORWARD -j limit-794
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-794
- inet6/filter/INPUT -j limit-794
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-794
- inet6/filter/OUTPUT -j limit-794
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-794 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-794 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-794 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-794 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-794
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-794
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-794
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-794 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-794 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 796 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-795
- inet6/filter/FORWARD -j limit-795
inet/filter/INPUT -j limit-795
- inet6/filter/INPUT -j limit-795
inet/filter/OUTPUT -j limit-795
- inet6/filter/OUTPUT -j limit-795
inet/filter/limit-795 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-795 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-795 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-795
+ inet6/filter/INPUT -j limit-795
+ inet6/filter/OUTPUT -j limit-795
+ inet6/filter/limit-795 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-795 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 797 {"flow-limit":{"addr":"dest","log":false,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-796
- inet6/filter/FORWARD -j limit-796
+ inet/filter/FORWARD -j logaccept-final-13
inet/filter/INPUT -j limit-796
- inet6/filter/INPUT -j limit-796
+ inet/filter/INPUT -j logaccept-final-13
inet/filter/OUTPUT -j limit-796
- inet6/filter/OUTPUT -j limit-796
+ inet/filter/OUTPUT -j logaccept-final-13
inet/filter/limit-796 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-796 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-796 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-796 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-13
+ inet/filter/logaccept-final-13 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-13 -j ACCEPT
+ inet6/filter/FORWARD -j limit-796
inet6/filter/FORWARD -j logaccept-final-13
- inet/filter/INPUT -j logaccept-final-13
+ inet6/filter/INPUT -j limit-796
inet6/filter/INPUT -j logaccept-final-13
- inet/filter/OUTPUT -j logaccept-final-13
+ inet6/filter/OUTPUT -j limit-796
inet6/filter/OUTPUT -j logaccept-final-13
- inet/filter/logaccept-final-13 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-796 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-796 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-13 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-13 -j ACCEPT
inet6/filter/logaccept-final-13 -j ACCEPT
Filter 798 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-797
- inet6/filter/FORWARD -j limit-797
inet/filter/INPUT -j limit-797
- inet6/filter/INPUT -j limit-797
inet/filter/OUTPUT -j limit-797
- inet6/filter/OUTPUT -j limit-797
inet/filter/limit-797 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-797 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-797 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-797
+ inet6/filter/INPUT -j limit-797
+ inet6/filter/OUTPUT -j limit-797
+ inet6/filter/limit-797 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-797 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 799 {"flow-limit":{"addr":"dest","log":false,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-798
- inet6/filter/FORWARD -j limit-798
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-798
- inet6/filter/INPUT -j limit-798
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-798
- inet6/filter/OUTPUT -j limit-798
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-798 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-798 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-798 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-798 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-798
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-798
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-798
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-798 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-798 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 800 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-799
- inet6/filter/FORWARD -j limit-799
inet/filter/INPUT -j limit-799
- inet6/filter/INPUT -j limit-799
inet/filter/OUTPUT -j limit-799
- inet6/filter/OUTPUT -j limit-799
inet/filter/limit-799 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-799 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-799 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-799
+ inet6/filter/INPUT -j limit-799
+ inet6/filter/OUTPUT -j limit-799
+ inet6/filter/limit-799 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-799 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 801 {"flow-limit":{"addr":"dest","log":false,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-800
- inet6/filter/FORWARD -j limit-800
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-800
- inet6/filter/INPUT -j limit-800
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-800
- inet6/filter/OUTPUT -j limit-800
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-800 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-800 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-800
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-800
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-800
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-800 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 802 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-801
- inet6/filter/FORWARD -j limit-801
inet/filter/INPUT -j limit-801
- inet6/filter/INPUT -j limit-801
inet/filter/OUTPUT -j limit-801
- inet6/filter/OUTPUT -j limit-801
inet/filter/limit-801 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-801
+ inet6/filter/INPUT -j limit-801
+ inet6/filter/OUTPUT -j limit-801
inet6/filter/limit-801 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 803 {"flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-802
- inet6/filter/FORWARD -j limit-802
+ inet/filter/FORWARD -j logaccept-final-14
inet/filter/INPUT -j limit-802
- inet6/filter/INPUT -j limit-802
+ inet/filter/INPUT -j logaccept-final-14
inet/filter/OUTPUT -j limit-802
- inet6/filter/OUTPUT -j limit-802
+ inet/filter/OUTPUT -j logaccept-final-14
inet/filter/limit-802 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-802 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j logaccept-final-14
+ inet/filter/logaccept-final-14 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-14 -j ACCEPT
+ inet6/filter/FORWARD -j limit-802
inet6/filter/FORWARD -j logaccept-final-14
- inet/filter/INPUT -j logaccept-final-14
+ inet6/filter/INPUT -j limit-802
inet6/filter/INPUT -j logaccept-final-14
- inet/filter/OUTPUT -j logaccept-final-14
+ inet6/filter/OUTPUT -j limit-802
inet6/filter/OUTPUT -j logaccept-final-14
- inet/filter/logaccept-final-14 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-802 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/logaccept-final-14 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-14 -j ACCEPT
inet6/filter/logaccept-final-14 -j ACCEPT
Filter 804 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-803
- inet6/filter/FORWARD -j limit-803
inet/filter/INPUT -j limit-803
- inet6/filter/INPUT -j limit-803
inet/filter/OUTPUT -j limit-803
- inet6/filter/OUTPUT -j limit-803
inet/filter/limit-803 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-803 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-803 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-803
+ inet6/filter/INPUT -j limit-803
+ inet6/filter/OUTPUT -j limit-803
+ inet6/filter/limit-803 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-803 -m limit --limit 1/second -j LOG
Filter 805 {"flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-804
- inet6/filter/FORWARD -j limit-804
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-804
- inet6/filter/INPUT -j limit-804
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-804
- inet6/filter/OUTPUT -j limit-804
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-804 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-804 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-804
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-804
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-804
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-804 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 806 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-805
- inet6/filter/FORWARD -j limit-805
inet/filter/INPUT -j limit-805
- inet6/filter/INPUT -j limit-805
inet/filter/OUTPUT -j limit-805
- inet6/filter/OUTPUT -j limit-805
inet/filter/limit-805 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-805
+ inet6/filter/INPUT -j limit-805
+ inet6/filter/OUTPUT -j limit-805
inet6/filter/limit-805 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 807 {"flow-limit":{"log":false,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-806
- inet6/filter/FORWARD -j limit-806
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-806
- inet6/filter/INPUT -j limit-806
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-806
- inet6/filter/OUTPUT -j limit-806
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-806 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-806 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-806 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-806 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-806
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-806
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-806
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-806 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-806 -m recent --name user:C --rsource --mask fe00:: --set
Filter 808 {"action":"pass","flow-limit":{"log":false,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-807
- inet6/filter/FORWARD -j limit-807
inet/filter/INPUT -j limit-807
- inet6/filter/INPUT -j limit-807
inet/filter/OUTPUT -j limit-807
- inet6/filter/OUTPUT -j limit-807
inet/filter/limit-807 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-807 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-807 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-807
+ inet6/filter/INPUT -j limit-807
+ inet6/filter/OUTPUT -j limit-807
+ inet6/filter/limit-807 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-807 -m recent --name user:C --rsource --mask fe00:: --set
Filter 809 {"flow-limit":{"log":false,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-808
- inet6/filter/FORWARD -j limit-808
+ inet/filter/FORWARD -j logaccept-final-15
inet/filter/INPUT -j limit-808
- inet6/filter/INPUT -j limit-808
+ inet/filter/INPUT -j logaccept-final-15
inet/filter/OUTPUT -j limit-808
- inet6/filter/OUTPUT -j limit-808
+ inet/filter/OUTPUT -j logaccept-final-15
inet/filter/limit-808 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-808 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-808 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-808 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-15
+ inet/filter/logaccept-final-15 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-15 -j ACCEPT
+ inet6/filter/FORWARD -j limit-808
inet6/filter/FORWARD -j logaccept-final-15
- inet/filter/INPUT -j logaccept-final-15
+ inet6/filter/INPUT -j limit-808
inet6/filter/INPUT -j logaccept-final-15
- inet/filter/OUTPUT -j logaccept-final-15
+ inet6/filter/OUTPUT -j limit-808
inet6/filter/OUTPUT -j logaccept-final-15
- inet/filter/logaccept-final-15 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-808 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-808 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logaccept-final-15 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-15 -j ACCEPT
inet6/filter/logaccept-final-15 -j ACCEPT
Filter 810 {"action":"pass","flow-limit":{"log":false,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-809
- inet6/filter/FORWARD -j limit-809
inet/filter/INPUT -j limit-809
- inet6/filter/INPUT -j limit-809
inet/filter/OUTPUT -j limit-809
- inet6/filter/OUTPUT -j limit-809
inet/filter/limit-809 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-809 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-809 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-809
+ inet6/filter/INPUT -j limit-809
+ inet6/filter/OUTPUT -j limit-809
+ inet6/filter/limit-809 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-809 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 811 {"flow-limit":{"log":false,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-810
- inet6/filter/FORWARD -j limit-810
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-810
- inet6/filter/INPUT -j limit-810
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-810
- inet6/filter/OUTPUT -j limit-810
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-810 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-810 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-810 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-810 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-810
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-810
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-810
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-810 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-810 -m recent --name user:C --rsource --mask fe00:: --set
Filter 812 {"action":"pass","flow-limit":{"log":false,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-811
- inet6/filter/FORWARD -j limit-811
inet/filter/INPUT -j limit-811
- inet6/filter/INPUT -j limit-811
inet/filter/OUTPUT -j limit-811
- inet6/filter/OUTPUT -j limit-811
inet/filter/limit-811 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-811 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-811 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-811
+ inet6/filter/INPUT -j limit-811
+ inet6/filter/OUTPUT -j limit-811
+ inet6/filter/limit-811 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-811 -m recent --name user:C --rsource --mask fe00:: --set
Filter 813 {"flow-limit":{"log":false,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-812
- inet6/filter/FORWARD -j limit-812
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-812
- inet6/filter/INPUT -j limit-812
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-812
- inet6/filter/OUTPUT -j limit-812
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-812 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-812 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-812
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-812
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-812
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-812 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 814 {"action":"pass","flow-limit":{"log":false,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-813
- inet6/filter/FORWARD -j limit-813
inet/filter/INPUT -j limit-813
- inet6/filter/INPUT -j limit-813
inet/filter/OUTPUT -j limit-813
- inet6/filter/OUTPUT -j limit-813
inet/filter/limit-813 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-813
+ inet6/filter/INPUT -j limit-813
+ inet6/filter/OUTPUT -j limit-813
inet6/filter/limit-813 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 815 {"flow-limit":{"log":false,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-814
- inet6/filter/FORWARD -j limit-814
+ inet/filter/FORWARD -j logaccept-final-16
inet/filter/INPUT -j limit-814
- inet6/filter/INPUT -j limit-814
+ inet/filter/INPUT -j logaccept-final-16
inet/filter/OUTPUT -j limit-814
- inet6/filter/OUTPUT -j limit-814
+ inet/filter/OUTPUT -j logaccept-final-16
inet/filter/limit-814 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-814 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j logaccept-final-16
+ inet/filter/logaccept-final-16 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-16 -j ACCEPT
+ inet6/filter/FORWARD -j limit-814
inet6/filter/FORWARD -j logaccept-final-16
- inet/filter/INPUT -j logaccept-final-16
+ inet6/filter/INPUT -j limit-814
inet6/filter/INPUT -j logaccept-final-16
- inet/filter/OUTPUT -j logaccept-final-16
+ inet6/filter/OUTPUT -j limit-814
inet6/filter/OUTPUT -j logaccept-final-16
- inet/filter/logaccept-final-16 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-814 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/logaccept-final-16 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-16 -j ACCEPT
inet6/filter/logaccept-final-16 -j ACCEPT
Filter 816 {"action":"pass","flow-limit":{"log":false,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-815
- inet6/filter/FORWARD -j limit-815
inet/filter/INPUT -j limit-815
- inet6/filter/INPUT -j limit-815
inet/filter/OUTPUT -j limit-815
- inet6/filter/OUTPUT -j limit-815
inet/filter/limit-815 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-815 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-815 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-815
+ inet6/filter/INPUT -j limit-815
+ inet6/filter/OUTPUT -j limit-815
+ inet6/filter/limit-815 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-815 -m limit --limit 1/second -j LOG
Filter 817 {"flow-limit":{"log":false,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-816
- inet6/filter/FORWARD -j limit-816
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-816
- inet6/filter/INPUT -j limit-816
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-816
- inet6/filter/OUTPUT -j limit-816
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-816 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-816 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-816
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-816
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-816
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-816 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 818 {"action":"pass","flow-limit":{"log":false,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-817
- inet6/filter/FORWARD -j limit-817
inet/filter/INPUT -j limit-817
- inet6/filter/INPUT -j limit-817
inet/filter/OUTPUT -j limit-817
- inet6/filter/OUTPUT -j limit-817
inet/filter/limit-817 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-817
+ inet6/filter/INPUT -j limit-817
+ inet6/filter/OUTPUT -j limit-817
inet6/filter/limit-817 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 819 {"flow-limit":{"addr":"dest","log":false,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-818
- inet6/filter/FORWARD -j limit-818
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-818
- inet6/filter/INPUT -j limit-818
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-818
- inet6/filter/OUTPUT -j limit-818
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-818 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-818 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-818 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-818 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-818
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-818
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-818
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-818 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-818 -m recent --name user:C --rdest --mask fe00:: --set
Filter 820 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-819
- inet6/filter/FORWARD -j limit-819
inet/filter/INPUT -j limit-819
- inet6/filter/INPUT -j limit-819
inet/filter/OUTPUT -j limit-819
- inet6/filter/OUTPUT -j limit-819
inet/filter/limit-819 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-819 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-819 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-819
+ inet6/filter/INPUT -j limit-819
+ inet6/filter/OUTPUT -j limit-819
+ inet6/filter/limit-819 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-819 -m recent --name user:C --rdest --mask fe00:: --set
Filter 821 {"flow-limit":{"addr":"dest","log":false,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-820
- inet6/filter/FORWARD -j limit-820
+ inet/filter/FORWARD -j logaccept-final-17
inet/filter/INPUT -j limit-820
- inet6/filter/INPUT -j limit-820
+ inet/filter/INPUT -j logaccept-final-17
inet/filter/OUTPUT -j limit-820
- inet6/filter/OUTPUT -j limit-820
+ inet/filter/OUTPUT -j logaccept-final-17
inet/filter/limit-820 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-820 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-820 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-820 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-17
+ inet/filter/logaccept-final-17 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-17 -j ACCEPT
+ inet6/filter/FORWARD -j limit-820
inet6/filter/FORWARD -j logaccept-final-17
- inet/filter/INPUT -j logaccept-final-17
+ inet6/filter/INPUT -j limit-820
inet6/filter/INPUT -j logaccept-final-17
- inet/filter/OUTPUT -j logaccept-final-17
+ inet6/filter/OUTPUT -j limit-820
inet6/filter/OUTPUT -j logaccept-final-17
- inet/filter/logaccept-final-17 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-820 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-820 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logaccept-final-17 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-17 -j ACCEPT
inet6/filter/logaccept-final-17 -j ACCEPT
Filter 822 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-821
- inet6/filter/FORWARD -j limit-821
inet/filter/INPUT -j limit-821
- inet6/filter/INPUT -j limit-821
inet/filter/OUTPUT -j limit-821
- inet6/filter/OUTPUT -j limit-821
inet/filter/limit-821 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-821 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-821 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-821
+ inet6/filter/INPUT -j limit-821
+ inet6/filter/OUTPUT -j limit-821
+ inet6/filter/limit-821 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-821 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 823 {"flow-limit":{"addr":"dest","log":false,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-822
- inet6/filter/FORWARD -j limit-822
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-822
- inet6/filter/INPUT -j limit-822
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-822
- inet6/filter/OUTPUT -j limit-822
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-822 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-822 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-822 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-822 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-822
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-822
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-822
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-822 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-822 -m recent --name user:C --rdest --mask fe00:: --set
Filter 824 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-823
- inet6/filter/FORWARD -j limit-823
inet/filter/INPUT -j limit-823
- inet6/filter/INPUT -j limit-823
inet/filter/OUTPUT -j limit-823
- inet6/filter/OUTPUT -j limit-823
inet/filter/limit-823 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-823 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-823 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-823
+ inet6/filter/INPUT -j limit-823
+ inet6/filter/OUTPUT -j limit-823
+ inet6/filter/limit-823 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-823 -m recent --name user:C --rdest --mask fe00:: --set
Filter 825 {"flow-limit":{"addr":"dest","log":false,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-824
- inet6/filter/FORWARD -j limit-824
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-824
- inet6/filter/INPUT -j limit-824
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-824
- inet6/filter/OUTPUT -j limit-824
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-824 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-824 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-824
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-824
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-824
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-824 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 826 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-825
- inet6/filter/FORWARD -j limit-825
inet/filter/INPUT -j limit-825
- inet6/filter/INPUT -j limit-825
inet/filter/OUTPUT -j limit-825
- inet6/filter/OUTPUT -j limit-825
inet/filter/limit-825 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-825
+ inet6/filter/INPUT -j limit-825
+ inet6/filter/OUTPUT -j limit-825
inet6/filter/limit-825 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 827 {"flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-826
- inet6/filter/FORWARD -j limit-826
+ inet/filter/FORWARD -j logaccept-final-18
inet/filter/INPUT -j limit-826
- inet6/filter/INPUT -j limit-826
+ inet/filter/INPUT -j logaccept-final-18
inet/filter/OUTPUT -j limit-826
- inet6/filter/OUTPUT -j limit-826
+ inet/filter/OUTPUT -j logaccept-final-18
inet/filter/limit-826 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-826 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j logaccept-final-18
+ inet/filter/logaccept-final-18 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-18 -j ACCEPT
+ inet6/filter/FORWARD -j limit-826
inet6/filter/FORWARD -j logaccept-final-18
- inet/filter/INPUT -j logaccept-final-18
+ inet6/filter/INPUT -j limit-826
inet6/filter/INPUT -j logaccept-final-18
- inet/filter/OUTPUT -j logaccept-final-18
+ inet6/filter/OUTPUT -j limit-826
inet6/filter/OUTPUT -j logaccept-final-18
- inet/filter/logaccept-final-18 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-826 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/logaccept-final-18 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-18 -j ACCEPT
inet6/filter/logaccept-final-18 -j ACCEPT
Filter 828 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-827
- inet6/filter/FORWARD -j limit-827
inet/filter/INPUT -j limit-827
- inet6/filter/INPUT -j limit-827
inet/filter/OUTPUT -j limit-827
- inet6/filter/OUTPUT -j limit-827
inet/filter/limit-827 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-827 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-827 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-827
+ inet6/filter/INPUT -j limit-827
+ inet6/filter/OUTPUT -j limit-827
+ inet6/filter/limit-827 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-827 -m limit --limit 1/second -j LOG
Filter 829 {"flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-828
- inet6/filter/FORWARD -j limit-828
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-828
- inet6/filter/INPUT -j limit-828
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-828
- inet6/filter/OUTPUT -j limit-828
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-828 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-828 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-828
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-828
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-828
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-828 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 830 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-829
- inet6/filter/FORWARD -j limit-829
inet/filter/INPUT -j limit-829
- inet6/filter/INPUT -j limit-829
inet/filter/OUTPUT -j limit-829
- inet6/filter/OUTPUT -j limit-829
inet/filter/limit-829 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-829
+ inet6/filter/INPUT -j limit-829
+ inet6/filter/OUTPUT -j limit-829
inet6/filter/limit-829 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 831 {"flow-limit":{"log":"none"}}
(filter-limit)
inet/filter/FORWARD -j limit-830
- inet6/filter/FORWARD -j limit-830
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-830
- inet6/filter/INPUT -j limit-830
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-830
- inet6/filter/OUTPUT -j limit-830
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-830 -m recent --name limit-830 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-830 -m recent --name limit-830 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-830 -m recent --name limit-830 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-830 -m recent --name limit-830 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-830
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-830
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-830
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-830 -m recent --name limit-830 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-830 -m recent --name limit-830 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 832 {"action":"pass","flow-limit":{"log":"none"}}
(filter-limit)
inet/filter/FORWARD -j limit-831
- inet6/filter/FORWARD -j limit-831
inet/filter/INPUT -j limit-831
- inet6/filter/INPUT -j limit-831
inet/filter/OUTPUT -j limit-831
- inet6/filter/OUTPUT -j limit-831
inet/filter/limit-831 -m recent --name limit-831 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-831 -m recent --name limit-831 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-831 -m recent --name limit-831 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-831
+ inet6/filter/INPUT -j limit-831
+ inet6/filter/OUTPUT -j limit-831
+ inet6/filter/limit-831 -m recent --name limit-831 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-831 -m recent --name limit-831 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 833 {"flow-limit":{"log":"none"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-832
- inet6/filter/FORWARD -j limit-832
+ inet/filter/FORWARD -j logaccept-final-19
inet/filter/INPUT -j limit-832
- inet6/filter/INPUT -j limit-832
+ inet/filter/INPUT -j logaccept-final-19
inet/filter/OUTPUT -j limit-832
- inet6/filter/OUTPUT -j limit-832
+ inet/filter/OUTPUT -j logaccept-final-19
inet/filter/limit-832 -m recent --name limit-832 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-832 -m recent --name limit-832 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-832 -m recent --name limit-832 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-832 -m recent --name limit-832 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-19
+ inet/filter/logaccept-final-19 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-19 -j ACCEPT
+ inet6/filter/FORWARD -j limit-832
inet6/filter/FORWARD -j logaccept-final-19
- inet/filter/INPUT -j logaccept-final-19
+ inet6/filter/INPUT -j limit-832
inet6/filter/INPUT -j logaccept-final-19
- inet/filter/OUTPUT -j logaccept-final-19
+ inet6/filter/OUTPUT -j limit-832
inet6/filter/OUTPUT -j logaccept-final-19
- inet/filter/logaccept-final-19 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-832 -m recent --name limit-832 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-832 -m recent --name limit-832 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-19 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-19 -j ACCEPT
inet6/filter/logaccept-final-19 -j ACCEPT
Filter 834 {"action":"pass","flow-limit":{"log":"none"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-833
- inet6/filter/FORWARD -j limit-833
inet/filter/INPUT -j limit-833
- inet6/filter/INPUT -j limit-833
inet/filter/OUTPUT -j limit-833
- inet6/filter/OUTPUT -j limit-833
inet/filter/limit-833 -m recent --name limit-833 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-833 -m recent --name limit-833 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-833 -m recent --name limit-833 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-833
+ inet6/filter/INPUT -j limit-833
+ inet6/filter/OUTPUT -j limit-833
+ inet6/filter/limit-833 -m recent --name limit-833 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-833 -m recent --name limit-833 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 835 {"flow-limit":{"log":"none"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-834
- inet6/filter/FORWARD -j limit-834
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-834
- inet6/filter/INPUT -j limit-834
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-834
- inet6/filter/OUTPUT -j limit-834
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-834 -m recent --name limit-834 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-834 -m recent --name limit-834 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-834 -m recent --name limit-834 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-834 -m recent --name limit-834 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-834
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-834
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-834
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-834 -m recent --name limit-834 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-834 -m recent --name limit-834 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 836 {"action":"pass","flow-limit":{"log":"none"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-835
- inet6/filter/FORWARD -j limit-835
inet/filter/INPUT -j limit-835
- inet6/filter/INPUT -j limit-835
inet/filter/OUTPUT -j limit-835
- inet6/filter/OUTPUT -j limit-835
inet/filter/limit-835 -m recent --name limit-835 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-835 -m recent --name limit-835 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-835 -m recent --name limit-835 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-835
+ inet6/filter/INPUT -j limit-835
+ inet6/filter/OUTPUT -j limit-835
+ inet6/filter/limit-835 -m recent --name limit-835 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-835 -m recent --name limit-835 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 837 {"flow-limit":{"log":"none","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-836
- inet6/filter/FORWARD -j limit-836
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-836
- inet6/filter/INPUT -j limit-836
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-836
- inet6/filter/OUTPUT -j limit-836
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-836 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-836 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-836 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-836 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-836
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-836
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-836
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-836 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-836 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 838 {"action":"pass","flow-limit":{"log":"none","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-837
- inet6/filter/FORWARD -j limit-837
inet/filter/INPUT -j limit-837
- inet6/filter/INPUT -j limit-837
inet/filter/OUTPUT -j limit-837
- inet6/filter/OUTPUT -j limit-837
inet/filter/limit-837 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-837 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-837 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-837
+ inet6/filter/INPUT -j limit-837
+ inet6/filter/OUTPUT -j limit-837
+ inet6/filter/limit-837 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-837 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 839 {"flow-limit":{"log":"none","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-838
- inet6/filter/FORWARD -j limit-838
+ inet/filter/FORWARD -j logaccept-final-20
inet/filter/INPUT -j limit-838
- inet6/filter/INPUT -j limit-838
+ inet/filter/INPUT -j logaccept-final-20
inet/filter/OUTPUT -j limit-838
- inet6/filter/OUTPUT -j limit-838
+ inet/filter/OUTPUT -j logaccept-final-20
inet/filter/limit-838 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-838 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-838 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-838 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-20
+ inet/filter/logaccept-final-20 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-20 -j ACCEPT
+ inet6/filter/FORWARD -j limit-838
inet6/filter/FORWARD -j logaccept-final-20
- inet/filter/INPUT -j logaccept-final-20
+ inet6/filter/INPUT -j limit-838
inet6/filter/INPUT -j logaccept-final-20
- inet/filter/OUTPUT -j logaccept-final-20
+ inet6/filter/OUTPUT -j limit-838
inet6/filter/OUTPUT -j logaccept-final-20
- inet/filter/logaccept-final-20 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-838 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-838 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-20 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-20 -j ACCEPT
inet6/filter/logaccept-final-20 -j ACCEPT
Filter 840 {"action":"pass","flow-limit":{"log":"none","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-839
- inet6/filter/FORWARD -j limit-839
inet/filter/INPUT -j limit-839
- inet6/filter/INPUT -j limit-839
inet/filter/OUTPUT -j limit-839
- inet6/filter/OUTPUT -j limit-839
inet/filter/limit-839 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-839 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-839 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-839
+ inet6/filter/INPUT -j limit-839
+ inet6/filter/OUTPUT -j limit-839
+ inet6/filter/limit-839 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-839 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 841 {"flow-limit":{"log":"none","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-840
- inet6/filter/FORWARD -j limit-840
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-840
- inet6/filter/INPUT -j limit-840
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-840
- inet6/filter/OUTPUT -j limit-840
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-840 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-840 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-840 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-840 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-840
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-840
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-840
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-840 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-840 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 842 {"action":"pass","flow-limit":{"log":"none","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-841
- inet6/filter/FORWARD -j limit-841
inet/filter/INPUT -j limit-841
- inet6/filter/INPUT -j limit-841
inet/filter/OUTPUT -j limit-841
- inet6/filter/OUTPUT -j limit-841
inet/filter/limit-841 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-841 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-841 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-841
+ inet6/filter/INPUT -j limit-841
+ inet6/filter/OUTPUT -j limit-841
+ inet6/filter/limit-841 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-841 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 843 {"flow-limit":{"log":"none","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-842
- inet6/filter/FORWARD -j limit-842
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-842
- inet6/filter/INPUT -j limit-842
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-842
- inet6/filter/OUTPUT -j limit-842
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-842 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-842 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-842
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-842
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-842
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-842 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 844 {"action":"pass","flow-limit":{"log":"none","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-843
- inet6/filter/FORWARD -j limit-843
inet/filter/INPUT -j limit-843
- inet6/filter/INPUT -j limit-843
inet/filter/OUTPUT -j limit-843
- inet6/filter/OUTPUT -j limit-843
inet/filter/limit-843 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-843
+ inet6/filter/INPUT -j limit-843
+ inet6/filter/OUTPUT -j limit-843
inet6/filter/limit-843 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 845 {"flow-limit":{"log":"none","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-844
- inet6/filter/FORWARD -j limit-844
+ inet/filter/FORWARD -j logaccept-final-21
inet/filter/INPUT -j limit-844
- inet6/filter/INPUT -j limit-844
+ inet/filter/INPUT -j logaccept-final-21
inet/filter/OUTPUT -j limit-844
- inet6/filter/OUTPUT -j limit-844
+ inet/filter/OUTPUT -j logaccept-final-21
inet/filter/limit-844 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-844 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j logaccept-final-21
+ inet/filter/logaccept-final-21 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-21 -j ACCEPT
+ inet6/filter/FORWARD -j limit-844
inet6/filter/FORWARD -j logaccept-final-21
- inet/filter/INPUT -j logaccept-final-21
+ inet6/filter/INPUT -j limit-844
inet6/filter/INPUT -j logaccept-final-21
- inet/filter/OUTPUT -j logaccept-final-21
+ inet6/filter/OUTPUT -j limit-844
inet6/filter/OUTPUT -j logaccept-final-21
- inet/filter/logaccept-final-21 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-844 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/logaccept-final-21 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-21 -j ACCEPT
inet6/filter/logaccept-final-21 -j ACCEPT
Filter 846 {"action":"pass","flow-limit":{"log":"none","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-845
- inet6/filter/FORWARD -j limit-845
inet/filter/INPUT -j limit-845
- inet6/filter/INPUT -j limit-845
inet/filter/OUTPUT -j limit-845
- inet6/filter/OUTPUT -j limit-845
inet/filter/limit-845 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-845 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-845 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-845
+ inet6/filter/INPUT -j limit-845
+ inet6/filter/OUTPUT -j limit-845
+ inet6/filter/limit-845 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-845 -m limit --limit 1/second -j LOG
Filter 847 {"flow-limit":{"log":"none","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-846
- inet6/filter/FORWARD -j limit-846
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-846
- inet6/filter/INPUT -j limit-846
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-846
- inet6/filter/OUTPUT -j limit-846
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-846 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-846 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-846
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-846
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-846
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-846 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 848 {"action":"pass","flow-limit":{"log":"none","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-847
- inet6/filter/FORWARD -j limit-847
inet/filter/INPUT -j limit-847
- inet6/filter/INPUT -j limit-847
inet/filter/OUTPUT -j limit-847
- inet6/filter/OUTPUT -j limit-847
inet/filter/limit-847 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-847
+ inet6/filter/INPUT -j limit-847
+ inet6/filter/OUTPUT -j limit-847
inet6/filter/limit-847 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 849 {"flow-limit":{"addr":"dest","log":"none","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-848
- inet6/filter/FORWARD -j limit-848
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-848
- inet6/filter/INPUT -j limit-848
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-848
- inet6/filter/OUTPUT -j limit-848
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-848 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-848 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-848 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-848 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-848
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-848
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-848
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-848 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-848 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 850 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-849
- inet6/filter/FORWARD -j limit-849
inet/filter/INPUT -j limit-849
- inet6/filter/INPUT -j limit-849
inet/filter/OUTPUT -j limit-849
- inet6/filter/OUTPUT -j limit-849
inet/filter/limit-849 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-849 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-849 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-849
+ inet6/filter/INPUT -j limit-849
+ inet6/filter/OUTPUT -j limit-849
+ inet6/filter/limit-849 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-849 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 851 {"flow-limit":{"addr":"dest","log":"none","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-850
- inet6/filter/FORWARD -j limit-850
+ inet/filter/FORWARD -j logaccept-final-22
inet/filter/INPUT -j limit-850
- inet6/filter/INPUT -j limit-850
+ inet/filter/INPUT -j logaccept-final-22
inet/filter/OUTPUT -j limit-850
- inet6/filter/OUTPUT -j limit-850
+ inet/filter/OUTPUT -j logaccept-final-22
inet/filter/limit-850 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-850 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-850 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-850 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-22
+ inet/filter/logaccept-final-22 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-22 -j ACCEPT
+ inet6/filter/FORWARD -j limit-850
inet6/filter/FORWARD -j logaccept-final-22
- inet/filter/INPUT -j logaccept-final-22
+ inet6/filter/INPUT -j limit-850
inet6/filter/INPUT -j logaccept-final-22
- inet/filter/OUTPUT -j logaccept-final-22
+ inet6/filter/OUTPUT -j limit-850
inet6/filter/OUTPUT -j logaccept-final-22
- inet/filter/logaccept-final-22 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-850 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-850 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-22 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-22 -j ACCEPT
inet6/filter/logaccept-final-22 -j ACCEPT
Filter 852 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-851
- inet6/filter/FORWARD -j limit-851
inet/filter/INPUT -j limit-851
- inet6/filter/INPUT -j limit-851
inet/filter/OUTPUT -j limit-851
- inet6/filter/OUTPUT -j limit-851
inet/filter/limit-851 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-851 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-851 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-851
+ inet6/filter/INPUT -j limit-851
+ inet6/filter/OUTPUT -j limit-851
+ inet6/filter/limit-851 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-851 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 853 {"flow-limit":{"addr":"dest","log":"none","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-852
- inet6/filter/FORWARD -j limit-852
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-852
- inet6/filter/INPUT -j limit-852
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-852
- inet6/filter/OUTPUT -j limit-852
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-852 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-852 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-852 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-852 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-852
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-852
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-852
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-852 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-852 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 854 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-853
- inet6/filter/FORWARD -j limit-853
inet/filter/INPUT -j limit-853
- inet6/filter/INPUT -j limit-853
inet/filter/OUTPUT -j limit-853
- inet6/filter/OUTPUT -j limit-853
inet/filter/limit-853 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-853 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-853 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-853
+ inet6/filter/INPUT -j limit-853
+ inet6/filter/OUTPUT -j limit-853
+ inet6/filter/limit-853 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-853 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 855 {"flow-limit":{"addr":"dest","log":"none","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-854
- inet6/filter/FORWARD -j limit-854
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-854
- inet6/filter/INPUT -j limit-854
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-854
- inet6/filter/OUTPUT -j limit-854
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-854 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-854 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-854
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-854
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-854
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-854 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 856 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-855
- inet6/filter/FORWARD -j limit-855
inet/filter/INPUT -j limit-855
- inet6/filter/INPUT -j limit-855
inet/filter/OUTPUT -j limit-855
- inet6/filter/OUTPUT -j limit-855
inet/filter/limit-855 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-855
+ inet6/filter/INPUT -j limit-855
+ inet6/filter/OUTPUT -j limit-855
inet6/filter/limit-855 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 857 {"flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-856
- inet6/filter/FORWARD -j limit-856
+ inet/filter/FORWARD -j logaccept-final-23
inet/filter/INPUT -j limit-856
- inet6/filter/INPUT -j limit-856
+ inet/filter/INPUT -j logaccept-final-23
inet/filter/OUTPUT -j limit-856
- inet6/filter/OUTPUT -j limit-856
+ inet/filter/OUTPUT -j logaccept-final-23
inet/filter/limit-856 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-856 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j logaccept-final-23
+ inet/filter/logaccept-final-23 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-23 -j ACCEPT
+ inet6/filter/FORWARD -j limit-856
inet6/filter/FORWARD -j logaccept-final-23
- inet/filter/INPUT -j logaccept-final-23
+ inet6/filter/INPUT -j limit-856
inet6/filter/INPUT -j logaccept-final-23
- inet/filter/OUTPUT -j logaccept-final-23
+ inet6/filter/OUTPUT -j limit-856
inet6/filter/OUTPUT -j logaccept-final-23
- inet/filter/logaccept-final-23 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-856 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/logaccept-final-23 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-23 -j ACCEPT
inet6/filter/logaccept-final-23 -j ACCEPT
Filter 858 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-857
- inet6/filter/FORWARD -j limit-857
inet/filter/INPUT -j limit-857
- inet6/filter/INPUT -j limit-857
inet/filter/OUTPUT -j limit-857
- inet6/filter/OUTPUT -j limit-857
inet/filter/limit-857 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-857 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-857 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-857
+ inet6/filter/INPUT -j limit-857
+ inet6/filter/OUTPUT -j limit-857
+ inet6/filter/limit-857 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-857 -m limit --limit 1/second -j LOG
Filter 859 {"flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-858
- inet6/filter/FORWARD -j limit-858
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-858
- inet6/filter/INPUT -j limit-858
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-858
- inet6/filter/OUTPUT -j limit-858
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-858 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-858 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-858
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-858
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-858
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-858 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 860 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-859
- inet6/filter/FORWARD -j limit-859
inet/filter/INPUT -j limit-859
- inet6/filter/INPUT -j limit-859
inet/filter/OUTPUT -j limit-859
- inet6/filter/OUTPUT -j limit-859
inet/filter/limit-859 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-859
+ inet6/filter/INPUT -j limit-859
+ inet6/filter/OUTPUT -j limit-859
inet6/filter/limit-859 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 861 {"flow-limit":{"log":"none","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-860
- inet6/filter/FORWARD -j limit-860
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-860
- inet6/filter/INPUT -j limit-860
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-860
- inet6/filter/OUTPUT -j limit-860
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-860 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-860 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-860 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-860 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-860
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-860
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-860
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-860 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-860 -m recent --name user:C --rsource --mask fe00:: --set
Filter 862 {"action":"pass","flow-limit":{"log":"none","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-861
- inet6/filter/FORWARD -j limit-861
inet/filter/INPUT -j limit-861
- inet6/filter/INPUT -j limit-861
inet/filter/OUTPUT -j limit-861
- inet6/filter/OUTPUT -j limit-861
inet/filter/limit-861 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-861 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-861 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-861
+ inet6/filter/INPUT -j limit-861
+ inet6/filter/OUTPUT -j limit-861
+ inet6/filter/limit-861 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-861 -m recent --name user:C --rsource --mask fe00:: --set
Filter 863 {"flow-limit":{"log":"none","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-862
- inet6/filter/FORWARD -j limit-862
+ inet/filter/FORWARD -j logaccept-final-24
inet/filter/INPUT -j limit-862
- inet6/filter/INPUT -j limit-862
+ inet/filter/INPUT -j logaccept-final-24
inet/filter/OUTPUT -j limit-862
- inet6/filter/OUTPUT -j limit-862
+ inet/filter/OUTPUT -j logaccept-final-24
inet/filter/limit-862 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-862 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-862 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-862 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-24
+ inet/filter/logaccept-final-24 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-24 -j ACCEPT
+ inet6/filter/FORWARD -j limit-862
inet6/filter/FORWARD -j logaccept-final-24
- inet/filter/INPUT -j logaccept-final-24
+ inet6/filter/INPUT -j limit-862
inet6/filter/INPUT -j logaccept-final-24
- inet/filter/OUTPUT -j logaccept-final-24
+ inet6/filter/OUTPUT -j limit-862
inet6/filter/OUTPUT -j logaccept-final-24
- inet/filter/logaccept-final-24 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-862 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-862 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logaccept-final-24 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-24 -j ACCEPT
inet6/filter/logaccept-final-24 -j ACCEPT
Filter 864 {"action":"pass","flow-limit":{"log":"none","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-863
- inet6/filter/FORWARD -j limit-863
inet/filter/INPUT -j limit-863
- inet6/filter/INPUT -j limit-863
inet/filter/OUTPUT -j limit-863
- inet6/filter/OUTPUT -j limit-863
inet/filter/limit-863 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-863 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-863 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-863
+ inet6/filter/INPUT -j limit-863
+ inet6/filter/OUTPUT -j limit-863
+ inet6/filter/limit-863 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-863 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 865 {"flow-limit":{"log":"none","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-864
- inet6/filter/FORWARD -j limit-864
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-864
- inet6/filter/INPUT -j limit-864
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-864
- inet6/filter/OUTPUT -j limit-864
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-864 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-864 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-864 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-864 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-864
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-864
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-864
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-864 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-864 -m recent --name user:C --rsource --mask fe00:: --set
Filter 866 {"action":"pass","flow-limit":{"log":"none","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-865
- inet6/filter/FORWARD -j limit-865
inet/filter/INPUT -j limit-865
- inet6/filter/INPUT -j limit-865
inet/filter/OUTPUT -j limit-865
- inet6/filter/OUTPUT -j limit-865
inet/filter/limit-865 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-865 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-865 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-865
+ inet6/filter/INPUT -j limit-865
+ inet6/filter/OUTPUT -j limit-865
+ inet6/filter/limit-865 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-865 -m recent --name user:C --rsource --mask fe00:: --set
Filter 867 {"flow-limit":{"log":"none","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-866
- inet6/filter/FORWARD -j limit-866
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-866
- inet6/filter/INPUT -j limit-866
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-866
- inet6/filter/OUTPUT -j limit-866
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-866 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-866 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-866
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-866
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-866
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-866 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 868 {"action":"pass","flow-limit":{"log":"none","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-867
- inet6/filter/FORWARD -j limit-867
inet/filter/INPUT -j limit-867
- inet6/filter/INPUT -j limit-867
inet/filter/OUTPUT -j limit-867
- inet6/filter/OUTPUT -j limit-867
inet/filter/limit-867 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-867
+ inet6/filter/INPUT -j limit-867
+ inet6/filter/OUTPUT -j limit-867
inet6/filter/limit-867 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 869 {"flow-limit":{"log":"none","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-868
- inet6/filter/FORWARD -j limit-868
+ inet/filter/FORWARD -j logaccept-final-25
inet/filter/INPUT -j limit-868
- inet6/filter/INPUT -j limit-868
+ inet/filter/INPUT -j logaccept-final-25
inet/filter/OUTPUT -j limit-868
- inet6/filter/OUTPUT -j limit-868
+ inet/filter/OUTPUT -j logaccept-final-25
inet/filter/limit-868 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-868 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j logaccept-final-25
+ inet/filter/logaccept-final-25 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-25 -j ACCEPT
+ inet6/filter/FORWARD -j limit-868
inet6/filter/FORWARD -j logaccept-final-25
- inet/filter/INPUT -j logaccept-final-25
+ inet6/filter/INPUT -j limit-868
inet6/filter/INPUT -j logaccept-final-25
- inet/filter/OUTPUT -j logaccept-final-25
+ inet6/filter/OUTPUT -j limit-868
inet6/filter/OUTPUT -j logaccept-final-25
- inet/filter/logaccept-final-25 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-868 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/logaccept-final-25 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-25 -j ACCEPT
inet6/filter/logaccept-final-25 -j ACCEPT
Filter 870 {"action":"pass","flow-limit":{"log":"none","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-869
- inet6/filter/FORWARD -j limit-869
inet/filter/INPUT -j limit-869
- inet6/filter/INPUT -j limit-869
inet/filter/OUTPUT -j limit-869
- inet6/filter/OUTPUT -j limit-869
inet/filter/limit-869 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-869 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-869 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-869
+ inet6/filter/INPUT -j limit-869
+ inet6/filter/OUTPUT -j limit-869
+ inet6/filter/limit-869 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-869 -m limit --limit 1/second -j LOG
Filter 871 {"flow-limit":{"log":"none","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-870
- inet6/filter/FORWARD -j limit-870
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-870
- inet6/filter/INPUT -j limit-870
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-870
- inet6/filter/OUTPUT -j limit-870
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-870 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-870 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-870
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-870
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-870
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-870 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 872 {"action":"pass","flow-limit":{"log":"none","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-871
- inet6/filter/FORWARD -j limit-871
inet/filter/INPUT -j limit-871
- inet6/filter/INPUT -j limit-871
inet/filter/OUTPUT -j limit-871
- inet6/filter/OUTPUT -j limit-871
inet/filter/limit-871 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-871
+ inet6/filter/INPUT -j limit-871
+ inet6/filter/OUTPUT -j limit-871
inet6/filter/limit-871 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 873 {"flow-limit":{"addr":"dest","log":"none","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-872
- inet6/filter/FORWARD -j limit-872
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-872
- inet6/filter/INPUT -j limit-872
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-872
- inet6/filter/OUTPUT -j limit-872
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-872 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-872 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-872 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-872 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-872
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-872
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-872
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-872 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-872 -m recent --name user:C --rdest --mask fe00:: --set
Filter 874 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-873
- inet6/filter/FORWARD -j limit-873
inet/filter/INPUT -j limit-873
- inet6/filter/INPUT -j limit-873
inet/filter/OUTPUT -j limit-873
- inet6/filter/OUTPUT -j limit-873
inet/filter/limit-873 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-873 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-873 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-873
+ inet6/filter/INPUT -j limit-873
+ inet6/filter/OUTPUT -j limit-873
+ inet6/filter/limit-873 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-873 -m recent --name user:C --rdest --mask fe00:: --set
Filter 875 {"flow-limit":{"addr":"dest","log":"none","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-874
- inet6/filter/FORWARD -j limit-874
+ inet/filter/FORWARD -j logaccept-final-26
inet/filter/INPUT -j limit-874
- inet6/filter/INPUT -j limit-874
+ inet/filter/INPUT -j logaccept-final-26
inet/filter/OUTPUT -j limit-874
- inet6/filter/OUTPUT -j limit-874
+ inet/filter/OUTPUT -j logaccept-final-26
inet/filter/limit-874 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-874 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-874 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-874 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-26
+ inet/filter/logaccept-final-26 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-26 -j ACCEPT
+ inet6/filter/FORWARD -j limit-874
inet6/filter/FORWARD -j logaccept-final-26
- inet/filter/INPUT -j logaccept-final-26
+ inet6/filter/INPUT -j limit-874
inet6/filter/INPUT -j logaccept-final-26
- inet/filter/OUTPUT -j logaccept-final-26
+ inet6/filter/OUTPUT -j limit-874
inet6/filter/OUTPUT -j logaccept-final-26
- inet/filter/logaccept-final-26 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-874 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-874 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logaccept-final-26 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-26 -j ACCEPT
inet6/filter/logaccept-final-26 -j ACCEPT
Filter 876 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-875
- inet6/filter/FORWARD -j limit-875
inet/filter/INPUT -j limit-875
- inet6/filter/INPUT -j limit-875
inet/filter/OUTPUT -j limit-875
- inet6/filter/OUTPUT -j limit-875
inet/filter/limit-875 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-875 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-875 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-875
+ inet6/filter/INPUT -j limit-875
+ inet6/filter/OUTPUT -j limit-875
+ inet6/filter/limit-875 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-875 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 877 {"flow-limit":{"addr":"dest","log":"none","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-876
- inet6/filter/FORWARD -j limit-876
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-876
- inet6/filter/INPUT -j limit-876
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-876
- inet6/filter/OUTPUT -j limit-876
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-876 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-876 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-876 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-876 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-876
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-876
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-876
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-876 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-876 -m recent --name user:C --rdest --mask fe00:: --set
Filter 878 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-877
- inet6/filter/FORWARD -j limit-877
inet/filter/INPUT -j limit-877
- inet6/filter/INPUT -j limit-877
inet/filter/OUTPUT -j limit-877
- inet6/filter/OUTPUT -j limit-877
inet/filter/limit-877 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-877 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-877 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-877
+ inet6/filter/INPUT -j limit-877
+ inet6/filter/OUTPUT -j limit-877
+ inet6/filter/limit-877 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-877 -m recent --name user:C --rdest --mask fe00:: --set
Filter 879 {"flow-limit":{"addr":"dest","log":"none","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-878
- inet6/filter/FORWARD -j limit-878
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-878
- inet6/filter/INPUT -j limit-878
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-878
- inet6/filter/OUTPUT -j limit-878
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-878 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-878 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-878
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-878
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-878
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-878 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 880 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-879
- inet6/filter/FORWARD -j limit-879
inet/filter/INPUT -j limit-879
- inet6/filter/INPUT -j limit-879
inet/filter/OUTPUT -j limit-879
- inet6/filter/OUTPUT -j limit-879
inet/filter/limit-879 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-879
+ inet6/filter/INPUT -j limit-879
+ inet6/filter/OUTPUT -j limit-879
inet6/filter/limit-879 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 881 {"flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-880
- inet6/filter/FORWARD -j limit-880
+ inet/filter/FORWARD -j logaccept-final-27
inet/filter/INPUT -j limit-880
- inet6/filter/INPUT -j limit-880
+ inet/filter/INPUT -j logaccept-final-27
inet/filter/OUTPUT -j limit-880
- inet6/filter/OUTPUT -j limit-880
+ inet/filter/OUTPUT -j logaccept-final-27
inet/filter/limit-880 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-880 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j logaccept-final-27
+ inet/filter/logaccept-final-27 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-27 -j ACCEPT
+ inet6/filter/FORWARD -j limit-880
inet6/filter/FORWARD -j logaccept-final-27
- inet/filter/INPUT -j logaccept-final-27
+ inet6/filter/INPUT -j limit-880
inet6/filter/INPUT -j logaccept-final-27
- inet/filter/OUTPUT -j logaccept-final-27
+ inet6/filter/OUTPUT -j limit-880
inet6/filter/OUTPUT -j logaccept-final-27
- inet/filter/logaccept-final-27 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-880 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/logaccept-final-27 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-27 -j ACCEPT
inet6/filter/logaccept-final-27 -j ACCEPT
Filter 882 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-881
- inet6/filter/FORWARD -j limit-881
inet/filter/INPUT -j limit-881
- inet6/filter/INPUT -j limit-881
inet/filter/OUTPUT -j limit-881
- inet6/filter/OUTPUT -j limit-881
inet/filter/limit-881 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-881 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-881 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-881
+ inet6/filter/INPUT -j limit-881
+ inet6/filter/OUTPUT -j limit-881
+ inet6/filter/limit-881 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/filter/limit-881 -m limit --limit 1/second -j LOG
Filter 883 {"flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-882
- inet6/filter/FORWARD -j limit-882
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-882
- inet6/filter/INPUT -j limit-882
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-882
- inet6/filter/OUTPUT -j limit-882
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-882 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-882 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-882
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-882
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-882
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-882 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 884 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-883
- inet6/filter/FORWARD -j limit-883
inet/filter/INPUT -j limit-883
- inet6/filter/INPUT -j limit-883
inet/filter/OUTPUT -j limit-883
- inet6/filter/OUTPUT -j limit-883
inet/filter/limit-883 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/FORWARD -j limit-883
+ inet6/filter/INPUT -j limit-883
+ inet6/filter/OUTPUT -j limit-883
inet6/filter/limit-883 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
Filter 885 {"flow-limit":{"interval":5}}
(filter-limit)
inet/filter/FORWARD -j limit-884
- inet6/filter/FORWARD -j limit-884
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-884
- inet6/filter/INPUT -j limit-884
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-884
- inet6/filter/OUTPUT -j limit-884
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-884 -m recent --name limit-884 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-288
- inet6/filter/limit-884 -m recent --name limit-884 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-288
+ inet/filter/limit-884 -m recent --name limit-884 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-288 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-288 -m limit --limit 1/second -j LOG
inet/filter/logdrop-288 -j DROP
- inet6/filter/logdrop-288 -j DROP
- inet/filter/limit-884 -m recent --name limit-884 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-884 -m recent --name limit-884 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-884
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-884
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-884
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-884 -m recent --name limit-884 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-288
+ inet6/filter/limit-884 -m recent --name limit-884 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-288 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-288 -j DROP
Filter 886 {"action":"pass","flow-limit":{"interval":5}}
(filter-limit)
inet/filter/FORWARD -j limit-885
- inet6/filter/FORWARD -j limit-885
inet/filter/INPUT -j limit-885
- inet6/filter/INPUT -j limit-885
inet/filter/OUTPUT -j limit-885
- inet6/filter/OUTPUT -j limit-885
inet/filter/limit-885 -m recent --name limit-885 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-289
- inet6/filter/limit-885 -m recent --name limit-885 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-289
+ inet/filter/limit-885 -m recent --name limit-885 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-289 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-289 -m limit --limit 1/second -j LOG
inet/filter/logdrop-289 -j DROP
- inet6/filter/logdrop-289 -j DROP
- inet/filter/limit-885 -m recent --name limit-885 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-885
+ inet6/filter/INPUT -j limit-885
+ inet6/filter/OUTPUT -j limit-885
+ inet6/filter/limit-885 -m recent --name limit-885 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-289
inet6/filter/limit-885 -m recent --name limit-885 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-289 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-289 -j DROP
Filter 887 {"flow-limit":{"interval":5},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-886
- inet6/filter/FORWARD -j limit-886
+ inet/filter/FORWARD -j logaccept-final-28
inet/filter/INPUT -j limit-886
- inet6/filter/INPUT -j limit-886
+ inet/filter/INPUT -j logaccept-final-28
inet/filter/OUTPUT -j limit-886
- inet6/filter/OUTPUT -j limit-886
+ inet/filter/OUTPUT -j logaccept-final-28
inet/filter/limit-886 -m recent --name limit-886 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-290
- inet6/filter/limit-886 -m recent --name limit-886 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-290
+ inet/filter/limit-886 -m recent --name limit-886 --rsource --mask 255.255.255.255 --set
+ inet/filter/logaccept-final-28 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-28 -j ACCEPT
inet/filter/logdrop-290 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-290 -m limit --limit 1/second -j LOG
inet/filter/logdrop-290 -j DROP
- inet6/filter/logdrop-290 -j DROP
- inet/filter/limit-886 -m recent --name limit-886 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-886 -m recent --name limit-886 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-28
+ inet6/filter/FORWARD -j limit-886
inet6/filter/FORWARD -j logaccept-final-28
- inet/filter/INPUT -j logaccept-final-28
+ inet6/filter/INPUT -j limit-886
inet6/filter/INPUT -j logaccept-final-28
- inet/filter/OUTPUT -j logaccept-final-28
+ inet6/filter/OUTPUT -j limit-886
inet6/filter/OUTPUT -j logaccept-final-28
- inet/filter/logaccept-final-28 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-886 -m recent --name limit-886 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-290
+ inet6/filter/limit-886 -m recent --name limit-886 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-28 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-28 -j ACCEPT
inet6/filter/logaccept-final-28 -j ACCEPT
+ inet6/filter/logdrop-290 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-290 -j DROP
Filter 888 {"action":"pass","flow-limit":{"interval":5},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-887
- inet6/filter/FORWARD -j limit-887
inet/filter/INPUT -j limit-887
- inet6/filter/INPUT -j limit-887
inet/filter/OUTPUT -j limit-887
- inet6/filter/OUTPUT -j limit-887
inet/filter/limit-887 -m recent --name limit-887 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-291
- inet6/filter/limit-887 -m recent --name limit-887 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-291
+ inet/filter/limit-887 -m recent --name limit-887 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-291 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-291 -m limit --limit 1/second -j LOG
inet/filter/logdrop-291 -j DROP
- inet6/filter/logdrop-291 -j DROP
- inet/filter/limit-887 -m recent --name limit-887 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-887
+ inet6/filter/INPUT -j limit-887
+ inet6/filter/OUTPUT -j limit-887
+ inet6/filter/limit-887 -m recent --name limit-887 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-291
inet6/filter/limit-887 -m recent --name limit-887 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-291 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-291 -j DROP
Filter 889 {"flow-limit":{"interval":5},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-888
- inet6/filter/FORWARD -j limit-888
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-888
- inet6/filter/INPUT -j limit-888
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-888
- inet6/filter/OUTPUT -j limit-888
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-888 -m recent --name limit-888 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-292
- inet6/filter/limit-888 -m recent --name limit-888 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-292
+ inet/filter/limit-888 -m recent --name limit-888 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-292 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-292 -m limit --limit 1/second -j LOG
inet/filter/logdrop-292 -j DROP
- inet6/filter/logdrop-292 -j DROP
- inet/filter/limit-888 -m recent --name limit-888 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-888 -m recent --name limit-888 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-888
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-888
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-888
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-888 -m recent --name limit-888 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-292
+ inet6/filter/limit-888 -m recent --name limit-888 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-292 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-292 -j DROP
Filter 890 {"action":"pass","flow-limit":{"interval":5},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-889
- inet6/filter/FORWARD -j limit-889
inet/filter/INPUT -j limit-889
- inet6/filter/INPUT -j limit-889
inet/filter/OUTPUT -j limit-889
- inet6/filter/OUTPUT -j limit-889
inet/filter/limit-889 -m recent --name limit-889 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-293
- inet6/filter/limit-889 -m recent --name limit-889 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-293
+ inet/filter/limit-889 -m recent --name limit-889 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-293 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-293 -m limit --limit 1/second -j LOG
inet/filter/logdrop-293 -j DROP
- inet6/filter/logdrop-293 -j DROP
- inet/filter/limit-889 -m recent --name limit-889 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-889
+ inet6/filter/INPUT -j limit-889
+ inet6/filter/OUTPUT -j limit-889
+ inet6/filter/limit-889 -m recent --name limit-889 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-293
inet6/filter/limit-889 -m recent --name limit-889 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-293 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-293 -j DROP
Filter 891 {"flow-limit":{"interval":5,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-890
- inet6/filter/FORWARD -j limit-890
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-890
- inet6/filter/INPUT -j limit-890
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-890
- inet6/filter/OUTPUT -j limit-890
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-890 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-294
- inet6/filter/limit-890 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-294
+ inet/filter/limit-890 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-294 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-294 -m limit --limit 1/second -j LOG
inet/filter/logdrop-294 -j DROP
- inet6/filter/logdrop-294 -j DROP
- inet/filter/limit-890 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-890 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-890
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-890
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-890
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-890 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-294
+ inet6/filter/limit-890 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-294 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-294 -j DROP
Filter 892 {"action":"pass","flow-limit":{"interval":5,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-891
- inet6/filter/FORWARD -j limit-891
inet/filter/INPUT -j limit-891
- inet6/filter/INPUT -j limit-891
inet/filter/OUTPUT -j limit-891
- inet6/filter/OUTPUT -j limit-891
inet/filter/limit-891 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-295
- inet6/filter/limit-891 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-295
+ inet/filter/limit-891 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-295 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-295 -m limit --limit 1/second -j LOG
inet/filter/logdrop-295 -j DROP
- inet6/filter/logdrop-295 -j DROP
- inet/filter/limit-891 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-891
+ inet6/filter/INPUT -j limit-891
+ inet6/filter/OUTPUT -j limit-891
+ inet6/filter/limit-891 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-295
inet6/filter/limit-891 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-295 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-295 -j DROP
Filter 893 {"flow-limit":{"interval":5,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-892
- inet6/filter/FORWARD -j limit-892
+ inet/filter/FORWARD -j logaccept-final-29
inet/filter/INPUT -j limit-892
- inet6/filter/INPUT -j limit-892
+ inet/filter/INPUT -j logaccept-final-29
inet/filter/OUTPUT -j limit-892
- inet6/filter/OUTPUT -j limit-892
+ inet/filter/OUTPUT -j logaccept-final-29
inet/filter/limit-892 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-296
- inet6/filter/limit-892 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-296
+ inet/filter/limit-892 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/logaccept-final-29 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-29 -j ACCEPT
inet/filter/logdrop-296 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-296 -m limit --limit 1/second -j LOG
inet/filter/logdrop-296 -j DROP
- inet6/filter/logdrop-296 -j DROP
- inet/filter/limit-892 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-892 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-29
+ inet6/filter/FORWARD -j limit-892
inet6/filter/FORWARD -j logaccept-final-29
- inet/filter/INPUT -j logaccept-final-29
+ inet6/filter/INPUT -j limit-892
inet6/filter/INPUT -j logaccept-final-29
- inet/filter/OUTPUT -j logaccept-final-29
+ inet6/filter/OUTPUT -j limit-892
inet6/filter/OUTPUT -j logaccept-final-29
- inet/filter/logaccept-final-29 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-892 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-296
+ inet6/filter/limit-892 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-29 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-29 -j ACCEPT
inet6/filter/logaccept-final-29 -j ACCEPT
+ inet6/filter/logdrop-296 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-296 -j DROP
Filter 894 {"action":"pass","flow-limit":{"interval":5,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-893
- inet6/filter/FORWARD -j limit-893
inet/filter/INPUT -j limit-893
- inet6/filter/INPUT -j limit-893
inet/filter/OUTPUT -j limit-893
- inet6/filter/OUTPUT -j limit-893
inet/filter/limit-893 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-297
- inet6/filter/limit-893 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-297
+ inet/filter/limit-893 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-297 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-297 -m limit --limit 1/second -j LOG
inet/filter/logdrop-297 -j DROP
- inet6/filter/logdrop-297 -j DROP
- inet/filter/limit-893 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-893
+ inet6/filter/INPUT -j limit-893
+ inet6/filter/OUTPUT -j limit-893
+ inet6/filter/limit-893 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-297
inet6/filter/limit-893 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-297 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-297 -j DROP
Filter 895 {"flow-limit":{"interval":5,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-894
- inet6/filter/FORWARD -j limit-894
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-894
- inet6/filter/INPUT -j limit-894
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-894
- inet6/filter/OUTPUT -j limit-894
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-894 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-298
- inet6/filter/limit-894 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-298
+ inet/filter/limit-894 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-298 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-298 -m limit --limit 1/second -j LOG
inet/filter/logdrop-298 -j DROP
- inet6/filter/logdrop-298 -j DROP
- inet/filter/limit-894 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-894 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-894
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-894
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-894
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-894 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-298
+ inet6/filter/limit-894 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-298 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-298 -j DROP
Filter 896 {"action":"pass","flow-limit":{"interval":5,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-895
- inet6/filter/FORWARD -j limit-895
inet/filter/INPUT -j limit-895
- inet6/filter/INPUT -j limit-895
inet/filter/OUTPUT -j limit-895
- inet6/filter/OUTPUT -j limit-895
inet/filter/limit-895 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-299
- inet6/filter/limit-895 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-299
+ inet/filter/limit-895 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-299 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-299 -m limit --limit 1/second -j LOG
inet/filter/logdrop-299 -j DROP
- inet6/filter/logdrop-299 -j DROP
- inet/filter/limit-895 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-895
+ inet6/filter/INPUT -j limit-895
+ inet6/filter/OUTPUT -j limit-895
+ inet6/filter/limit-895 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-299
inet6/filter/limit-895 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-299 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-299 -j DROP
Filter 897 {"flow-limit":{"interval":5,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-896
- inet6/filter/FORWARD -j limit-896
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-896
- inet6/filter/INPUT -j limit-896
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-896
- inet6/filter/OUTPUT -j limit-896
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-896 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-300
- inet6/filter/limit-896 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-300
inet/filter/logdrop-300 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-300 -m limit --limit 1/second -j LOG
inet/filter/logdrop-300 -j DROP
- inet6/filter/logdrop-300 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-896
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-896
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-896
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-896 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-300
+ inet6/filter/logdrop-300 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-300 -j DROP
Filter 898 {"action":"pass","flow-limit":{"interval":5,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-897
- inet6/filter/FORWARD -j limit-897
inet/filter/INPUT -j limit-897
- inet6/filter/INPUT -j limit-897
inet/filter/OUTPUT -j limit-897
- inet6/filter/OUTPUT -j limit-897
inet/filter/limit-897 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-301
- inet6/filter/limit-897 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-301
inet/filter/logdrop-301 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-301 -m limit --limit 1/second -j LOG
inet/filter/logdrop-301 -j DROP
+ inet6/filter/FORWARD -j limit-897
+ inet6/filter/INPUT -j limit-897
+ inet6/filter/OUTPUT -j limit-897
+ inet6/filter/limit-897 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-301
+ inet6/filter/logdrop-301 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-301 -j DROP
Filter 899 {"flow-limit":{"interval":5,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-898
- inet6/filter/FORWARD -j limit-898
+ inet/filter/FORWARD -j logaccept-final-30
inet/filter/INPUT -j limit-898
- inet6/filter/INPUT -j limit-898
+ inet/filter/INPUT -j logaccept-final-30
inet/filter/OUTPUT -j limit-898
- inet6/filter/OUTPUT -j limit-898
+ inet/filter/OUTPUT -j logaccept-final-30
inet/filter/limit-898 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-302
- inet6/filter/limit-898 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-302
+ inet/filter/logaccept-final-30 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-30 -j ACCEPT
inet/filter/logdrop-302 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-302 -m limit --limit 1/second -j LOG
inet/filter/logdrop-302 -j DROP
- inet6/filter/logdrop-302 -j DROP
- inet/filter/FORWARD -j logaccept-final-30
+ inet6/filter/FORWARD -j limit-898
inet6/filter/FORWARD -j logaccept-final-30
- inet/filter/INPUT -j logaccept-final-30
+ inet6/filter/INPUT -j limit-898
inet6/filter/INPUT -j logaccept-final-30
- inet/filter/OUTPUT -j logaccept-final-30
+ inet6/filter/OUTPUT -j limit-898
inet6/filter/OUTPUT -j logaccept-final-30
- inet/filter/logaccept-final-30 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-898 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-302
inet6/filter/logaccept-final-30 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-30 -j ACCEPT
inet6/filter/logaccept-final-30 -j ACCEPT
+ inet6/filter/logdrop-302 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-302 -j DROP
Filter 900 {"action":"pass","flow-limit":{"interval":5,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-899
- inet6/filter/FORWARD -j limit-899
inet/filter/INPUT -j limit-899
- inet6/filter/INPUT -j limit-899
inet/filter/OUTPUT -j limit-899
- inet6/filter/OUTPUT -j limit-899
inet/filter/limit-899 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-303
- inet6/filter/limit-899 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-303
+ inet/filter/limit-899 -m limit --limit 1/second -j LOG
inet/filter/logdrop-303 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-303 -m limit --limit 1/second -j LOG
inet/filter/logdrop-303 -j DROP
- inet6/filter/logdrop-303 -j DROP
- inet/filter/limit-899 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-899
+ inet6/filter/INPUT -j limit-899
+ inet6/filter/OUTPUT -j limit-899
+ inet6/filter/limit-899 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-303
inet6/filter/limit-899 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-303 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-303 -j DROP
Filter 901 {"flow-limit":{"interval":5,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-900
- inet6/filter/FORWARD -j limit-900
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-900
- inet6/filter/INPUT -j limit-900
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-900
- inet6/filter/OUTPUT -j limit-900
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-900 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-304
- inet6/filter/limit-900 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-304
inet/filter/logdrop-304 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-304 -m limit --limit 1/second -j LOG
inet/filter/logdrop-304 -j DROP
- inet6/filter/logdrop-304 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-900
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-900
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-900
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-900 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-304
+ inet6/filter/logdrop-304 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-304 -j DROP
Filter 902 {"action":"pass","flow-limit":{"interval":5,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-901
- inet6/filter/FORWARD -j limit-901
inet/filter/INPUT -j limit-901
- inet6/filter/INPUT -j limit-901
inet/filter/OUTPUT -j limit-901
- inet6/filter/OUTPUT -j limit-901
inet/filter/limit-901 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-305
- inet6/filter/limit-901 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-305
inet/filter/logdrop-305 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-305 -m limit --limit 1/second -j LOG
inet/filter/logdrop-305 -j DROP
+ inet6/filter/FORWARD -j limit-901
+ inet6/filter/INPUT -j limit-901
+ inet6/filter/OUTPUT -j limit-901
+ inet6/filter/limit-901 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-305
+ inet6/filter/logdrop-305 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-305 -j DROP
Filter 903 {"flow-limit":{"addr":"dest","interval":5,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-902
- inet6/filter/FORWARD -j limit-902
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-902
- inet6/filter/INPUT -j limit-902
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-902
- inet6/filter/OUTPUT -j limit-902
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-902 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-306
- inet6/filter/limit-902 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-306
+ inet/filter/limit-902 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-306 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-306 -m limit --limit 1/second -j LOG
inet/filter/logdrop-306 -j DROP
- inet6/filter/logdrop-306 -j DROP
- inet/filter/limit-902 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-902 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-902
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-902
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-902
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-902 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-306
+ inet6/filter/limit-902 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-306 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-306 -j DROP
Filter 904 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-903
- inet6/filter/FORWARD -j limit-903
inet/filter/INPUT -j limit-903
- inet6/filter/INPUT -j limit-903
inet/filter/OUTPUT -j limit-903
- inet6/filter/OUTPUT -j limit-903
inet/filter/limit-903 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-307
- inet6/filter/limit-903 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-307
+ inet/filter/limit-903 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-307 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-307 -m limit --limit 1/second -j LOG
inet/filter/logdrop-307 -j DROP
- inet6/filter/logdrop-307 -j DROP
- inet/filter/limit-903 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-903
+ inet6/filter/INPUT -j limit-903
+ inet6/filter/OUTPUT -j limit-903
+ inet6/filter/limit-903 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-307
inet6/filter/limit-903 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-307 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-307 -j DROP
Filter 905 {"flow-limit":{"addr":"dest","interval":5,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-904
- inet6/filter/FORWARD -j limit-904
+ inet/filter/FORWARD -j logaccept-final-31
inet/filter/INPUT -j limit-904
- inet6/filter/INPUT -j limit-904
+ inet/filter/INPUT -j logaccept-final-31
inet/filter/OUTPUT -j limit-904
- inet6/filter/OUTPUT -j limit-904
+ inet/filter/OUTPUT -j logaccept-final-31
inet/filter/limit-904 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-308
- inet6/filter/limit-904 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-308
+ inet/filter/limit-904 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet/filter/logaccept-final-31 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-31 -j ACCEPT
inet/filter/logdrop-308 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-308 -m limit --limit 1/second -j LOG
inet/filter/logdrop-308 -j DROP
- inet6/filter/logdrop-308 -j DROP
- inet/filter/limit-904 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-904 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-31
+ inet6/filter/FORWARD -j limit-904
inet6/filter/FORWARD -j logaccept-final-31
- inet/filter/INPUT -j logaccept-final-31
+ inet6/filter/INPUT -j limit-904
inet6/filter/INPUT -j logaccept-final-31
- inet/filter/OUTPUT -j logaccept-final-31
+ inet6/filter/OUTPUT -j limit-904
inet6/filter/OUTPUT -j logaccept-final-31
- inet/filter/logaccept-final-31 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-904 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-308
+ inet6/filter/limit-904 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-31 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-31 -j ACCEPT
inet6/filter/logaccept-final-31 -j ACCEPT
+ inet6/filter/logdrop-308 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-308 -j DROP
Filter 906 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-905
- inet6/filter/FORWARD -j limit-905
inet/filter/INPUT -j limit-905
- inet6/filter/INPUT -j limit-905
inet/filter/OUTPUT -j limit-905
- inet6/filter/OUTPUT -j limit-905
inet/filter/limit-905 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-309
- inet6/filter/limit-905 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-309
+ inet/filter/limit-905 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-309 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-309 -m limit --limit 1/second -j LOG
inet/filter/logdrop-309 -j DROP
- inet6/filter/logdrop-309 -j DROP
- inet/filter/limit-905 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-905
+ inet6/filter/INPUT -j limit-905
+ inet6/filter/OUTPUT -j limit-905
+ inet6/filter/limit-905 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-309
inet6/filter/limit-905 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-309 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-309 -j DROP
Filter 907 {"flow-limit":{"addr":"dest","interval":5,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-906
- inet6/filter/FORWARD -j limit-906
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-906
- inet6/filter/INPUT -j limit-906
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-906
- inet6/filter/OUTPUT -j limit-906
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-906 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-310
- inet6/filter/limit-906 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-310
+ inet/filter/limit-906 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-310 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-310 -m limit --limit 1/second -j LOG
inet/filter/logdrop-310 -j DROP
- inet6/filter/logdrop-310 -j DROP
- inet/filter/limit-906 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-906 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-906
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-906
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-906
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-906 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-310
+ inet6/filter/limit-906 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-310 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-310 -j DROP
Filter 908 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-907
- inet6/filter/FORWARD -j limit-907
inet/filter/INPUT -j limit-907
- inet6/filter/INPUT -j limit-907
inet/filter/OUTPUT -j limit-907
- inet6/filter/OUTPUT -j limit-907
inet/filter/limit-907 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-311
- inet6/filter/limit-907 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-311
+ inet/filter/limit-907 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-311 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-311 -m limit --limit 1/second -j LOG
inet/filter/logdrop-311 -j DROP
- inet6/filter/logdrop-311 -j DROP
- inet/filter/limit-907 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-907
+ inet6/filter/INPUT -j limit-907
+ inet6/filter/OUTPUT -j limit-907
+ inet6/filter/limit-907 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-311
inet6/filter/limit-907 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-311 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-311 -j DROP
Filter 909 {"flow-limit":{"addr":"dest","interval":5,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-908
- inet6/filter/FORWARD -j limit-908
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-908
- inet6/filter/INPUT -j limit-908
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-908
- inet6/filter/OUTPUT -j limit-908
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-908 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-312
- inet6/filter/limit-908 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-312
inet/filter/logdrop-312 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-312 -m limit --limit 1/second -j LOG
inet/filter/logdrop-312 -j DROP
- inet6/filter/logdrop-312 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-908
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-908
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-908
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-908 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-312
+ inet6/filter/logdrop-312 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-312 -j DROP
Filter 910 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-909
- inet6/filter/FORWARD -j limit-909
inet/filter/INPUT -j limit-909
- inet6/filter/INPUT -j limit-909
inet/filter/OUTPUT -j limit-909
- inet6/filter/OUTPUT -j limit-909
inet/filter/limit-909 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-313
- inet6/filter/limit-909 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-313
inet/filter/logdrop-313 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-313 -m limit --limit 1/second -j LOG
inet/filter/logdrop-313 -j DROP
+ inet6/filter/FORWARD -j limit-909
+ inet6/filter/INPUT -j limit-909
+ inet6/filter/OUTPUT -j limit-909
+ inet6/filter/limit-909 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-313
+ inet6/filter/logdrop-313 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-313 -j DROP
Filter 911 {"flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-910
- inet6/filter/FORWARD -j limit-910
+ inet/filter/FORWARD -j logaccept-final-32
inet/filter/INPUT -j limit-910
- inet6/filter/INPUT -j limit-910
+ inet/filter/INPUT -j logaccept-final-32
inet/filter/OUTPUT -j limit-910
- inet6/filter/OUTPUT -j limit-910
+ inet/filter/OUTPUT -j logaccept-final-32
inet/filter/limit-910 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-314
- inet6/filter/limit-910 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-314
+ inet/filter/logaccept-final-32 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-32 -j ACCEPT
inet/filter/logdrop-314 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-314 -m limit --limit 1/second -j LOG
inet/filter/logdrop-314 -j DROP
- inet6/filter/logdrop-314 -j DROP
- inet/filter/FORWARD -j logaccept-final-32
+ inet6/filter/FORWARD -j limit-910
inet6/filter/FORWARD -j logaccept-final-32
- inet/filter/INPUT -j logaccept-final-32
+ inet6/filter/INPUT -j limit-910
inet6/filter/INPUT -j logaccept-final-32
- inet/filter/OUTPUT -j logaccept-final-32
+ inet6/filter/OUTPUT -j limit-910
inet6/filter/OUTPUT -j logaccept-final-32
- inet/filter/logaccept-final-32 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-910 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-314
inet6/filter/logaccept-final-32 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-32 -j ACCEPT
inet6/filter/logaccept-final-32 -j ACCEPT
+ inet6/filter/logdrop-314 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-314 -j DROP
Filter 912 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-911
- inet6/filter/FORWARD -j limit-911
inet/filter/INPUT -j limit-911
- inet6/filter/INPUT -j limit-911
inet/filter/OUTPUT -j limit-911
- inet6/filter/OUTPUT -j limit-911
inet/filter/limit-911 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-315
- inet6/filter/limit-911 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-315
+ inet/filter/limit-911 -m limit --limit 1/second -j LOG
inet/filter/logdrop-315 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-315 -m limit --limit 1/second -j LOG
inet/filter/logdrop-315 -j DROP
- inet6/filter/logdrop-315 -j DROP
- inet/filter/limit-911 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-911
+ inet6/filter/INPUT -j limit-911
+ inet6/filter/OUTPUT -j limit-911
+ inet6/filter/limit-911 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-315
inet6/filter/limit-911 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-315 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-315 -j DROP
Filter 913 {"flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-912
- inet6/filter/FORWARD -j limit-912
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-912
- inet6/filter/INPUT -j limit-912
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-912
- inet6/filter/OUTPUT -j limit-912
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-912 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-316
- inet6/filter/limit-912 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-316
inet/filter/logdrop-316 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-316 -m limit --limit 1/second -j LOG
inet/filter/logdrop-316 -j DROP
- inet6/filter/logdrop-316 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-912
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-912
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-912
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-912 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-316
+ inet6/filter/logdrop-316 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-316 -j DROP
Filter 914 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-913
- inet6/filter/FORWARD -j limit-913
inet/filter/INPUT -j limit-913
- inet6/filter/INPUT -j limit-913
inet/filter/OUTPUT -j limit-913
- inet6/filter/OUTPUT -j limit-913
inet/filter/limit-913 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-317
- inet6/filter/limit-913 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-317
inet/filter/logdrop-317 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-317 -m limit --limit 1/second -j LOG
inet/filter/logdrop-317 -j DROP
+ inet6/filter/FORWARD -j limit-913
+ inet6/filter/INPUT -j limit-913
+ inet6/filter/OUTPUT -j limit-913
+ inet6/filter/limit-913 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-317
+ inet6/filter/logdrop-317 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-317 -j DROP
Filter 915 {"flow-limit":{"interval":5,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-914
- inet6/filter/FORWARD -j limit-914
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-914
- inet6/filter/INPUT -j limit-914
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-914
- inet6/filter/OUTPUT -j limit-914
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-914 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-318
- inet6/filter/limit-914 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-318
+ inet/filter/limit-914 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-318 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-318 -m limit --limit 1/second -j LOG
inet/filter/logdrop-318 -j DROP
- inet6/filter/logdrop-318 -j DROP
- inet/filter/limit-914 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-914 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-914
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-914
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-914
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-914 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-318
+ inet6/filter/limit-914 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-318 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-318 -j DROP
Filter 916 {"action":"pass","flow-limit":{"interval":5,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-915
- inet6/filter/FORWARD -j limit-915
inet/filter/INPUT -j limit-915
- inet6/filter/INPUT -j limit-915
inet/filter/OUTPUT -j limit-915
- inet6/filter/OUTPUT -j limit-915
inet/filter/limit-915 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-319
- inet6/filter/limit-915 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-319
+ inet/filter/limit-915 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-319 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-319 -m limit --limit 1/second -j LOG
inet/filter/logdrop-319 -j DROP
- inet6/filter/logdrop-319 -j DROP
- inet/filter/limit-915 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-915
+ inet6/filter/INPUT -j limit-915
+ inet6/filter/OUTPUT -j limit-915
+ inet6/filter/limit-915 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-319
inet6/filter/limit-915 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-319 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-319 -j DROP
Filter 917 {"flow-limit":{"interval":5,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-916
- inet6/filter/FORWARD -j limit-916
+ inet/filter/FORWARD -j logaccept-final-33
inet/filter/INPUT -j limit-916
- inet6/filter/INPUT -j limit-916
+ inet/filter/INPUT -j logaccept-final-33
inet/filter/OUTPUT -j limit-916
- inet6/filter/OUTPUT -j limit-916
+ inet/filter/OUTPUT -j logaccept-final-33
inet/filter/limit-916 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-320
- inet6/filter/limit-916 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-320
+ inet/filter/limit-916 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet/filter/logaccept-final-33 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-33 -j ACCEPT
inet/filter/logdrop-320 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-320 -m limit --limit 1/second -j LOG
inet/filter/logdrop-320 -j DROP
- inet6/filter/logdrop-320 -j DROP
- inet/filter/limit-916 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-916 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-33
+ inet6/filter/FORWARD -j limit-916
inet6/filter/FORWARD -j logaccept-final-33
- inet/filter/INPUT -j logaccept-final-33
+ inet6/filter/INPUT -j limit-916
inet6/filter/INPUT -j logaccept-final-33
- inet/filter/OUTPUT -j logaccept-final-33
+ inet6/filter/OUTPUT -j limit-916
inet6/filter/OUTPUT -j logaccept-final-33
- inet/filter/logaccept-final-33 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-916 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-320
+ inet6/filter/limit-916 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logaccept-final-33 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-33 -j ACCEPT
inet6/filter/logaccept-final-33 -j ACCEPT
+ inet6/filter/logdrop-320 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-320 -j DROP
Filter 918 {"action":"pass","flow-limit":{"interval":5,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-917
- inet6/filter/FORWARD -j limit-917
inet/filter/INPUT -j limit-917
- inet6/filter/INPUT -j limit-917
inet/filter/OUTPUT -j limit-917
- inet6/filter/OUTPUT -j limit-917
inet/filter/limit-917 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-321
- inet6/filter/limit-917 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-321
+ inet/filter/limit-917 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-321 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-321 -m limit --limit 1/second -j LOG
inet/filter/logdrop-321 -j DROP
- inet6/filter/logdrop-321 -j DROP
- inet/filter/limit-917 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-917
+ inet6/filter/INPUT -j limit-917
+ inet6/filter/OUTPUT -j limit-917
+ inet6/filter/limit-917 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-321
inet6/filter/limit-917 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-321 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-321 -j DROP
Filter 919 {"flow-limit":{"interval":5,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-918
- inet6/filter/FORWARD -j limit-918
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-918
- inet6/filter/INPUT -j limit-918
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-918
- inet6/filter/OUTPUT -j limit-918
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-918 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-322
- inet6/filter/limit-918 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-322
+ inet/filter/limit-918 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-322 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-322 -m limit --limit 1/second -j LOG
inet/filter/logdrop-322 -j DROP
- inet6/filter/logdrop-322 -j DROP
- inet/filter/limit-918 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-918 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-918
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-918
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-918
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-918 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-322
+ inet6/filter/limit-918 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-322 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-322 -j DROP
Filter 920 {"action":"pass","flow-limit":{"interval":5,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-919
- inet6/filter/FORWARD -j limit-919
inet/filter/INPUT -j limit-919
- inet6/filter/INPUT -j limit-919
inet/filter/OUTPUT -j limit-919
- inet6/filter/OUTPUT -j limit-919
inet/filter/limit-919 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-323
- inet6/filter/limit-919 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-323
+ inet/filter/limit-919 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-323 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-323 -m limit --limit 1/second -j LOG
inet/filter/logdrop-323 -j DROP
- inet6/filter/logdrop-323 -j DROP
- inet/filter/limit-919 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-919
+ inet6/filter/INPUT -j limit-919
+ inet6/filter/OUTPUT -j limit-919
+ inet6/filter/limit-919 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-323
inet6/filter/limit-919 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-323 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-323 -j DROP
Filter 921 {"flow-limit":{"interval":5,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-920
- inet6/filter/FORWARD -j limit-920
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-920
- inet6/filter/INPUT -j limit-920
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-920
- inet6/filter/OUTPUT -j limit-920
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-920 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-324
- inet6/filter/limit-920 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-324
inet/filter/logdrop-324 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-324 -m limit --limit 1/second -j LOG
inet/filter/logdrop-324 -j DROP
- inet6/filter/logdrop-324 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-920
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-920
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-920
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-920 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-324
+ inet6/filter/logdrop-324 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-324 -j DROP
Filter 922 {"action":"pass","flow-limit":{"interval":5,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-921
- inet6/filter/FORWARD -j limit-921
inet/filter/INPUT -j limit-921
- inet6/filter/INPUT -j limit-921
inet/filter/OUTPUT -j limit-921
- inet6/filter/OUTPUT -j limit-921
inet/filter/limit-921 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-325
- inet6/filter/limit-921 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-325
inet/filter/logdrop-325 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-325 -m limit --limit 1/second -j LOG
inet/filter/logdrop-325 -j DROP
+ inet6/filter/FORWARD -j limit-921
+ inet6/filter/INPUT -j limit-921
+ inet6/filter/OUTPUT -j limit-921
+ inet6/filter/limit-921 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-325
+ inet6/filter/logdrop-325 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-325 -j DROP
Filter 923 {"flow-limit":{"interval":5,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-922
- inet6/filter/FORWARD -j limit-922
+ inet/filter/FORWARD -j logaccept-final-34
inet/filter/INPUT -j limit-922
- inet6/filter/INPUT -j limit-922
+ inet/filter/INPUT -j logaccept-final-34
inet/filter/OUTPUT -j limit-922
- inet6/filter/OUTPUT -j limit-922
+ inet/filter/OUTPUT -j logaccept-final-34
inet/filter/limit-922 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-326
- inet6/filter/limit-922 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-326
+ inet/filter/logaccept-final-34 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-34 -j ACCEPT
inet/filter/logdrop-326 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-326 -m limit --limit 1/second -j LOG
inet/filter/logdrop-326 -j DROP
- inet6/filter/logdrop-326 -j DROP
- inet/filter/FORWARD -j logaccept-final-34
+ inet6/filter/FORWARD -j limit-922
inet6/filter/FORWARD -j logaccept-final-34
- inet/filter/INPUT -j logaccept-final-34
+ inet6/filter/INPUT -j limit-922
inet6/filter/INPUT -j logaccept-final-34
- inet/filter/OUTPUT -j logaccept-final-34
+ inet6/filter/OUTPUT -j limit-922
inet6/filter/OUTPUT -j logaccept-final-34
- inet/filter/logaccept-final-34 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-922 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-326
inet6/filter/logaccept-final-34 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-34 -j ACCEPT
inet6/filter/logaccept-final-34 -j ACCEPT
+ inet6/filter/logdrop-326 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-326 -j DROP
Filter 924 {"action":"pass","flow-limit":{"interval":5,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-923
- inet6/filter/FORWARD -j limit-923
inet/filter/INPUT -j limit-923
- inet6/filter/INPUT -j limit-923
inet/filter/OUTPUT -j limit-923
- inet6/filter/OUTPUT -j limit-923
inet/filter/limit-923 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-327
- inet6/filter/limit-923 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-327
+ inet/filter/limit-923 -m limit --limit 1/second -j LOG
inet/filter/logdrop-327 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-327 -m limit --limit 1/second -j LOG
inet/filter/logdrop-327 -j DROP
- inet6/filter/logdrop-327 -j DROP
- inet/filter/limit-923 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-923
+ inet6/filter/INPUT -j limit-923
+ inet6/filter/OUTPUT -j limit-923
+ inet6/filter/limit-923 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-327
inet6/filter/limit-923 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-327 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-327 -j DROP
Filter 925 {"flow-limit":{"interval":5,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-924
- inet6/filter/FORWARD -j limit-924
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-924
- inet6/filter/INPUT -j limit-924
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-924
- inet6/filter/OUTPUT -j limit-924
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-924 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-328
- inet6/filter/limit-924 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-328
inet/filter/logdrop-328 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-328 -m limit --limit 1/second -j LOG
inet/filter/logdrop-328 -j DROP
- inet6/filter/logdrop-328 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-924
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-924
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-924
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-924 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-328
+ inet6/filter/logdrop-328 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-328 -j DROP
Filter 926 {"action":"pass","flow-limit":{"interval":5,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-925
- inet6/filter/FORWARD -j limit-925
inet/filter/INPUT -j limit-925
- inet6/filter/INPUT -j limit-925
inet/filter/OUTPUT -j limit-925
- inet6/filter/OUTPUT -j limit-925
inet/filter/limit-925 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-329
- inet6/filter/limit-925 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-329
inet/filter/logdrop-329 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-329 -m limit --limit 1/second -j LOG
inet/filter/logdrop-329 -j DROP
+ inet6/filter/FORWARD -j limit-925
+ inet6/filter/INPUT -j limit-925
+ inet6/filter/OUTPUT -j limit-925
+ inet6/filter/limit-925 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-329
+ inet6/filter/logdrop-329 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-329 -j DROP
Filter 927 {"flow-limit":{"addr":"dest","interval":5,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-926
- inet6/filter/FORWARD -j limit-926
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-926
- inet6/filter/INPUT -j limit-926
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-926
- inet6/filter/OUTPUT -j limit-926
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-926 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-330
- inet6/filter/limit-926 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-330
+ inet/filter/limit-926 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-330 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-330 -m limit --limit 1/second -j LOG
inet/filter/logdrop-330 -j DROP
- inet6/filter/logdrop-330 -j DROP
- inet/filter/limit-926 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-926 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-926
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-926
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-926
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-926 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-330
+ inet6/filter/limit-926 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-330 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-330 -j DROP
Filter 928 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-927
- inet6/filter/FORWARD -j limit-927
inet/filter/INPUT -j limit-927
- inet6/filter/INPUT -j limit-927
inet/filter/OUTPUT -j limit-927
- inet6/filter/OUTPUT -j limit-927
inet/filter/limit-927 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-331
- inet6/filter/limit-927 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-331
+ inet/filter/limit-927 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-331 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-331 -m limit --limit 1/second -j LOG
inet/filter/logdrop-331 -j DROP
- inet6/filter/logdrop-331 -j DROP
- inet/filter/limit-927 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-927
+ inet6/filter/INPUT -j limit-927
+ inet6/filter/OUTPUT -j limit-927
+ inet6/filter/limit-927 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-331
inet6/filter/limit-927 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-331 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-331 -j DROP
Filter 929 {"flow-limit":{"addr":"dest","interval":5,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-928
- inet6/filter/FORWARD -j limit-928
+ inet/filter/FORWARD -j logaccept-final-35
inet/filter/INPUT -j limit-928
- inet6/filter/INPUT -j limit-928
+ inet/filter/INPUT -j logaccept-final-35
inet/filter/OUTPUT -j limit-928
- inet6/filter/OUTPUT -j limit-928
+ inet/filter/OUTPUT -j logaccept-final-35
inet/filter/limit-928 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-332
- inet6/filter/limit-928 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-332
+ inet/filter/limit-928 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet/filter/logaccept-final-35 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-35 -j ACCEPT
inet/filter/logdrop-332 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-332 -m limit --limit 1/second -j LOG
inet/filter/logdrop-332 -j DROP
- inet6/filter/logdrop-332 -j DROP
- inet/filter/limit-928 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-928 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-35
+ inet6/filter/FORWARD -j limit-928
inet6/filter/FORWARD -j logaccept-final-35
- inet/filter/INPUT -j logaccept-final-35
+ inet6/filter/INPUT -j limit-928
inet6/filter/INPUT -j logaccept-final-35
- inet/filter/OUTPUT -j logaccept-final-35
+ inet6/filter/OUTPUT -j limit-928
inet6/filter/OUTPUT -j logaccept-final-35
- inet/filter/logaccept-final-35 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-928 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-332
+ inet6/filter/limit-928 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logaccept-final-35 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-35 -j ACCEPT
inet6/filter/logaccept-final-35 -j ACCEPT
+ inet6/filter/logdrop-332 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-332 -j DROP
Filter 930 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-929
- inet6/filter/FORWARD -j limit-929
inet/filter/INPUT -j limit-929
- inet6/filter/INPUT -j limit-929
inet/filter/OUTPUT -j limit-929
- inet6/filter/OUTPUT -j limit-929
inet/filter/limit-929 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-333
- inet6/filter/limit-929 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-333
+ inet/filter/limit-929 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-333 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-333 -m limit --limit 1/second -j LOG
inet/filter/logdrop-333 -j DROP
- inet6/filter/logdrop-333 -j DROP
- inet/filter/limit-929 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-929
+ inet6/filter/INPUT -j limit-929
+ inet6/filter/OUTPUT -j limit-929
+ inet6/filter/limit-929 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-333
inet6/filter/limit-929 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-333 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-333 -j DROP
Filter 931 {"flow-limit":{"addr":"dest","interval":5,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-930
- inet6/filter/FORWARD -j limit-930
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-930
- inet6/filter/INPUT -j limit-930
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-930
- inet6/filter/OUTPUT -j limit-930
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-930 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-334
- inet6/filter/limit-930 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-334
+ inet/filter/limit-930 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-334 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-334 -m limit --limit 1/second -j LOG
inet/filter/logdrop-334 -j DROP
- inet6/filter/logdrop-334 -j DROP
- inet/filter/limit-930 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-930 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-930
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-930
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-930
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-930 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-334
+ inet6/filter/limit-930 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-334 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-334 -j DROP
Filter 932 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-931
- inet6/filter/FORWARD -j limit-931
inet/filter/INPUT -j limit-931
- inet6/filter/INPUT -j limit-931
inet/filter/OUTPUT -j limit-931
- inet6/filter/OUTPUT -j limit-931
inet/filter/limit-931 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-335
- inet6/filter/limit-931 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-335
+ inet/filter/limit-931 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-335 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-335 -m limit --limit 1/second -j LOG
inet/filter/logdrop-335 -j DROP
- inet6/filter/logdrop-335 -j DROP
- inet/filter/limit-931 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-931
+ inet6/filter/INPUT -j limit-931
+ inet6/filter/OUTPUT -j limit-931
+ inet6/filter/limit-931 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-335
inet6/filter/limit-931 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-335 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-335 -j DROP
Filter 933 {"flow-limit":{"addr":"dest","interval":5,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-932
- inet6/filter/FORWARD -j limit-932
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-932
- inet6/filter/INPUT -j limit-932
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-932
- inet6/filter/OUTPUT -j limit-932
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-932 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-336
- inet6/filter/limit-932 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-336
inet/filter/logdrop-336 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-336 -m limit --limit 1/second -j LOG
inet/filter/logdrop-336 -j DROP
- inet6/filter/logdrop-336 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-932
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-932
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-932
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-932 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-336
+ inet6/filter/logdrop-336 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-336 -j DROP
Filter 934 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-933
- inet6/filter/FORWARD -j limit-933
inet/filter/INPUT -j limit-933
- inet6/filter/INPUT -j limit-933
inet/filter/OUTPUT -j limit-933
- inet6/filter/OUTPUT -j limit-933
inet/filter/limit-933 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-337
- inet6/filter/limit-933 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-337
inet/filter/logdrop-337 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-337 -m limit --limit 1/second -j LOG
inet/filter/logdrop-337 -j DROP
+ inet6/filter/FORWARD -j limit-933
+ inet6/filter/INPUT -j limit-933
+ inet6/filter/OUTPUT -j limit-933
+ inet6/filter/limit-933 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-337
+ inet6/filter/logdrop-337 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-337 -j DROP
Filter 935 {"flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-934
- inet6/filter/FORWARD -j limit-934
+ inet/filter/FORWARD -j logaccept-final-36
inet/filter/INPUT -j limit-934
- inet6/filter/INPUT -j limit-934
+ inet/filter/INPUT -j logaccept-final-36
inet/filter/OUTPUT -j limit-934
- inet6/filter/OUTPUT -j limit-934
+ inet/filter/OUTPUT -j logaccept-final-36
inet/filter/limit-934 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-338
- inet6/filter/limit-934 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-338
+ inet/filter/logaccept-final-36 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-36 -j ACCEPT
inet/filter/logdrop-338 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-338 -m limit --limit 1/second -j LOG
inet/filter/logdrop-338 -j DROP
- inet6/filter/logdrop-338 -j DROP
- inet/filter/FORWARD -j logaccept-final-36
+ inet6/filter/FORWARD -j limit-934
inet6/filter/FORWARD -j logaccept-final-36
- inet/filter/INPUT -j logaccept-final-36
+ inet6/filter/INPUT -j limit-934
inet6/filter/INPUT -j logaccept-final-36
- inet/filter/OUTPUT -j logaccept-final-36
+ inet6/filter/OUTPUT -j limit-934
inet6/filter/OUTPUT -j logaccept-final-36
- inet/filter/logaccept-final-36 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-934 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-338
inet6/filter/logaccept-final-36 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-36 -j ACCEPT
inet6/filter/logaccept-final-36 -j ACCEPT
+ inet6/filter/logdrop-338 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-338 -j DROP
Filter 936 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-935
- inet6/filter/FORWARD -j limit-935
inet/filter/INPUT -j limit-935
- inet6/filter/INPUT -j limit-935
inet/filter/OUTPUT -j limit-935
- inet6/filter/OUTPUT -j limit-935
inet/filter/limit-935 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-339
- inet6/filter/limit-935 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-339
+ inet/filter/limit-935 -m limit --limit 1/second -j LOG
inet/filter/logdrop-339 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-339 -m limit --limit 1/second -j LOG
inet/filter/logdrop-339 -j DROP
- inet6/filter/logdrop-339 -j DROP
- inet/filter/limit-935 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-935
+ inet6/filter/INPUT -j limit-935
+ inet6/filter/OUTPUT -j limit-935
+ inet6/filter/limit-935 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-339
inet6/filter/limit-935 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-339 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-339 -j DROP
Filter 937 {"flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-936
- inet6/filter/FORWARD -j limit-936
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-936
- inet6/filter/INPUT -j limit-936
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-936
- inet6/filter/OUTPUT -j limit-936
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-936 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-340
- inet6/filter/limit-936 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-340
inet/filter/logdrop-340 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-340 -m limit --limit 1/second -j LOG
inet/filter/logdrop-340 -j DROP
- inet6/filter/logdrop-340 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-936
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-936
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-936
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-936 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-340
+ inet6/filter/logdrop-340 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-340 -j DROP
Filter 938 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-937
- inet6/filter/FORWARD -j limit-937
inet/filter/INPUT -j limit-937
- inet6/filter/INPUT -j limit-937
inet/filter/OUTPUT -j limit-937
- inet6/filter/OUTPUT -j limit-937
inet/filter/limit-937 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-341
- inet6/filter/limit-937 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-341
inet/filter/logdrop-341 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-341 -m limit --limit 1/second -j LOG
inet/filter/logdrop-341 -j DROP
+ inet6/filter/FORWARD -j limit-937
+ inet6/filter/INPUT -j limit-937
+ inet6/filter/OUTPUT -j limit-937
+ inet6/filter/limit-937 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-341
+ inet6/filter/logdrop-341 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-341 -j DROP
Filter 939 {"flow-limit":{"interval":5,"log":false}}
(filter-limit)
inet/filter/FORWARD -j limit-938
- inet6/filter/FORWARD -j limit-938
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-938
- inet6/filter/INPUT -j limit-938
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-938
- inet6/filter/OUTPUT -j limit-938
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-938 -m recent --name limit-938 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-938 -m recent --name limit-938 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-938 -m recent --name limit-938 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-938 -m recent --name limit-938 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-938
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-938
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-938
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-938 -m recent --name limit-938 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-938 -m recent --name limit-938 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 940 {"action":"pass","flow-limit":{"interval":5,"log":false}}
(filter-limit)
inet/filter/FORWARD -j limit-939
- inet6/filter/FORWARD -j limit-939
inet/filter/INPUT -j limit-939
- inet6/filter/INPUT -j limit-939
inet/filter/OUTPUT -j limit-939
- inet6/filter/OUTPUT -j limit-939
inet/filter/limit-939 -m recent --name limit-939 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-939 -m recent --name limit-939 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-939 -m recent --name limit-939 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-939
+ inet6/filter/INPUT -j limit-939
+ inet6/filter/OUTPUT -j limit-939
+ inet6/filter/limit-939 -m recent --name limit-939 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-939 -m recent --name limit-939 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 941 {"flow-limit":{"interval":5,"log":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-940
- inet6/filter/FORWARD -j limit-940
+ inet/filter/FORWARD -j logaccept-final-37
inet/filter/INPUT -j limit-940
- inet6/filter/INPUT -j limit-940
+ inet/filter/INPUT -j logaccept-final-37
inet/filter/OUTPUT -j limit-940
- inet6/filter/OUTPUT -j limit-940
+ inet/filter/OUTPUT -j logaccept-final-37
inet/filter/limit-940 -m recent --name limit-940 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-940 -m recent --name limit-940 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-940 -m recent --name limit-940 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-940 -m recent --name limit-940 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-37
+ inet/filter/logaccept-final-37 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-37 -j ACCEPT
+ inet6/filter/FORWARD -j limit-940
inet6/filter/FORWARD -j logaccept-final-37
- inet/filter/INPUT -j logaccept-final-37
+ inet6/filter/INPUT -j limit-940
inet6/filter/INPUT -j logaccept-final-37
- inet/filter/OUTPUT -j logaccept-final-37
+ inet6/filter/OUTPUT -j limit-940
inet6/filter/OUTPUT -j logaccept-final-37
- inet/filter/logaccept-final-37 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-940 -m recent --name limit-940 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-940 -m recent --name limit-940 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-37 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-37 -j ACCEPT
inet6/filter/logaccept-final-37 -j ACCEPT
Filter 942 {"action":"pass","flow-limit":{"interval":5,"log":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-941
- inet6/filter/FORWARD -j limit-941
inet/filter/INPUT -j limit-941
- inet6/filter/INPUT -j limit-941
inet/filter/OUTPUT -j limit-941
- inet6/filter/OUTPUT -j limit-941
inet/filter/limit-941 -m recent --name limit-941 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-941 -m recent --name limit-941 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-941 -m recent --name limit-941 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-941
+ inet6/filter/INPUT -j limit-941
+ inet6/filter/OUTPUT -j limit-941
+ inet6/filter/limit-941 -m recent --name limit-941 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-941 -m recent --name limit-941 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 943 {"flow-limit":{"interval":5,"log":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-942
- inet6/filter/FORWARD -j limit-942
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-942
- inet6/filter/INPUT -j limit-942
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-942
- inet6/filter/OUTPUT -j limit-942
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-942 -m recent --name limit-942 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-942 -m recent --name limit-942 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-942 -m recent --name limit-942 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-942 -m recent --name limit-942 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-942
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-942
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-942
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-942 -m recent --name limit-942 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-942 -m recent --name limit-942 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 944 {"action":"pass","flow-limit":{"interval":5,"log":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-943
- inet6/filter/FORWARD -j limit-943
inet/filter/INPUT -j limit-943
- inet6/filter/INPUT -j limit-943
inet/filter/OUTPUT -j limit-943
- inet6/filter/OUTPUT -j limit-943
inet/filter/limit-943 -m recent --name limit-943 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-943 -m recent --name limit-943 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-943 -m recent --name limit-943 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-943
+ inet6/filter/INPUT -j limit-943
+ inet6/filter/OUTPUT -j limit-943
+ inet6/filter/limit-943 -m recent --name limit-943 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-943 -m recent --name limit-943 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 945 {"flow-limit":{"interval":5,"log":false,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-944
- inet6/filter/FORWARD -j limit-944
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-944
- inet6/filter/INPUT -j limit-944
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-944
- inet6/filter/OUTPUT -j limit-944
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-944 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-944 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-944 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-944 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-944
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-944
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-944
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-944 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-944 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 946 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-945
- inet6/filter/FORWARD -j limit-945
inet/filter/INPUT -j limit-945
- inet6/filter/INPUT -j limit-945
inet/filter/OUTPUT -j limit-945
- inet6/filter/OUTPUT -j limit-945
inet/filter/limit-945 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-945 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-945 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-945
+ inet6/filter/INPUT -j limit-945
+ inet6/filter/OUTPUT -j limit-945
+ inet6/filter/limit-945 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-945 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 947 {"flow-limit":{"interval":5,"log":false,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-946
- inet6/filter/FORWARD -j limit-946
+ inet/filter/FORWARD -j logaccept-final-38
inet/filter/INPUT -j limit-946
- inet6/filter/INPUT -j limit-946
+ inet/filter/INPUT -j logaccept-final-38
inet/filter/OUTPUT -j limit-946
- inet6/filter/OUTPUT -j limit-946
+ inet/filter/OUTPUT -j logaccept-final-38
inet/filter/limit-946 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-946 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-946 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-946 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-38
+ inet/filter/logaccept-final-38 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-38 -j ACCEPT
+ inet6/filter/FORWARD -j limit-946
inet6/filter/FORWARD -j logaccept-final-38
- inet/filter/INPUT -j logaccept-final-38
+ inet6/filter/INPUT -j limit-946
inet6/filter/INPUT -j logaccept-final-38
- inet/filter/OUTPUT -j logaccept-final-38
+ inet6/filter/OUTPUT -j limit-946
inet6/filter/OUTPUT -j logaccept-final-38
- inet/filter/logaccept-final-38 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-946 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-946 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-38 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-38 -j ACCEPT
inet6/filter/logaccept-final-38 -j ACCEPT
Filter 948 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-947
- inet6/filter/FORWARD -j limit-947
inet/filter/INPUT -j limit-947
- inet6/filter/INPUT -j limit-947
inet/filter/OUTPUT -j limit-947
- inet6/filter/OUTPUT -j limit-947
inet/filter/limit-947 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-947 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-947 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-947
+ inet6/filter/INPUT -j limit-947
+ inet6/filter/OUTPUT -j limit-947
+ inet6/filter/limit-947 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-947 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 949 {"flow-limit":{"interval":5,"log":false,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-948
- inet6/filter/FORWARD -j limit-948
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-948
- inet6/filter/INPUT -j limit-948
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-948
- inet6/filter/OUTPUT -j limit-948
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-948 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-948 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-948 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-948 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-948
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-948
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-948
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-948 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-948 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 950 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-949
- inet6/filter/FORWARD -j limit-949
inet/filter/INPUT -j limit-949
- inet6/filter/INPUT -j limit-949
inet/filter/OUTPUT -j limit-949
- inet6/filter/OUTPUT -j limit-949
inet/filter/limit-949 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-949 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-949 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-949
+ inet6/filter/INPUT -j limit-949
+ inet6/filter/OUTPUT -j limit-949
+ inet6/filter/limit-949 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-949 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 951 {"flow-limit":{"interval":5,"log":false,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-950
- inet6/filter/FORWARD -j limit-950
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-950
- inet6/filter/INPUT -j limit-950
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-950
- inet6/filter/OUTPUT -j limit-950
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-950 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-950 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-950
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-950
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-950
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-950 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 952 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-951
- inet6/filter/FORWARD -j limit-951
inet/filter/INPUT -j limit-951
- inet6/filter/INPUT -j limit-951
inet/filter/OUTPUT -j limit-951
- inet6/filter/OUTPUT -j limit-951
inet/filter/limit-951 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-951
+ inet6/filter/INPUT -j limit-951
+ inet6/filter/OUTPUT -j limit-951
inet6/filter/limit-951 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 953 {"flow-limit":{"interval":5,"log":false,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-952
- inet6/filter/FORWARD -j limit-952
+ inet/filter/FORWARD -j logaccept-final-39
inet/filter/INPUT -j limit-952
- inet6/filter/INPUT -j limit-952
+ inet/filter/INPUT -j logaccept-final-39
inet/filter/OUTPUT -j limit-952
- inet6/filter/OUTPUT -j limit-952
+ inet/filter/OUTPUT -j logaccept-final-39
inet/filter/limit-952 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-952 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j logaccept-final-39
+ inet/filter/logaccept-final-39 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-39 -j ACCEPT
+ inet6/filter/FORWARD -j limit-952
inet6/filter/FORWARD -j logaccept-final-39
- inet/filter/INPUT -j logaccept-final-39
+ inet6/filter/INPUT -j limit-952
inet6/filter/INPUT -j logaccept-final-39
- inet/filter/OUTPUT -j logaccept-final-39
+ inet6/filter/OUTPUT -j limit-952
inet6/filter/OUTPUT -j logaccept-final-39
- inet/filter/logaccept-final-39 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-952 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/logaccept-final-39 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-39 -j ACCEPT
inet6/filter/logaccept-final-39 -j ACCEPT
Filter 954 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-953
- inet6/filter/FORWARD -j limit-953
inet/filter/INPUT -j limit-953
- inet6/filter/INPUT -j limit-953
inet/filter/OUTPUT -j limit-953
- inet6/filter/OUTPUT -j limit-953
inet/filter/limit-953 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-953 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-953 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-953
+ inet6/filter/INPUT -j limit-953
+ inet6/filter/OUTPUT -j limit-953
+ inet6/filter/limit-953 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-953 -m limit --limit 1/second -j LOG
Filter 955 {"flow-limit":{"interval":5,"log":false,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-954
- inet6/filter/FORWARD -j limit-954
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-954
- inet6/filter/INPUT -j limit-954
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-954
- inet6/filter/OUTPUT -j limit-954
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-954 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-954 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-954
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-954
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-954
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-954 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 956 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-955
- inet6/filter/FORWARD -j limit-955
inet/filter/INPUT -j limit-955
- inet6/filter/INPUT -j limit-955
inet/filter/OUTPUT -j limit-955
- inet6/filter/OUTPUT -j limit-955
inet/filter/limit-955 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-955
+ inet6/filter/INPUT -j limit-955
+ inet6/filter/OUTPUT -j limit-955
inet6/filter/limit-955 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 957 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-956
- inet6/filter/FORWARD -j limit-956
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-956
- inet6/filter/INPUT -j limit-956
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-956
- inet6/filter/OUTPUT -j limit-956
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-956 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-956 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-956 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-956 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-956
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-956
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-956
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-956 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-956 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 958 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-957
- inet6/filter/FORWARD -j limit-957
inet/filter/INPUT -j limit-957
- inet6/filter/INPUT -j limit-957
inet/filter/OUTPUT -j limit-957
- inet6/filter/OUTPUT -j limit-957
inet/filter/limit-957 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-957 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-957 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-957
+ inet6/filter/INPUT -j limit-957
+ inet6/filter/OUTPUT -j limit-957
+ inet6/filter/limit-957 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-957 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 959 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-958
- inet6/filter/FORWARD -j limit-958
+ inet/filter/FORWARD -j logaccept-final-40
inet/filter/INPUT -j limit-958
- inet6/filter/INPUT -j limit-958
+ inet/filter/INPUT -j logaccept-final-40
inet/filter/OUTPUT -j limit-958
- inet6/filter/OUTPUT -j limit-958
+ inet/filter/OUTPUT -j logaccept-final-40
inet/filter/limit-958 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-958 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-958 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-958 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-40
+ inet/filter/logaccept-final-40 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-40 -j ACCEPT
+ inet6/filter/FORWARD -j limit-958
inet6/filter/FORWARD -j logaccept-final-40
- inet/filter/INPUT -j logaccept-final-40
+ inet6/filter/INPUT -j limit-958
inet6/filter/INPUT -j logaccept-final-40
- inet/filter/OUTPUT -j logaccept-final-40
+ inet6/filter/OUTPUT -j limit-958
inet6/filter/OUTPUT -j logaccept-final-40
- inet/filter/logaccept-final-40 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-958 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-958 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-40 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-40 -j ACCEPT
inet6/filter/logaccept-final-40 -j ACCEPT
Filter 960 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-959
- inet6/filter/FORWARD -j limit-959
inet/filter/INPUT -j limit-959
- inet6/filter/INPUT -j limit-959
inet/filter/OUTPUT -j limit-959
- inet6/filter/OUTPUT -j limit-959
inet/filter/limit-959 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-959 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-959 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-959
+ inet6/filter/INPUT -j limit-959
+ inet6/filter/OUTPUT -j limit-959
+ inet6/filter/limit-959 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-959 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 961 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-960
- inet6/filter/FORWARD -j limit-960
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-960
- inet6/filter/INPUT -j limit-960
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-960
- inet6/filter/OUTPUT -j limit-960
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-960 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-960 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-960 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-960 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-960
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-960
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-960
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-960 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-960 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 962 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-961
- inet6/filter/FORWARD -j limit-961
inet/filter/INPUT -j limit-961
- inet6/filter/INPUT -j limit-961
inet/filter/OUTPUT -j limit-961
- inet6/filter/OUTPUT -j limit-961
inet/filter/limit-961 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-961 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-961 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-961
+ inet6/filter/INPUT -j limit-961
+ inet6/filter/OUTPUT -j limit-961
+ inet6/filter/limit-961 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-961 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 963 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-962
- inet6/filter/FORWARD -j limit-962
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-962
- inet6/filter/INPUT -j limit-962
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-962
- inet6/filter/OUTPUT -j limit-962
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-962 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-962 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-962
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-962
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-962
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-962 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 964 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-963
- inet6/filter/FORWARD -j limit-963
inet/filter/INPUT -j limit-963
- inet6/filter/INPUT -j limit-963
inet/filter/OUTPUT -j limit-963
- inet6/filter/OUTPUT -j limit-963
inet/filter/limit-963 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-963
+ inet6/filter/INPUT -j limit-963
+ inet6/filter/OUTPUT -j limit-963
inet6/filter/limit-963 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 965 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-964
- inet6/filter/FORWARD -j limit-964
+ inet/filter/FORWARD -j logaccept-final-41
inet/filter/INPUT -j limit-964
- inet6/filter/INPUT -j limit-964
+ inet/filter/INPUT -j logaccept-final-41
inet/filter/OUTPUT -j limit-964
- inet6/filter/OUTPUT -j limit-964
+ inet/filter/OUTPUT -j logaccept-final-41
inet/filter/limit-964 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-964 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j logaccept-final-41
+ inet/filter/logaccept-final-41 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-41 -j ACCEPT
+ inet6/filter/FORWARD -j limit-964
inet6/filter/FORWARD -j logaccept-final-41
- inet/filter/INPUT -j logaccept-final-41
+ inet6/filter/INPUT -j limit-964
inet6/filter/INPUT -j logaccept-final-41
- inet/filter/OUTPUT -j logaccept-final-41
+ inet6/filter/OUTPUT -j limit-964
inet6/filter/OUTPUT -j logaccept-final-41
- inet/filter/logaccept-final-41 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-964 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/logaccept-final-41 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-41 -j ACCEPT
inet6/filter/logaccept-final-41 -j ACCEPT
Filter 966 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-965
- inet6/filter/FORWARD -j limit-965
inet/filter/INPUT -j limit-965
- inet6/filter/INPUT -j limit-965
inet/filter/OUTPUT -j limit-965
- inet6/filter/OUTPUT -j limit-965
inet/filter/limit-965 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-965 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-965 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-965
+ inet6/filter/INPUT -j limit-965
+ inet6/filter/OUTPUT -j limit-965
+ inet6/filter/limit-965 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-965 -m limit --limit 1/second -j LOG
Filter 967 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-966
- inet6/filter/FORWARD -j limit-966
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-966
- inet6/filter/INPUT -j limit-966
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-966
- inet6/filter/OUTPUT -j limit-966
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-966 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-966 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-966
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-966
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-966
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-966 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 968 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-967
- inet6/filter/FORWARD -j limit-967
inet/filter/INPUT -j limit-967
- inet6/filter/INPUT -j limit-967
inet/filter/OUTPUT -j limit-967
- inet6/filter/OUTPUT -j limit-967
inet/filter/limit-967 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-967
+ inet6/filter/INPUT -j limit-967
+ inet6/filter/OUTPUT -j limit-967
inet6/filter/limit-967 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 969 {"flow-limit":{"interval":5,"log":false,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-968
- inet6/filter/FORWARD -j limit-968
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-968
- inet6/filter/INPUT -j limit-968
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-968
- inet6/filter/OUTPUT -j limit-968
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-968 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-968 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-968 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-968 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-968
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-968
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-968
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-968 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-968 -m recent --name user:C --rsource --mask fe00:: --set
Filter 970 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-969
- inet6/filter/FORWARD -j limit-969
inet/filter/INPUT -j limit-969
- inet6/filter/INPUT -j limit-969
inet/filter/OUTPUT -j limit-969
- inet6/filter/OUTPUT -j limit-969
inet/filter/limit-969 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-969 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-969 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-969
+ inet6/filter/INPUT -j limit-969
+ inet6/filter/OUTPUT -j limit-969
+ inet6/filter/limit-969 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-969 -m recent --name user:C --rsource --mask fe00:: --set
Filter 971 {"flow-limit":{"interval":5,"log":false,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-970
- inet6/filter/FORWARD -j limit-970
+ inet/filter/FORWARD -j logaccept-final-42
inet/filter/INPUT -j limit-970
- inet6/filter/INPUT -j limit-970
+ inet/filter/INPUT -j logaccept-final-42
inet/filter/OUTPUT -j limit-970
- inet6/filter/OUTPUT -j limit-970
+ inet/filter/OUTPUT -j logaccept-final-42
inet/filter/limit-970 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-970 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-970 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-970 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-42
+ inet/filter/logaccept-final-42 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-42 -j ACCEPT
+ inet6/filter/FORWARD -j limit-970
inet6/filter/FORWARD -j logaccept-final-42
- inet/filter/INPUT -j logaccept-final-42
+ inet6/filter/INPUT -j limit-970
inet6/filter/INPUT -j logaccept-final-42
- inet/filter/OUTPUT -j logaccept-final-42
+ inet6/filter/OUTPUT -j limit-970
inet6/filter/OUTPUT -j logaccept-final-42
- inet/filter/logaccept-final-42 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-970 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-970 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logaccept-final-42 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-42 -j ACCEPT
inet6/filter/logaccept-final-42 -j ACCEPT
Filter 972 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-971
- inet6/filter/FORWARD -j limit-971
inet/filter/INPUT -j limit-971
- inet6/filter/INPUT -j limit-971
inet/filter/OUTPUT -j limit-971
- inet6/filter/OUTPUT -j limit-971
inet/filter/limit-971 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-971 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-971 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-971
+ inet6/filter/INPUT -j limit-971
+ inet6/filter/OUTPUT -j limit-971
+ inet6/filter/limit-971 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-971 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 973 {"flow-limit":{"interval":5,"log":false,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-972
- inet6/filter/FORWARD -j limit-972
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-972
- inet6/filter/INPUT -j limit-972
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-972
- inet6/filter/OUTPUT -j limit-972
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-972 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-972 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-972 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-972 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-972
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-972
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-972
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-972 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-972 -m recent --name user:C --rsource --mask fe00:: --set
Filter 974 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-973
- inet6/filter/FORWARD -j limit-973
inet/filter/INPUT -j limit-973
- inet6/filter/INPUT -j limit-973
inet/filter/OUTPUT -j limit-973
- inet6/filter/OUTPUT -j limit-973
inet/filter/limit-973 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-973 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-973 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-973
+ inet6/filter/INPUT -j limit-973
+ inet6/filter/OUTPUT -j limit-973
+ inet6/filter/limit-973 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-973 -m recent --name user:C --rsource --mask fe00:: --set
Filter 975 {"flow-limit":{"interval":5,"log":false,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-974
- inet6/filter/FORWARD -j limit-974
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-974
- inet6/filter/INPUT -j limit-974
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-974
- inet6/filter/OUTPUT -j limit-974
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-974 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-974 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-974
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-974
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-974
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-974 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 976 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-975
- inet6/filter/FORWARD -j limit-975
inet/filter/INPUT -j limit-975
- inet6/filter/INPUT -j limit-975
inet/filter/OUTPUT -j limit-975
- inet6/filter/OUTPUT -j limit-975
inet/filter/limit-975 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-975
+ inet6/filter/INPUT -j limit-975
+ inet6/filter/OUTPUT -j limit-975
inet6/filter/limit-975 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 977 {"flow-limit":{"interval":5,"log":false,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-976
- inet6/filter/FORWARD -j limit-976
+ inet/filter/FORWARD -j logaccept-final-43
inet/filter/INPUT -j limit-976
- inet6/filter/INPUT -j limit-976
+ inet/filter/INPUT -j logaccept-final-43
inet/filter/OUTPUT -j limit-976
- inet6/filter/OUTPUT -j limit-976
+ inet/filter/OUTPUT -j logaccept-final-43
inet/filter/limit-976 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-976 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j logaccept-final-43
+ inet/filter/logaccept-final-43 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-43 -j ACCEPT
+ inet6/filter/FORWARD -j limit-976
inet6/filter/FORWARD -j logaccept-final-43
- inet/filter/INPUT -j logaccept-final-43
+ inet6/filter/INPUT -j limit-976
inet6/filter/INPUT -j logaccept-final-43
- inet/filter/OUTPUT -j logaccept-final-43
+ inet6/filter/OUTPUT -j limit-976
inet6/filter/OUTPUT -j logaccept-final-43
- inet/filter/logaccept-final-43 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-976 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/logaccept-final-43 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-43 -j ACCEPT
inet6/filter/logaccept-final-43 -j ACCEPT
Filter 978 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-977
- inet6/filter/FORWARD -j limit-977
inet/filter/INPUT -j limit-977
- inet6/filter/INPUT -j limit-977
inet/filter/OUTPUT -j limit-977
- inet6/filter/OUTPUT -j limit-977
inet/filter/limit-977 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-977 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-977 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-977
+ inet6/filter/INPUT -j limit-977
+ inet6/filter/OUTPUT -j limit-977
+ inet6/filter/limit-977 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-977 -m limit --limit 1/second -j LOG
Filter 979 {"flow-limit":{"interval":5,"log":false,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-978
- inet6/filter/FORWARD -j limit-978
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-978
- inet6/filter/INPUT -j limit-978
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-978
- inet6/filter/OUTPUT -j limit-978
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-978 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-978 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-978
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-978
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-978
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-978 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 980 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-979
- inet6/filter/FORWARD -j limit-979
inet/filter/INPUT -j limit-979
- inet6/filter/INPUT -j limit-979
inet/filter/OUTPUT -j limit-979
- inet6/filter/OUTPUT -j limit-979
inet/filter/limit-979 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-979
+ inet6/filter/INPUT -j limit-979
+ inet6/filter/OUTPUT -j limit-979
inet6/filter/limit-979 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 981 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-980
- inet6/filter/FORWARD -j limit-980
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-980
- inet6/filter/INPUT -j limit-980
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-980
- inet6/filter/OUTPUT -j limit-980
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-980 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-980 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-980 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-980 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-980
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-980
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-980
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-980 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-980 -m recent --name user:C --rdest --mask fe00:: --set
Filter 982 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-981
- inet6/filter/FORWARD -j limit-981
inet/filter/INPUT -j limit-981
- inet6/filter/INPUT -j limit-981
inet/filter/OUTPUT -j limit-981
- inet6/filter/OUTPUT -j limit-981
inet/filter/limit-981 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-981 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-981 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-981
+ inet6/filter/INPUT -j limit-981
+ inet6/filter/OUTPUT -j limit-981
+ inet6/filter/limit-981 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-981 -m recent --name user:C --rdest --mask fe00:: --set
Filter 983 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-982
- inet6/filter/FORWARD -j limit-982
+ inet/filter/FORWARD -j logaccept-final-44
inet/filter/INPUT -j limit-982
- inet6/filter/INPUT -j limit-982
+ inet/filter/INPUT -j logaccept-final-44
inet/filter/OUTPUT -j limit-982
- inet6/filter/OUTPUT -j limit-982
+ inet/filter/OUTPUT -j logaccept-final-44
inet/filter/limit-982 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-982 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-982 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-982 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-44
+ inet/filter/logaccept-final-44 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-44 -j ACCEPT
+ inet6/filter/FORWARD -j limit-982
inet6/filter/FORWARD -j logaccept-final-44
- inet/filter/INPUT -j logaccept-final-44
+ inet6/filter/INPUT -j limit-982
inet6/filter/INPUT -j logaccept-final-44
- inet/filter/OUTPUT -j logaccept-final-44
+ inet6/filter/OUTPUT -j limit-982
inet6/filter/OUTPUT -j logaccept-final-44
- inet/filter/logaccept-final-44 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-982 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-982 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logaccept-final-44 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-44 -j ACCEPT
inet6/filter/logaccept-final-44 -j ACCEPT
Filter 984 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-983
- inet6/filter/FORWARD -j limit-983
inet/filter/INPUT -j limit-983
- inet6/filter/INPUT -j limit-983
inet/filter/OUTPUT -j limit-983
- inet6/filter/OUTPUT -j limit-983
inet/filter/limit-983 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-983 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-983 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-983
+ inet6/filter/INPUT -j limit-983
+ inet6/filter/OUTPUT -j limit-983
+ inet6/filter/limit-983 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-983 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 985 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-984
- inet6/filter/FORWARD -j limit-984
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-984
- inet6/filter/INPUT -j limit-984
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-984
- inet6/filter/OUTPUT -j limit-984
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-984 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-984 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-984 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-984 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-984
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-984
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-984
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-984 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-984 -m recent --name user:C --rdest --mask fe00:: --set
Filter 986 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-985
- inet6/filter/FORWARD -j limit-985
inet/filter/INPUT -j limit-985
- inet6/filter/INPUT -j limit-985
inet/filter/OUTPUT -j limit-985
- inet6/filter/OUTPUT -j limit-985
inet/filter/limit-985 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-985 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-985 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-985
+ inet6/filter/INPUT -j limit-985
+ inet6/filter/OUTPUT -j limit-985
+ inet6/filter/limit-985 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-985 -m recent --name user:C --rdest --mask fe00:: --set
Filter 987 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-986
- inet6/filter/FORWARD -j limit-986
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-986
- inet6/filter/INPUT -j limit-986
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-986
- inet6/filter/OUTPUT -j limit-986
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-986 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-986 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-986
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-986
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-986
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-986 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 988 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-987
- inet6/filter/FORWARD -j limit-987
inet/filter/INPUT -j limit-987
- inet6/filter/INPUT -j limit-987
inet/filter/OUTPUT -j limit-987
- inet6/filter/OUTPUT -j limit-987
inet/filter/limit-987 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-987
+ inet6/filter/INPUT -j limit-987
+ inet6/filter/OUTPUT -j limit-987
inet6/filter/limit-987 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 989 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-988
- inet6/filter/FORWARD -j limit-988
+ inet/filter/FORWARD -j logaccept-final-45
inet/filter/INPUT -j limit-988
- inet6/filter/INPUT -j limit-988
+ inet/filter/INPUT -j logaccept-final-45
inet/filter/OUTPUT -j limit-988
- inet6/filter/OUTPUT -j limit-988
+ inet/filter/OUTPUT -j logaccept-final-45
inet/filter/limit-988 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-988 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j logaccept-final-45
+ inet/filter/logaccept-final-45 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-45 -j ACCEPT
+ inet6/filter/FORWARD -j limit-988
inet6/filter/FORWARD -j logaccept-final-45
- inet/filter/INPUT -j logaccept-final-45
+ inet6/filter/INPUT -j limit-988
inet6/filter/INPUT -j logaccept-final-45
- inet/filter/OUTPUT -j logaccept-final-45
+ inet6/filter/OUTPUT -j limit-988
inet6/filter/OUTPUT -j logaccept-final-45
- inet/filter/logaccept-final-45 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-988 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/logaccept-final-45 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-45 -j ACCEPT
inet6/filter/logaccept-final-45 -j ACCEPT
Filter 990 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-989
- inet6/filter/FORWARD -j limit-989
inet/filter/INPUT -j limit-989
- inet6/filter/INPUT -j limit-989
inet/filter/OUTPUT -j limit-989
- inet6/filter/OUTPUT -j limit-989
inet/filter/limit-989 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-989 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-989 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-989
+ inet6/filter/INPUT -j limit-989
+ inet6/filter/OUTPUT -j limit-989
+ inet6/filter/limit-989 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-989 -m limit --limit 1/second -j LOG
Filter 991 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-990
- inet6/filter/FORWARD -j limit-990
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-990
- inet6/filter/INPUT -j limit-990
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-990
- inet6/filter/OUTPUT -j limit-990
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-990 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-990 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-990
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-990
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-990
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-990 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 992 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-991
- inet6/filter/FORWARD -j limit-991
inet/filter/INPUT -j limit-991
- inet6/filter/INPUT -j limit-991
inet/filter/OUTPUT -j limit-991
- inet6/filter/OUTPUT -j limit-991
inet/filter/limit-991 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-991
+ inet6/filter/INPUT -j limit-991
+ inet6/filter/OUTPUT -j limit-991
inet6/filter/limit-991 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 993 {"flow-limit":{"interval":5,"log":"none"}}
(filter-limit)
inet/filter/FORWARD -j limit-992
- inet6/filter/FORWARD -j limit-992
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-992
- inet6/filter/INPUT -j limit-992
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-992
- inet6/filter/OUTPUT -j limit-992
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-992 -m recent --name limit-992 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-992 -m recent --name limit-992 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-992 -m recent --name limit-992 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-992 -m recent --name limit-992 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-992
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-992
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-992
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-992 -m recent --name limit-992 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-992 -m recent --name limit-992 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 994 {"action":"pass","flow-limit":{"interval":5,"log":"none"}}
(filter-limit)
inet/filter/FORWARD -j limit-993
- inet6/filter/FORWARD -j limit-993
inet/filter/INPUT -j limit-993
- inet6/filter/INPUT -j limit-993
inet/filter/OUTPUT -j limit-993
- inet6/filter/OUTPUT -j limit-993
inet/filter/limit-993 -m recent --name limit-993 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-993 -m recent --name limit-993 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-993 -m recent --name limit-993 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-993
+ inet6/filter/INPUT -j limit-993
+ inet6/filter/OUTPUT -j limit-993
+ inet6/filter/limit-993 -m recent --name limit-993 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-993 -m recent --name limit-993 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 995 {"flow-limit":{"interval":5,"log":"none"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-994
- inet6/filter/FORWARD -j limit-994
+ inet/filter/FORWARD -j logaccept-final-46
inet/filter/INPUT -j limit-994
- inet6/filter/INPUT -j limit-994
+ inet/filter/INPUT -j logaccept-final-46
inet/filter/OUTPUT -j limit-994
- inet6/filter/OUTPUT -j limit-994
+ inet/filter/OUTPUT -j logaccept-final-46
inet/filter/limit-994 -m recent --name limit-994 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-994 -m recent --name limit-994 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-994 -m recent --name limit-994 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-994 -m recent --name limit-994 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-46
+ inet/filter/logaccept-final-46 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-46 -j ACCEPT
+ inet6/filter/FORWARD -j limit-994
inet6/filter/FORWARD -j logaccept-final-46
- inet/filter/INPUT -j logaccept-final-46
+ inet6/filter/INPUT -j limit-994
inet6/filter/INPUT -j logaccept-final-46
- inet/filter/OUTPUT -j logaccept-final-46
+ inet6/filter/OUTPUT -j limit-994
inet6/filter/OUTPUT -j logaccept-final-46
- inet/filter/logaccept-final-46 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-994 -m recent --name limit-994 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-994 -m recent --name limit-994 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-46 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-46 -j ACCEPT
inet6/filter/logaccept-final-46 -j ACCEPT
Filter 996 {"action":"pass","flow-limit":{"interval":5,"log":"none"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-995
- inet6/filter/FORWARD -j limit-995
inet/filter/INPUT -j limit-995
- inet6/filter/INPUT -j limit-995
inet/filter/OUTPUT -j limit-995
- inet6/filter/OUTPUT -j limit-995
inet/filter/limit-995 -m recent --name limit-995 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-995 -m recent --name limit-995 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-995 -m recent --name limit-995 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-995
+ inet6/filter/INPUT -j limit-995
+ inet6/filter/OUTPUT -j limit-995
+ inet6/filter/limit-995 -m recent --name limit-995 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-995 -m recent --name limit-995 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 997 {"flow-limit":{"interval":5,"log":"none"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-996
- inet6/filter/FORWARD -j limit-996
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-996
- inet6/filter/INPUT -j limit-996
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-996
- inet6/filter/OUTPUT -j limit-996
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-996 -m recent --name limit-996 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-996 -m recent --name limit-996 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-996 -m recent --name limit-996 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-996 -m recent --name limit-996 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-996
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-996
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-996
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-996 -m recent --name limit-996 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-996 -m recent --name limit-996 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 998 {"action":"pass","flow-limit":{"interval":5,"log":"none"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-997
- inet6/filter/FORWARD -j limit-997
inet/filter/INPUT -j limit-997
- inet6/filter/INPUT -j limit-997
inet/filter/OUTPUT -j limit-997
- inet6/filter/OUTPUT -j limit-997
inet/filter/limit-997 -m recent --name limit-997 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-997 -m recent --name limit-997 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-997 -m recent --name limit-997 --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-997
+ inet6/filter/INPUT -j limit-997
+ inet6/filter/OUTPUT -j limit-997
+ inet6/filter/limit-997 -m recent --name limit-997 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-997 -m recent --name limit-997 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 999 {"flow-limit":{"interval":5,"log":"none","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-998
- inet6/filter/FORWARD -j limit-998
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-998
- inet6/filter/INPUT -j limit-998
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-998
- inet6/filter/OUTPUT -j limit-998
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-998 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-998 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-998 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-998 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-998
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-998
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-998
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-998 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-998 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1000 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-999
- inet6/filter/FORWARD -j limit-999
inet/filter/INPUT -j limit-999
- inet6/filter/INPUT -j limit-999
inet/filter/OUTPUT -j limit-999
- inet6/filter/OUTPUT -j limit-999
inet/filter/limit-999 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-999 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-999 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-999
+ inet6/filter/INPUT -j limit-999
+ inet6/filter/OUTPUT -j limit-999
+ inet6/filter/limit-999 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-999 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1001 {"flow-limit":{"interval":5,"log":"none","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1000
- inet6/filter/FORWARD -j limit-1000
+ inet/filter/FORWARD -j logaccept-final-47
inet/filter/INPUT -j limit-1000
- inet6/filter/INPUT -j limit-1000
+ inet/filter/INPUT -j logaccept-final-47
inet/filter/OUTPUT -j limit-1000
- inet6/filter/OUTPUT -j limit-1000
+ inet/filter/OUTPUT -j logaccept-final-47
inet/filter/limit-1000 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1000 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1000 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1000 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-47
+ inet/filter/logaccept-final-47 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-47 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1000
inet6/filter/FORWARD -j logaccept-final-47
- inet/filter/INPUT -j logaccept-final-47
+ inet6/filter/INPUT -j limit-1000
inet6/filter/INPUT -j logaccept-final-47
- inet/filter/OUTPUT -j logaccept-final-47
+ inet6/filter/OUTPUT -j limit-1000
inet6/filter/OUTPUT -j logaccept-final-47
- inet/filter/logaccept-final-47 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1000 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1000 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-47 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-47 -j ACCEPT
inet6/filter/logaccept-final-47 -j ACCEPT
Filter 1002 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1001
- inet6/filter/FORWARD -j limit-1001
inet/filter/INPUT -j limit-1001
- inet6/filter/INPUT -j limit-1001
inet/filter/OUTPUT -j limit-1001
- inet6/filter/OUTPUT -j limit-1001
inet/filter/limit-1001 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1001 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1001 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-1001
+ inet6/filter/INPUT -j limit-1001
+ inet6/filter/OUTPUT -j limit-1001
+ inet6/filter/limit-1001 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1001 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 1003 {"flow-limit":{"interval":5,"log":"none","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1002
- inet6/filter/FORWARD -j limit-1002
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1002
- inet6/filter/INPUT -j limit-1002
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1002
- inet6/filter/OUTPUT -j limit-1002
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1002 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1002 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1002 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1002 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1002
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1002
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1002
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1002 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1002 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1004 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1003
- inet6/filter/FORWARD -j limit-1003
inet/filter/INPUT -j limit-1003
- inet6/filter/INPUT -j limit-1003
inet/filter/OUTPUT -j limit-1003
- inet6/filter/OUTPUT -j limit-1003
inet/filter/limit-1003 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1003 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1003 -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-1003
+ inet6/filter/INPUT -j limit-1003
+ inet6/filter/OUTPUT -j limit-1003
+ inet6/filter/limit-1003 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1003 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1005 {"flow-limit":{"interval":5,"log":"none","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1004
- inet6/filter/FORWARD -j limit-1004
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1004
- inet6/filter/INPUT -j limit-1004
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1004
- inet6/filter/OUTPUT -j limit-1004
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1004 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1004 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1004
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1004
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1004
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1004 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1006 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1005
- inet6/filter/FORWARD -j limit-1005
inet/filter/INPUT -j limit-1005
- inet6/filter/INPUT -j limit-1005
inet/filter/OUTPUT -j limit-1005
- inet6/filter/OUTPUT -j limit-1005
inet/filter/limit-1005 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-1005
+ inet6/filter/INPUT -j limit-1005
+ inet6/filter/OUTPUT -j limit-1005
inet6/filter/limit-1005 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1007 {"flow-limit":{"interval":5,"log":"none","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1006
- inet6/filter/FORWARD -j limit-1006
+ inet/filter/FORWARD -j logaccept-final-48
inet/filter/INPUT -j limit-1006
- inet6/filter/INPUT -j limit-1006
+ inet/filter/INPUT -j logaccept-final-48
inet/filter/OUTPUT -j limit-1006
- inet6/filter/OUTPUT -j limit-1006
+ inet/filter/OUTPUT -j logaccept-final-48
inet/filter/limit-1006 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1006 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j logaccept-final-48
+ inet/filter/logaccept-final-48 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-48 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1006
inet6/filter/FORWARD -j logaccept-final-48
- inet/filter/INPUT -j logaccept-final-48
+ inet6/filter/INPUT -j limit-1006
inet6/filter/INPUT -j logaccept-final-48
- inet/filter/OUTPUT -j logaccept-final-48
+ inet6/filter/OUTPUT -j limit-1006
inet6/filter/OUTPUT -j logaccept-final-48
- inet/filter/logaccept-final-48 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1006 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/logaccept-final-48 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-48 -j ACCEPT
inet6/filter/logaccept-final-48 -j ACCEPT
Filter 1008 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1007
- inet6/filter/FORWARD -j limit-1007
inet/filter/INPUT -j limit-1007
- inet6/filter/INPUT -j limit-1007
inet/filter/OUTPUT -j limit-1007
- inet6/filter/OUTPUT -j limit-1007
inet/filter/limit-1007 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1007 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1007 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-1007
+ inet6/filter/INPUT -j limit-1007
+ inet6/filter/OUTPUT -j limit-1007
+ inet6/filter/limit-1007 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1007 -m limit --limit 1/second -j LOG
Filter 1009 {"flow-limit":{"interval":5,"log":"none","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1008
- inet6/filter/FORWARD -j limit-1008
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1008
- inet6/filter/INPUT -j limit-1008
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1008
- inet6/filter/OUTPUT -j limit-1008
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1008 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1008 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1008
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1008
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1008
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1008 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1010 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1009
- inet6/filter/FORWARD -j limit-1009
inet/filter/INPUT -j limit-1009
- inet6/filter/INPUT -j limit-1009
inet/filter/OUTPUT -j limit-1009
- inet6/filter/OUTPUT -j limit-1009
inet/filter/limit-1009 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-1009
+ inet6/filter/INPUT -j limit-1009
+ inet6/filter/OUTPUT -j limit-1009
inet6/filter/limit-1009 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1011 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-1010
- inet6/filter/FORWARD -j limit-1010
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1010
- inet6/filter/INPUT -j limit-1010
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1010
- inet6/filter/OUTPUT -j limit-1010
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1010 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1010 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1010 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1010 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1010
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1010
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1010
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1010 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1010 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1012 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"}}
(filter-limit)
inet/filter/FORWARD -j limit-1011
- inet6/filter/FORWARD -j limit-1011
inet/filter/INPUT -j limit-1011
- inet6/filter/INPUT -j limit-1011
inet/filter/OUTPUT -j limit-1011
- inet6/filter/OUTPUT -j limit-1011
inet/filter/limit-1011 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1011 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1011 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-1011
+ inet6/filter/INPUT -j limit-1011
+ inet6/filter/OUTPUT -j limit-1011
+ inet6/filter/limit-1011 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1011 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1013 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1012
- inet6/filter/FORWARD -j limit-1012
+ inet/filter/FORWARD -j logaccept-final-49
inet/filter/INPUT -j limit-1012
- inet6/filter/INPUT -j limit-1012
+ inet/filter/INPUT -j logaccept-final-49
inet/filter/OUTPUT -j limit-1012
- inet6/filter/OUTPUT -j limit-1012
+ inet/filter/OUTPUT -j logaccept-final-49
inet/filter/limit-1012 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1012 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1012 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1012 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j logaccept-final-49
+ inet/filter/logaccept-final-49 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-49 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1012
inet6/filter/FORWARD -j logaccept-final-49
- inet/filter/INPUT -j logaccept-final-49
+ inet6/filter/INPUT -j limit-1012
inet6/filter/INPUT -j logaccept-final-49
- inet/filter/OUTPUT -j logaccept-final-49
+ inet6/filter/OUTPUT -j limit-1012
inet6/filter/OUTPUT -j logaccept-final-49
- inet/filter/logaccept-final-49 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1012 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1012 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/logaccept-final-49 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-49 -j ACCEPT
inet6/filter/logaccept-final-49 -j ACCEPT
Filter 1014 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1013
- inet6/filter/FORWARD -j limit-1013
inet/filter/INPUT -j limit-1013
- inet6/filter/INPUT -j limit-1013
inet/filter/OUTPUT -j limit-1013
- inet6/filter/OUTPUT -j limit-1013
inet/filter/limit-1013 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1013 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1013 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-1013
+ inet6/filter/INPUT -j limit-1013
+ inet6/filter/OUTPUT -j limit-1013
+ inet6/filter/limit-1013 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1013 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
Filter 1015 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1014
- inet6/filter/FORWARD -j limit-1014
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1014
- inet6/filter/INPUT -j limit-1014
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1014
- inet6/filter/OUTPUT -j limit-1014
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1014 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1014 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1014 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1014 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1014
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1014
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1014
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1014 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1014 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1016 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1015
- inet6/filter/FORWARD -j limit-1015
inet/filter/INPUT -j limit-1015
- inet6/filter/INPUT -j limit-1015
inet/filter/OUTPUT -j limit-1015
- inet6/filter/OUTPUT -j limit-1015
inet/filter/limit-1015 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1015 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1015 -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet6/filter/FORWARD -j limit-1015
+ inet6/filter/INPUT -j limit-1015
+ inet6/filter/OUTPUT -j limit-1015
+ inet6/filter/limit-1015 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1015 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1017 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1016
- inet6/filter/FORWARD -j limit-1016
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1016
- inet6/filter/INPUT -j limit-1016
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1016
- inet6/filter/OUTPUT -j limit-1016
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1016 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1016 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1016
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1016
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1016
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1016 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1018 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1017
- inet6/filter/FORWARD -j limit-1017
inet/filter/INPUT -j limit-1017
- inet6/filter/INPUT -j limit-1017
inet/filter/OUTPUT -j limit-1017
- inet6/filter/OUTPUT -j limit-1017
inet/filter/limit-1017 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-1017
+ inet6/filter/INPUT -j limit-1017
+ inet6/filter/OUTPUT -j limit-1017
inet6/filter/limit-1017 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1019 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1018
- inet6/filter/FORWARD -j limit-1018
+ inet/filter/FORWARD -j logaccept-final-50
inet/filter/INPUT -j limit-1018
- inet6/filter/INPUT -j limit-1018
+ inet/filter/INPUT -j logaccept-final-50
inet/filter/OUTPUT -j limit-1018
- inet6/filter/OUTPUT -j limit-1018
+ inet/filter/OUTPUT -j logaccept-final-50
inet/filter/limit-1018 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1018 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j logaccept-final-50
+ inet/filter/logaccept-final-50 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-50 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1018
inet6/filter/FORWARD -j logaccept-final-50
- inet/filter/INPUT -j logaccept-final-50
+ inet6/filter/INPUT -j limit-1018
inet6/filter/INPUT -j logaccept-final-50
- inet/filter/OUTPUT -j logaccept-final-50
+ inet6/filter/OUTPUT -j limit-1018
inet6/filter/OUTPUT -j logaccept-final-50
- inet/filter/logaccept-final-50 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1018 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/logaccept-final-50 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-50 -j ACCEPT
inet6/filter/logaccept-final-50 -j ACCEPT
Filter 1020 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1019
- inet6/filter/FORWARD -j limit-1019
inet/filter/INPUT -j limit-1019
- inet6/filter/INPUT -j limit-1019
inet/filter/OUTPUT -j limit-1019
- inet6/filter/OUTPUT -j limit-1019
inet/filter/limit-1019 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1019 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1019 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-1019
+ inet6/filter/INPUT -j limit-1019
+ inet6/filter/OUTPUT -j limit-1019
+ inet6/filter/limit-1019 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1019 -m limit --limit 1/second -j LOG
Filter 1021 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1020
- inet6/filter/FORWARD -j limit-1020
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1020
- inet6/filter/INPUT -j limit-1020
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1020
- inet6/filter/OUTPUT -j limit-1020
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1020 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1020 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1020
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1020
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1020
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1020 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1022 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1021
- inet6/filter/FORWARD -j limit-1021
inet/filter/INPUT -j limit-1021
- inet6/filter/INPUT -j limit-1021
inet/filter/OUTPUT -j limit-1021
- inet6/filter/OUTPUT -j limit-1021
inet/filter/limit-1021 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-1021
+ inet6/filter/INPUT -j limit-1021
+ inet6/filter/OUTPUT -j limit-1021
inet6/filter/limit-1021 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1023 {"flow-limit":{"interval":5,"log":"none","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-1022
- inet6/filter/FORWARD -j limit-1022
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1022
- inet6/filter/INPUT -j limit-1022
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1022
- inet6/filter/OUTPUT -j limit-1022
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1022 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1022 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1022 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1022 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1022
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1022
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1022
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1022 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1022 -m recent --name user:C --rsource --mask fe00:: --set
Filter 1024 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-1023
- inet6/filter/FORWARD -j limit-1023
inet/filter/INPUT -j limit-1023
- inet6/filter/INPUT -j limit-1023
inet/filter/OUTPUT -j limit-1023
- inet6/filter/OUTPUT -j limit-1023
inet/filter/limit-1023 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1023 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1023 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-1023
+ inet6/filter/INPUT -j limit-1023
+ inet6/filter/OUTPUT -j limit-1023
+ inet6/filter/limit-1023 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1023 -m recent --name user:C --rsource --mask fe00:: --set
Filter 1025 {"flow-limit":{"interval":5,"log":"none","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1024
- inet6/filter/FORWARD -j limit-1024
+ inet/filter/FORWARD -j logaccept-final-51
inet/filter/INPUT -j limit-1024
- inet6/filter/INPUT -j limit-1024
+ inet/filter/INPUT -j logaccept-final-51
inet/filter/OUTPUT -j limit-1024
- inet6/filter/OUTPUT -j limit-1024
+ inet/filter/OUTPUT -j logaccept-final-51
inet/filter/limit-1024 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1024 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1024 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1024 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-51
+ inet/filter/logaccept-final-51 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-51 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1024
inet6/filter/FORWARD -j logaccept-final-51
- inet/filter/INPUT -j logaccept-final-51
+ inet6/filter/INPUT -j limit-1024
inet6/filter/INPUT -j logaccept-final-51
- inet/filter/OUTPUT -j logaccept-final-51
+ inet6/filter/OUTPUT -j limit-1024
inet6/filter/OUTPUT -j logaccept-final-51
- inet/filter/logaccept-final-51 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1024 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1024 -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/logaccept-final-51 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-51 -j ACCEPT
inet6/filter/logaccept-final-51 -j ACCEPT
Filter 1026 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1025
- inet6/filter/FORWARD -j limit-1025
inet/filter/INPUT -j limit-1025
- inet6/filter/INPUT -j limit-1025
inet/filter/OUTPUT -j limit-1025
- inet6/filter/OUTPUT -j limit-1025
inet/filter/limit-1025 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1025 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1025 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-1025
+ inet6/filter/INPUT -j limit-1025
+ inet6/filter/OUTPUT -j limit-1025
+ inet6/filter/limit-1025 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1025 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 1027 {"flow-limit":{"interval":5,"log":"none","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1026
- inet6/filter/FORWARD -j limit-1026
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1026
- inet6/filter/INPUT -j limit-1026
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1026
- inet6/filter/OUTPUT -j limit-1026
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1026 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1026 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1026 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1026 -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1026
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1026
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1026
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1026 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1026 -m recent --name user:C --rsource --mask fe00:: --set
Filter 1028 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1027
- inet6/filter/FORWARD -j limit-1027
inet/filter/INPUT -j limit-1027
- inet6/filter/INPUT -j limit-1027
inet/filter/OUTPUT -j limit-1027
- inet6/filter/OUTPUT -j limit-1027
inet/filter/limit-1027 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1027 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1027 -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-1027
+ inet6/filter/INPUT -j limit-1027
+ inet6/filter/OUTPUT -j limit-1027
+ inet6/filter/limit-1027 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1027 -m recent --name user:C --rsource --mask fe00:: --set
Filter 1029 {"flow-limit":{"interval":5,"log":"none","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1028
- inet6/filter/FORWARD -j limit-1028
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1028
- inet6/filter/INPUT -j limit-1028
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1028
- inet6/filter/OUTPUT -j limit-1028
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1028 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1028 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1028
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1028
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1028
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1028 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1030 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1029
- inet6/filter/FORWARD -j limit-1029
inet/filter/INPUT -j limit-1029
- inet6/filter/INPUT -j limit-1029
inet/filter/OUTPUT -j limit-1029
- inet6/filter/OUTPUT -j limit-1029
inet/filter/limit-1029 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-1029
+ inet6/filter/INPUT -j limit-1029
+ inet6/filter/OUTPUT -j limit-1029
inet6/filter/limit-1029 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1031 {"flow-limit":{"interval":5,"log":"none","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1030
- inet6/filter/FORWARD -j limit-1030
+ inet/filter/FORWARD -j logaccept-final-52
inet/filter/INPUT -j limit-1030
- inet6/filter/INPUT -j limit-1030
+ inet/filter/INPUT -j logaccept-final-52
inet/filter/OUTPUT -j limit-1030
- inet6/filter/OUTPUT -j limit-1030
+ inet/filter/OUTPUT -j logaccept-final-52
inet/filter/limit-1030 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1030 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j logaccept-final-52
+ inet/filter/logaccept-final-52 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-52 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1030
inet6/filter/FORWARD -j logaccept-final-52
- inet/filter/INPUT -j logaccept-final-52
+ inet6/filter/INPUT -j limit-1030
inet6/filter/INPUT -j logaccept-final-52
- inet/filter/OUTPUT -j logaccept-final-52
+ inet6/filter/OUTPUT -j limit-1030
inet6/filter/OUTPUT -j logaccept-final-52
- inet/filter/logaccept-final-52 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1030 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/logaccept-final-52 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-52 -j ACCEPT
inet6/filter/logaccept-final-52 -j ACCEPT
Filter 1032 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1031
- inet6/filter/FORWARD -j limit-1031
inet/filter/INPUT -j limit-1031
- inet6/filter/INPUT -j limit-1031
inet/filter/OUTPUT -j limit-1031
- inet6/filter/OUTPUT -j limit-1031
inet/filter/limit-1031 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1031 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1031 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-1031
+ inet6/filter/INPUT -j limit-1031
+ inet6/filter/OUTPUT -j limit-1031
+ inet6/filter/limit-1031 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1031 -m limit --limit 1/second -j LOG
Filter 1033 {"flow-limit":{"interval":5,"log":"none","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1032
- inet6/filter/FORWARD -j limit-1032
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1032
- inet6/filter/INPUT -j limit-1032
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1032
- inet6/filter/OUTPUT -j limit-1032
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1032 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1032 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1032
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1032
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1032
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1032 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1034 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1033
- inet6/filter/FORWARD -j limit-1033
inet/filter/INPUT -j limit-1033
- inet6/filter/INPUT -j limit-1033
inet/filter/OUTPUT -j limit-1033
- inet6/filter/OUTPUT -j limit-1033
inet/filter/limit-1033 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-1033
+ inet6/filter/INPUT -j limit-1033
+ inet6/filter/OUTPUT -j limit-1033
inet6/filter/limit-1033 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1035 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-1034
- inet6/filter/FORWARD -j limit-1034
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1034
- inet6/filter/INPUT -j limit-1034
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1034
- inet6/filter/OUTPUT -j limit-1034
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1034 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1034 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1034 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1034 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1034
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1034
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1034
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1034 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1034 -m recent --name user:C --rdest --mask fe00:: --set
Filter 1036 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"}}
(filter-limit)
inet/filter/FORWARD -j limit-1035
- inet6/filter/FORWARD -j limit-1035
inet/filter/INPUT -j limit-1035
- inet6/filter/INPUT -j limit-1035
inet/filter/OUTPUT -j limit-1035
- inet6/filter/OUTPUT -j limit-1035
inet/filter/limit-1035 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1035 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1035 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-1035
+ inet6/filter/INPUT -j limit-1035
+ inet6/filter/OUTPUT -j limit-1035
+ inet6/filter/limit-1035 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1035 -m recent --name user:C --rdest --mask fe00:: --set
Filter 1037 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1036
- inet6/filter/FORWARD -j limit-1036
+ inet/filter/FORWARD -j logaccept-final-53
inet/filter/INPUT -j limit-1036
- inet6/filter/INPUT -j limit-1036
+ inet/filter/INPUT -j logaccept-final-53
inet/filter/OUTPUT -j limit-1036
- inet6/filter/OUTPUT -j limit-1036
+ inet/filter/OUTPUT -j logaccept-final-53
inet/filter/limit-1036 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1036 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1036 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1036 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j logaccept-final-53
+ inet/filter/logaccept-final-53 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-53 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1036
inet6/filter/FORWARD -j logaccept-final-53
- inet/filter/INPUT -j logaccept-final-53
+ inet6/filter/INPUT -j limit-1036
inet6/filter/INPUT -j logaccept-final-53
- inet/filter/OUTPUT -j logaccept-final-53
+ inet6/filter/OUTPUT -j limit-1036
inet6/filter/OUTPUT -j logaccept-final-53
- inet/filter/logaccept-final-53 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1036 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1036 -m recent --name user:C --rdest --mask fe00:: --set
inet6/filter/logaccept-final-53 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-53 -j ACCEPT
inet6/filter/logaccept-final-53 -j ACCEPT
Filter 1038 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1037
- inet6/filter/FORWARD -j limit-1037
inet/filter/INPUT -j limit-1037
- inet6/filter/INPUT -j limit-1037
inet/filter/OUTPUT -j limit-1037
- inet6/filter/OUTPUT -j limit-1037
inet/filter/limit-1037 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1037 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1037 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-1037
+ inet6/filter/INPUT -j limit-1037
+ inet6/filter/OUTPUT -j limit-1037
+ inet6/filter/limit-1037 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1037 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
Filter 1039 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1038
- inet6/filter/FORWARD -j limit-1038
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1038
- inet6/filter/INPUT -j limit-1038
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1038
- inet6/filter/OUTPUT -j limit-1038
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1038 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1038 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1038 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1038 -m recent --name user:C --rdest --mask fe00:: --set
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1038
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1038
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1038
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1038 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1038 -m recent --name user:C --rdest --mask fe00:: --set
Filter 1040 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1039
- inet6/filter/FORWARD -j limit-1039
inet/filter/INPUT -j limit-1039
- inet6/filter/INPUT -j limit-1039
inet/filter/OUTPUT -j limit-1039
- inet6/filter/OUTPUT -j limit-1039
inet/filter/limit-1039 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1039 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1039 -m recent --name user:C --rdest --mask 254.0.0.0 --set
+ inet6/filter/FORWARD -j limit-1039
+ inet6/filter/INPUT -j limit-1039
+ inet6/filter/OUTPUT -j limit-1039
+ inet6/filter/limit-1039 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1039 -m recent --name user:C --rdest --mask fe00:: --set
Filter 1041 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1040
- inet6/filter/FORWARD -j limit-1040
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1040
- inet6/filter/INPUT -j limit-1040
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1040
- inet6/filter/OUTPUT -j limit-1040
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1040 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1040 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1040
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1040
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1040
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1040 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1042 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1041
- inet6/filter/FORWARD -j limit-1041
inet/filter/INPUT -j limit-1041
- inet6/filter/INPUT -j limit-1041
inet/filter/OUTPUT -j limit-1041
- inet6/filter/OUTPUT -j limit-1041
inet/filter/limit-1041 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-1041
+ inet6/filter/INPUT -j limit-1041
+ inet6/filter/OUTPUT -j limit-1041
inet6/filter/limit-1041 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1043 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1042
- inet6/filter/FORWARD -j limit-1042
+ inet/filter/FORWARD -j logaccept-final-54
inet/filter/INPUT -j limit-1042
- inet6/filter/INPUT -j limit-1042
+ inet/filter/INPUT -j logaccept-final-54
inet/filter/OUTPUT -j limit-1042
- inet6/filter/OUTPUT -j limit-1042
+ inet/filter/OUTPUT -j logaccept-final-54
inet/filter/limit-1042 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1042 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j logaccept-final-54
+ inet/filter/logaccept-final-54 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-54 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1042
inet6/filter/FORWARD -j logaccept-final-54
- inet/filter/INPUT -j logaccept-final-54
+ inet6/filter/INPUT -j limit-1042
inet6/filter/INPUT -j logaccept-final-54
- inet/filter/OUTPUT -j logaccept-final-54
+ inet6/filter/OUTPUT -j limit-1042
inet6/filter/OUTPUT -j logaccept-final-54
- inet/filter/logaccept-final-54 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1042 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/logaccept-final-54 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-54 -j ACCEPT
inet6/filter/logaccept-final-54 -j ACCEPT
Filter 1044 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1043
- inet6/filter/FORWARD -j limit-1043
inet/filter/INPUT -j limit-1043
- inet6/filter/INPUT -j limit-1043
inet/filter/OUTPUT -j limit-1043
- inet6/filter/OUTPUT -j limit-1043
inet/filter/limit-1043 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1043 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1043 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j limit-1043
+ inet6/filter/INPUT -j limit-1043
+ inet6/filter/OUTPUT -j limit-1043
+ inet6/filter/limit-1043 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/filter/limit-1043 -m limit --limit 1/second -j LOG
Filter 1045 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1044
- inet6/filter/FORWARD -j limit-1044
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1044
- inet6/filter/INPUT -j limit-1044
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1044
- inet6/filter/OUTPUT -j limit-1044
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1044 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1044 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1044
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1044
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1044
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1044 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1046 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1045
- inet6/filter/FORWARD -j limit-1045
inet/filter/INPUT -j limit-1045
- inet6/filter/INPUT -j limit-1045
inet/filter/OUTPUT -j limit-1045
- inet6/filter/OUTPUT -j limit-1045
inet/filter/limit-1045 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/FORWARD -j limit-1045
+ inet6/filter/INPUT -j limit-1045
+ inet6/filter/OUTPUT -j limit-1045
inet6/filter/limit-1045 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
Filter 1047 {"flow-limit":150}
(filter-limit)
inet/filter/FORWARD -j limit-1046
- inet6/filter/FORWARD -j limit-1046
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1046
- inet6/filter/INPUT -j limit-1046
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1046
- inet6/filter/OUTPUT -j limit-1046
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1046 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1046 -j RETURN
- inet6/filter/limit-1046 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1046 -j RETURN
inet/filter/limit-1046 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1046 -m limit --limit 1/second -j LOG
inet/filter/limit-1046 -j DROP
- inet6/filter/limit-1046 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1046
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1046
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1046
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1046 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1046 -j RETURN
+ inet6/filter/limit-1046 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1046 -j DROP
Filter 1048 {"action":"pass","flow-limit":150}
(filter-limit)
inet/filter/FORWARD -j limit-1047
- inet6/filter/FORWARD -j limit-1047
inet/filter/INPUT -j limit-1047
- inet6/filter/INPUT -j limit-1047
inet/filter/OUTPUT -j limit-1047
- inet6/filter/OUTPUT -j limit-1047
inet/filter/limit-1047 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1047 -j RETURN
- inet6/filter/limit-1047 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1047 -j RETURN
inet/filter/limit-1047 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1047 -m limit --limit 1/second -j LOG
inet/filter/limit-1047 -j DROP
+ inet6/filter/FORWARD -j limit-1047
+ inet6/filter/INPUT -j limit-1047
+ inet6/filter/OUTPUT -j limit-1047
+ inet6/filter/limit-1047 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1047 -j RETURN
+ inet6/filter/limit-1047 -m limit --limit 1/second -j LOG
inet6/filter/limit-1047 -j DROP
Filter 1049 {"flow-limit":150,"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1048
- inet6/filter/FORWARD -j limit-1048
+ inet/filter/FORWARD -j logaccept-final-55
inet/filter/INPUT -j limit-1048
- inet6/filter/INPUT -j limit-1048
+ inet/filter/INPUT -j logaccept-final-55
inet/filter/OUTPUT -j limit-1048
- inet6/filter/OUTPUT -j limit-1048
+ inet/filter/OUTPUT -j logaccept-final-55
inet/filter/limit-1048 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1048 -j RETURN
- inet6/filter/limit-1048 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1048 -j RETURN
inet/filter/limit-1048 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1048 -m limit --limit 1/second -j LOG
inet/filter/limit-1048 -j DROP
- inet6/filter/limit-1048 -j DROP
- inet/filter/FORWARD -j logaccept-final-55
+ inet/filter/logaccept-final-55 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-55 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1048
inet6/filter/FORWARD -j logaccept-final-55
- inet/filter/INPUT -j logaccept-final-55
+ inet6/filter/INPUT -j limit-1048
inet6/filter/INPUT -j logaccept-final-55
- inet/filter/OUTPUT -j logaccept-final-55
+ inet6/filter/OUTPUT -j limit-1048
inet6/filter/OUTPUT -j logaccept-final-55
- inet/filter/logaccept-final-55 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1048 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1048 -j RETURN
+ inet6/filter/limit-1048 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1048 -j DROP
inet6/filter/logaccept-final-55 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-55 -j ACCEPT
inet6/filter/logaccept-final-55 -j ACCEPT
Filter 1050 {"flow-limit":150,"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1049
- inet6/filter/FORWARD -j limit-1049
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1049
- inet6/filter/INPUT -j limit-1049
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1049
- inet6/filter/OUTPUT -j limit-1049
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1049 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1049 -j RETURN
- inet6/filter/limit-1049 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1049 -j RETURN
inet/filter/limit-1049 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1049 -m limit --limit 1/second -j LOG
inet/filter/limit-1049 -j DROP
- inet6/filter/limit-1049 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1049
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1049
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1049
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1049 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1049 -j RETURN
+ inet6/filter/limit-1049 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1049 -j DROP
Filter 1051 {"flow-limit":{"count":150}}
(filter-limit)
inet/filter/FORWARD -j limit-1050
- inet6/filter/FORWARD -j limit-1050
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1050
- inet6/filter/INPUT -j limit-1050
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1050
- inet6/filter/OUTPUT -j limit-1050
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1050 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1050 -j RETURN
- inet6/filter/limit-1050 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1050 -j RETURN
inet/filter/limit-1050 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1050 -m limit --limit 1/second -j LOG
inet/filter/limit-1050 -j DROP
- inet6/filter/limit-1050 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1050
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1050
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1050
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1050 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1050 -j RETURN
+ inet6/filter/limit-1050 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1050 -j DROP
Filter 1052 {"action":"pass","flow-limit":{"count":150}}
(filter-limit)
inet/filter/FORWARD -j limit-1051
- inet6/filter/FORWARD -j limit-1051
inet/filter/INPUT -j limit-1051
- inet6/filter/INPUT -j limit-1051
inet/filter/OUTPUT -j limit-1051
- inet6/filter/OUTPUT -j limit-1051
inet/filter/limit-1051 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1051 -j RETURN
- inet6/filter/limit-1051 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1051 -j RETURN
inet/filter/limit-1051 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1051 -m limit --limit 1/second -j LOG
inet/filter/limit-1051 -j DROP
+ inet6/filter/FORWARD -j limit-1051
+ inet6/filter/INPUT -j limit-1051
+ inet6/filter/OUTPUT -j limit-1051
+ inet6/filter/limit-1051 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1051 -j RETURN
+ inet6/filter/limit-1051 -m limit --limit 1/second -j LOG
inet6/filter/limit-1051 -j DROP
Filter 1053 {"flow-limit":{"count":150},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1052
- inet6/filter/FORWARD -j limit-1052
+ inet/filter/FORWARD -j logaccept-final-56
inet/filter/INPUT -j limit-1052
- inet6/filter/INPUT -j limit-1052
+ inet/filter/INPUT -j logaccept-final-56
inet/filter/OUTPUT -j limit-1052
- inet6/filter/OUTPUT -j limit-1052
+ inet/filter/OUTPUT -j logaccept-final-56
inet/filter/limit-1052 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1052 -j RETURN
- inet6/filter/limit-1052 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1052 -j RETURN
inet/filter/limit-1052 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1052 -m limit --limit 1/second -j LOG
inet/filter/limit-1052 -j DROP
- inet6/filter/limit-1052 -j DROP
- inet/filter/FORWARD -j logaccept-final-56
+ inet/filter/logaccept-final-56 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-56 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1052
inet6/filter/FORWARD -j logaccept-final-56
- inet/filter/INPUT -j logaccept-final-56
+ inet6/filter/INPUT -j limit-1052
inet6/filter/INPUT -j logaccept-final-56
- inet/filter/OUTPUT -j logaccept-final-56
+ inet6/filter/OUTPUT -j limit-1052
inet6/filter/OUTPUT -j logaccept-final-56
- inet/filter/logaccept-final-56 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1052 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1052 -j RETURN
+ inet6/filter/limit-1052 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1052 -j DROP
inet6/filter/logaccept-final-56 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-56 -j ACCEPT
inet6/filter/logaccept-final-56 -j ACCEPT
Filter 1054 {"flow-limit":{"count":150},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1053
- inet6/filter/FORWARD -j limit-1053
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1053
- inet6/filter/INPUT -j limit-1053
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1053
- inet6/filter/OUTPUT -j limit-1053
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1053 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1053 -j RETURN
- inet6/filter/limit-1053 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1053 -j RETURN
inet/filter/limit-1053 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1053 -m limit --limit 1/second -j LOG
inet/filter/limit-1053 -j DROP
- inet6/filter/limit-1053 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1053
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1053
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1053
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1053 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1053 -j RETURN
+ inet6/filter/limit-1053 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1053 -j DROP
Filter 1055 {"flow-limit":{"count":150,"log":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1054
- inet6/filter/FORWARD -j limit-1054
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1054
- inet6/filter/INPUT -j limit-1054
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1054
- inet6/filter/OUTPUT -j limit-1054
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1054 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1054 -j RETURN
- inet6/filter/limit-1054 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1054 -j RETURN
inet/filter/limit-1054 -j DROP
- inet6/filter/limit-1054 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1054
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1054
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1054
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1054 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1054 -j RETURN
+ inet6/filter/limit-1054 -j DROP
Filter 1056 {"action":"pass","flow-limit":{"count":150,"log":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1055
- inet6/filter/FORWARD -j limit-1055
inet/filter/INPUT -j limit-1055
- inet6/filter/INPUT -j limit-1055
inet/filter/OUTPUT -j limit-1055
- inet6/filter/OUTPUT -j limit-1055
inet/filter/limit-1055 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1055 -j RETURN
- inet6/filter/limit-1055 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1055 -j RETURN
inet/filter/limit-1055 -j DROP
+ inet6/filter/FORWARD -j limit-1055
+ inet6/filter/INPUT -j limit-1055
+ inet6/filter/OUTPUT -j limit-1055
+ inet6/filter/limit-1055 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1055 -j RETURN
inet6/filter/limit-1055 -j DROP
Filter 1057 {"flow-limit":{"count":150,"log":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1056
- inet6/filter/FORWARD -j limit-1056
+ inet/filter/FORWARD -j logaccept-final-57
inet/filter/INPUT -j limit-1056
- inet6/filter/INPUT -j limit-1056
+ inet/filter/INPUT -j logaccept-final-57
inet/filter/OUTPUT -j limit-1056
- inet6/filter/OUTPUT -j limit-1056
+ inet/filter/OUTPUT -j logaccept-final-57
inet/filter/limit-1056 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1056 -j RETURN
- inet6/filter/limit-1056 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1056 -j RETURN
inet/filter/limit-1056 -j DROP
- inet6/filter/limit-1056 -j DROP
- inet/filter/FORWARD -j logaccept-final-57
+ inet/filter/logaccept-final-57 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-57 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1056
inet6/filter/FORWARD -j logaccept-final-57
- inet/filter/INPUT -j logaccept-final-57
+ inet6/filter/INPUT -j limit-1056
inet6/filter/INPUT -j logaccept-final-57
- inet/filter/OUTPUT -j logaccept-final-57
+ inet6/filter/OUTPUT -j limit-1056
inet6/filter/OUTPUT -j logaccept-final-57
- inet/filter/logaccept-final-57 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1056 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1056 -j RETURN
+ inet6/filter/limit-1056 -j DROP
inet6/filter/logaccept-final-57 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-57 -j ACCEPT
inet6/filter/logaccept-final-57 -j ACCEPT
Filter 1058 {"flow-limit":{"count":150,"log":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1057
- inet6/filter/FORWARD -j limit-1057
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1057
- inet6/filter/INPUT -j limit-1057
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1057
- inet6/filter/OUTPUT -j limit-1057
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1057 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1057 -j RETURN
- inet6/filter/limit-1057 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1057 -j RETURN
inet/filter/limit-1057 -j DROP
- inet6/filter/limit-1057 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1057
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1057
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1057
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1057 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1057 -j RETURN
+ inet6/filter/limit-1057 -j DROP
Filter 1059 {"flow-limit":{"count":150,"log":"none"}}
(filter-limit)
inet/filter/FORWARD -j limit-1058
- inet6/filter/FORWARD -j limit-1058
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1058
- inet6/filter/INPUT -j limit-1058
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1058
- inet6/filter/OUTPUT -j limit-1058
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1058 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1058 -j RETURN
- inet6/filter/limit-1058 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1058 -j RETURN
inet/filter/limit-1058 -j DROP
- inet6/filter/limit-1058 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1058
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1058
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1058
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1058 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1058 -j RETURN
+ inet6/filter/limit-1058 -j DROP
Filter 1060 {"action":"pass","flow-limit":{"count":150,"log":"none"}}
(filter-limit)
inet/filter/FORWARD -j limit-1059
- inet6/filter/FORWARD -j limit-1059
inet/filter/INPUT -j limit-1059
- inet6/filter/INPUT -j limit-1059
inet/filter/OUTPUT -j limit-1059
- inet6/filter/OUTPUT -j limit-1059
inet/filter/limit-1059 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1059 -j RETURN
- inet6/filter/limit-1059 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1059 -j RETURN
inet/filter/limit-1059 -j DROP
+ inet6/filter/FORWARD -j limit-1059
+ inet6/filter/INPUT -j limit-1059
+ inet6/filter/OUTPUT -j limit-1059
+ inet6/filter/limit-1059 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1059 -j RETURN
inet6/filter/limit-1059 -j DROP
Filter 1061 {"flow-limit":{"count":150,"log":"none"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1060
- inet6/filter/FORWARD -j limit-1060
+ inet/filter/FORWARD -j logaccept-final-58
inet/filter/INPUT -j limit-1060
- inet6/filter/INPUT -j limit-1060
+ inet/filter/INPUT -j logaccept-final-58
inet/filter/OUTPUT -j limit-1060
- inet6/filter/OUTPUT -j limit-1060
+ inet/filter/OUTPUT -j logaccept-final-58
inet/filter/limit-1060 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1060 -j RETURN
- inet6/filter/limit-1060 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1060 -j RETURN
inet/filter/limit-1060 -j DROP
- inet6/filter/limit-1060 -j DROP
- inet/filter/FORWARD -j logaccept-final-58
+ inet/filter/logaccept-final-58 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-58 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1060
inet6/filter/FORWARD -j logaccept-final-58
- inet/filter/INPUT -j logaccept-final-58
+ inet6/filter/INPUT -j limit-1060
inet6/filter/INPUT -j logaccept-final-58
- inet/filter/OUTPUT -j logaccept-final-58
+ inet6/filter/OUTPUT -j limit-1060
inet6/filter/OUTPUT -j logaccept-final-58
- inet/filter/logaccept-final-58 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1060 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1060 -j RETURN
+ inet6/filter/limit-1060 -j DROP
inet6/filter/logaccept-final-58 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-58 -j ACCEPT
inet6/filter/logaccept-final-58 -j ACCEPT
Filter 1062 {"flow-limit":{"count":150,"log":"none"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1061
- inet6/filter/FORWARD -j limit-1061
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1061
- inet6/filter/INPUT -j limit-1061
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1061
- inet6/filter/OUTPUT -j limit-1061
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1061 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1061 -j RETURN
- inet6/filter/limit-1061 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1061 -j RETURN
inet/filter/limit-1061 -j DROP
- inet6/filter/limit-1061 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1061
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1061
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1061
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1061 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1061 -j RETURN
+ inet6/filter/limit-1061 -j DROP
Filter 1063 {"flow-limit":{"count":150,"interval":5}}
(filter-limit)
inet/filter/FORWARD -j limit-1062
- inet6/filter/FORWARD -j limit-1062
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1062
- inet6/filter/INPUT -j limit-1062
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1062
- inet6/filter/OUTPUT -j limit-1062
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1062 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1062 -j RETURN
- inet6/filter/limit-1062 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1062 -j RETURN
inet/filter/limit-1062 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1062 -m limit --limit 1/second -j LOG
inet/filter/limit-1062 -j DROP
- inet6/filter/limit-1062 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1062
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1062
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1062
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1062 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1062 -j RETURN
+ inet6/filter/limit-1062 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1062 -j DROP
Filter 1064 {"action":"pass","flow-limit":{"count":150,"interval":5}}
(filter-limit)
inet/filter/FORWARD -j limit-1063
- inet6/filter/FORWARD -j limit-1063
inet/filter/INPUT -j limit-1063
- inet6/filter/INPUT -j limit-1063
inet/filter/OUTPUT -j limit-1063
- inet6/filter/OUTPUT -j limit-1063
inet/filter/limit-1063 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1063 -j RETURN
- inet6/filter/limit-1063 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1063 -j RETURN
inet/filter/limit-1063 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1063 -m limit --limit 1/second -j LOG
inet/filter/limit-1063 -j DROP
+ inet6/filter/FORWARD -j limit-1063
+ inet6/filter/INPUT -j limit-1063
+ inet6/filter/OUTPUT -j limit-1063
+ inet6/filter/limit-1063 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1063 -j RETURN
+ inet6/filter/limit-1063 -m limit --limit 1/second -j LOG
inet6/filter/limit-1063 -j DROP
Filter 1065 {"flow-limit":{"count":150,"interval":5},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1064
- inet6/filter/FORWARD -j limit-1064
+ inet/filter/FORWARD -j logaccept-final-59
inet/filter/INPUT -j limit-1064
- inet6/filter/INPUT -j limit-1064
+ inet/filter/INPUT -j logaccept-final-59
inet/filter/OUTPUT -j limit-1064
- inet6/filter/OUTPUT -j limit-1064
+ inet/filter/OUTPUT -j logaccept-final-59
inet/filter/limit-1064 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1064 -j RETURN
- inet6/filter/limit-1064 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1064 -j RETURN
inet/filter/limit-1064 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1064 -m limit --limit 1/second -j LOG
inet/filter/limit-1064 -j DROP
- inet6/filter/limit-1064 -j DROP
- inet/filter/FORWARD -j logaccept-final-59
+ inet/filter/logaccept-final-59 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-59 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1064
inet6/filter/FORWARD -j logaccept-final-59
- inet/filter/INPUT -j logaccept-final-59
+ inet6/filter/INPUT -j limit-1064
inet6/filter/INPUT -j logaccept-final-59
- inet/filter/OUTPUT -j logaccept-final-59
+ inet6/filter/OUTPUT -j limit-1064
inet6/filter/OUTPUT -j logaccept-final-59
- inet/filter/logaccept-final-59 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1064 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1064 -j RETURN
+ inet6/filter/limit-1064 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1064 -j DROP
inet6/filter/logaccept-final-59 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-59 -j ACCEPT
inet6/filter/logaccept-final-59 -j ACCEPT
Filter 1066 {"flow-limit":{"count":150,"interval":5},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1065
- inet6/filter/FORWARD -j limit-1065
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1065
- inet6/filter/INPUT -j limit-1065
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1065
- inet6/filter/OUTPUT -j limit-1065
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1065 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1065 -j RETURN
- inet6/filter/limit-1065 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1065 -j RETURN
inet/filter/limit-1065 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1065 -m limit --limit 1/second -j LOG
inet/filter/limit-1065 -j DROP
- inet6/filter/limit-1065 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1065
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1065
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1065
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1065 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1065 -j RETURN
+ inet6/filter/limit-1065 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1065 -j DROP
Filter 1067 {"flow-limit":{"count":150,"interval":5,"log":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1066
- inet6/filter/FORWARD -j limit-1066
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1066
- inet6/filter/INPUT -j limit-1066
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1066
- inet6/filter/OUTPUT -j limit-1066
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1066 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1066 -j RETURN
- inet6/filter/limit-1066 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1066 -j RETURN
inet/filter/limit-1066 -j DROP
- inet6/filter/limit-1066 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1066
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1066
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1066
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1066 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1066 -j RETURN
+ inet6/filter/limit-1066 -j DROP
Filter 1068 {"action":"pass","flow-limit":{"count":150,"interval":5,"log":false}}
(filter-limit)
inet/filter/FORWARD -j limit-1067
- inet6/filter/FORWARD -j limit-1067
inet/filter/INPUT -j limit-1067
- inet6/filter/INPUT -j limit-1067
inet/filter/OUTPUT -j limit-1067
- inet6/filter/OUTPUT -j limit-1067
inet/filter/limit-1067 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1067 -j RETURN
- inet6/filter/limit-1067 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1067 -j RETURN
inet/filter/limit-1067 -j DROP
+ inet6/filter/FORWARD -j limit-1067
+ inet6/filter/INPUT -j limit-1067
+ inet6/filter/OUTPUT -j limit-1067
+ inet6/filter/limit-1067 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1067 -j RETURN
inet6/filter/limit-1067 -j DROP
Filter 1069 {"flow-limit":{"count":150,"interval":5,"log":false},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1068
- inet6/filter/FORWARD -j limit-1068
+ inet/filter/FORWARD -j logaccept-final-60
inet/filter/INPUT -j limit-1068
- inet6/filter/INPUT -j limit-1068
+ inet/filter/INPUT -j logaccept-final-60
inet/filter/OUTPUT -j limit-1068
- inet6/filter/OUTPUT -j limit-1068
+ inet/filter/OUTPUT -j logaccept-final-60
inet/filter/limit-1068 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1068 -j RETURN
- inet6/filter/limit-1068 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1068 -j RETURN
inet/filter/limit-1068 -j DROP
- inet6/filter/limit-1068 -j DROP
- inet/filter/FORWARD -j logaccept-final-60
+ inet/filter/logaccept-final-60 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-60 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1068
inet6/filter/FORWARD -j logaccept-final-60
- inet/filter/INPUT -j logaccept-final-60
+ inet6/filter/INPUT -j limit-1068
inet6/filter/INPUT -j logaccept-final-60
- inet/filter/OUTPUT -j logaccept-final-60
+ inet6/filter/OUTPUT -j limit-1068
inet6/filter/OUTPUT -j logaccept-final-60
- inet/filter/logaccept-final-60 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1068 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1068 -j RETURN
+ inet6/filter/limit-1068 -j DROP
inet6/filter/logaccept-final-60 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-60 -j ACCEPT
inet6/filter/logaccept-final-60 -j ACCEPT
Filter 1070 {"flow-limit":{"count":150,"interval":5,"log":false},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1069
- inet6/filter/FORWARD -j limit-1069
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1069
- inet6/filter/INPUT -j limit-1069
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1069
- inet6/filter/OUTPUT -j limit-1069
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1069 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1069 -j RETURN
- inet6/filter/limit-1069 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1069 -j RETURN
inet/filter/limit-1069 -j DROP
- inet6/filter/limit-1069 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1069
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1069
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1069
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1069 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1069 -j RETURN
+ inet6/filter/limit-1069 -j DROP
Filter 1071 {"flow-limit":{"count":150,"interval":5,"log":"none"}}
(filter-limit)
inet/filter/FORWARD -j limit-1070
- inet6/filter/FORWARD -j limit-1070
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1070
- inet6/filter/INPUT -j limit-1070
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1070
- inet6/filter/OUTPUT -j limit-1070
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1070 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1070 -j RETURN
- inet6/filter/limit-1070 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1070 -j RETURN
inet/filter/limit-1070 -j DROP
- inet6/filter/limit-1070 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1070
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1070
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1070
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1070 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1070 -j RETURN
+ inet6/filter/limit-1070 -j DROP
Filter 1072 {"action":"pass","flow-limit":{"count":150,"interval":5,"log":"none"}}
(filter-limit)
inet/filter/FORWARD -j limit-1071
- inet6/filter/FORWARD -j limit-1071
inet/filter/INPUT -j limit-1071
- inet6/filter/INPUT -j limit-1071
inet/filter/OUTPUT -j limit-1071
- inet6/filter/OUTPUT -j limit-1071
inet/filter/limit-1071 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1071 -j RETURN
- inet6/filter/limit-1071 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1071 -j RETURN
inet/filter/limit-1071 -j DROP
+ inet6/filter/FORWARD -j limit-1071
+ inet6/filter/INPUT -j limit-1071
+ inet6/filter/OUTPUT -j limit-1071
+ inet6/filter/limit-1071 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1071 -j RETURN
inet6/filter/limit-1071 -j DROP
Filter 1073 {"flow-limit":{"count":150,"interval":5,"log":"none"},"log":true}
(filter-limit)
inet/filter/FORWARD -j limit-1072
- inet6/filter/FORWARD -j limit-1072
+ inet/filter/FORWARD -j logaccept-final-61
inet/filter/INPUT -j limit-1072
- inet6/filter/INPUT -j limit-1072
+ inet/filter/INPUT -j logaccept-final-61
inet/filter/OUTPUT -j limit-1072
- inet6/filter/OUTPUT -j limit-1072
+ inet/filter/OUTPUT -j logaccept-final-61
inet/filter/limit-1072 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1072 -j RETURN
- inet6/filter/limit-1072 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1072 -j RETURN
inet/filter/limit-1072 -j DROP
- inet6/filter/limit-1072 -j DROP
- inet/filter/FORWARD -j logaccept-final-61
+ inet/filter/logaccept-final-61 -m limit --limit 1/second -j LOG
+ inet/filter/logaccept-final-61 -j ACCEPT
+ inet6/filter/FORWARD -j limit-1072
inet6/filter/FORWARD -j logaccept-final-61
- inet/filter/INPUT -j logaccept-final-61
+ inet6/filter/INPUT -j limit-1072
inet6/filter/INPUT -j logaccept-final-61
- inet/filter/OUTPUT -j logaccept-final-61
+ inet6/filter/OUTPUT -j limit-1072
inet6/filter/OUTPUT -j logaccept-final-61
- inet/filter/logaccept-final-61 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1072 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1072 -j RETURN
+ inet6/filter/limit-1072 -j DROP
inet6/filter/logaccept-final-61 -m limit --limit 1/second -j LOG
- inet/filter/logaccept-final-61 -j ACCEPT
inet6/filter/logaccept-final-61 -j ACCEPT
Filter 1074 {"flow-limit":{"count":150,"interval":5,"log":"none"},"log":"none"}
(filter-limit)
inet/filter/FORWARD -j limit-1073
- inet6/filter/FORWARD -j limit-1073
+ inet/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j limit-1073
- inet6/filter/INPUT -j limit-1073
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j limit-1073
- inet6/filter/OUTPUT -j limit-1073
+ inet/filter/OUTPUT -j ACCEPT
inet/filter/limit-1073 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1073 -j RETURN
- inet6/filter/limit-1073 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1073 -j RETURN
inet/filter/limit-1073 -j DROP
- inet6/filter/limit-1073 -j DROP
- inet/filter/FORWARD -j ACCEPT
+ inet6/filter/FORWARD -j limit-1073
inet6/filter/FORWARD -j ACCEPT
- inet/filter/INPUT -j ACCEPT
+ inet6/filter/INPUT -j limit-1073
inet6/filter/INPUT -j ACCEPT
- inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/OUTPUT -j limit-1073
inet6/filter/OUTPUT -j ACCEPT
+ inet6/filter/limit-1073 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1073 -j RETURN
+ inet6/filter/limit-1073 -j DROP
Filter 1075 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1074
- inet6/filter/INPUT -i eth0 -j limit-1074
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1074 -m recent --name limit-1074 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-342
- inet6/filter/limit-1074 -m recent --name limit-1074 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-342
+ inet/filter/limit-1074 -m recent --name limit-1074 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-342 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-342 -m limit --limit 1/second -j LOG
inet/filter/logdrop-342 -j DROP
- inet6/filter/logdrop-342 -j DROP
- inet/filter/limit-1074 -m recent --name limit-1074 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1074 -m recent --name limit-1074 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1074
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1074 -m recent --name limit-1074 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-342
+ inet6/filter/limit-1074 -m recent --name limit-1074 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-342 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-342 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1076 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1075
- inet6/filter/INPUT -i eth0 -j limit-1075
inet/filter/limit-1075 -m recent --name limit-1075 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-343
- inet6/filter/limit-1075 -m recent --name limit-1075 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-343
+ inet/filter/limit-1075 -m recent --name limit-1075 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-343 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-343 -m limit --limit 1/second -j LOG
inet/filter/logdrop-343 -j DROP
- inet6/filter/logdrop-343 -j DROP
- inet/filter/limit-1075 -m recent --name limit-1075 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1075 -m recent --name limit-1075 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1075
+ inet6/filter/limit-1075 -m recent --name limit-1075 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-343
+ inet6/filter/limit-1075 -m recent --name limit-1075 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-343 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-343 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1077 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1076
- inet6/filter/INPUT -i eth0 -j limit-1076
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1076 -m recent --name limit-1076 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-344
- inet6/filter/limit-1076 -m recent --name limit-1076 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-344
+ inet/filter/limit-1076 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1076 -m recent --name limit-1076 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-344 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-344 -m limit --limit 1/second -j LOG
inet/filter/logdrop-344 -j DROP
- inet6/filter/logdrop-344 -j DROP
- inet/filter/limit-1076 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1076
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1076 -m recent --name limit-1076 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-344
inet6/filter/limit-1076 -m limit --limit 1/second -j LOG
- inet/filter/limit-1076 -m recent --name limit-1076 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-1076 -m recent --name limit-1076 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-344 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-344 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1078 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1077
- inet6/filter/INPUT -i eth0 -j limit-1077
inet/filter/limit-1077 -m recent --name limit-1077 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-345
- inet6/filter/limit-1077 -m recent --name limit-1077 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-345
+ inet/filter/limit-1077 -m recent --name limit-1077 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-345 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-345 -m limit --limit 1/second -j LOG
inet/filter/logdrop-345 -j DROP
- inet6/filter/logdrop-345 -j DROP
- inet/filter/limit-1077 -m recent --name limit-1077 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1077 -m recent --name limit-1077 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1077
+ inet6/filter/limit-1077 -m recent --name limit-1077 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-345
+ inet6/filter/limit-1077 -m recent --name limit-1077 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-345 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-345 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1079 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1078
- inet6/filter/INPUT -i eth0 -j limit-1078
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1078 -m recent --name limit-1078 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-346
- inet6/filter/limit-1078 -m recent --name limit-1078 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-346
+ inet/filter/limit-1078 -m recent --name limit-1078 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-346 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-346 -m limit --limit 1/second -j LOG
inet/filter/logdrop-346 -j DROP
- inet6/filter/logdrop-346 -j DROP
- inet/filter/limit-1078 -m recent --name limit-1078 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1078 -m recent --name limit-1078 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1078
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1078 -m recent --name limit-1078 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-346
+ inet6/filter/limit-1078 -m recent --name limit-1078 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-346 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-346 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1080 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1079
- inet6/filter/INPUT -i eth0 -j limit-1079
inet/filter/limit-1079 -m recent --name limit-1079 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-347
- inet6/filter/limit-1079 -m recent --name limit-1079 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-347
+ inet/filter/limit-1079 -m recent --name limit-1079 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-347 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-347 -m limit --limit 1/second -j LOG
inet/filter/logdrop-347 -j DROP
- inet6/filter/logdrop-347 -j DROP
- inet/filter/limit-1079 -m recent --name limit-1079 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1079 -m recent --name limit-1079 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1079
+ inet6/filter/limit-1079 -m recent --name limit-1079 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-347
+ inet6/filter/limit-1079 -m recent --name limit-1079 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-347 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-347 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1081 {"flow-limit":{},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1080
- inet6/filter/INPUT -i eth0 -j limit-1080
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1080 -m recent --name limit-1080 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-348
- inet6/filter/limit-1080 -m recent --name limit-1080 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-348
+ inet/filter/limit-1080 -m recent --name limit-1080 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-348 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-348 -m limit --limit 1/second -j LOG
inet/filter/logdrop-348 -j DROP
- inet6/filter/logdrop-348 -j DROP
- inet/filter/limit-1080 -m recent --name limit-1080 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1080 -m recent --name limit-1080 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1080
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1080 -m recent --name limit-1080 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-348
+ inet6/filter/limit-1080 -m recent --name limit-1080 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-348 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-348 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1082 {"action":"pass","flow-limit":{},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1081
- inet6/filter/INPUT -i eth0 -j limit-1081
inet/filter/limit-1081 -m recent --name limit-1081 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-349
- inet6/filter/limit-1081 -m recent --name limit-1081 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-349
+ inet/filter/limit-1081 -m recent --name limit-1081 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-349 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-349 -m limit --limit 1/second -j LOG
inet/filter/logdrop-349 -j DROP
- inet6/filter/logdrop-349 -j DROP
- inet/filter/limit-1081 -m recent --name limit-1081 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1081 -m recent --name limit-1081 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1081
+ inet6/filter/limit-1081 -m recent --name limit-1081 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-349
+ inet6/filter/limit-1081 -m recent --name limit-1081 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-349 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-349 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1083 {"flow-limit":{},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1082
- inet6/filter/INPUT -i eth0 -j limit-1082
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1082 -m recent --name limit-1082 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-350
- inet6/filter/limit-1082 -m recent --name limit-1082 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-350
+ inet/filter/limit-1082 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1082 -m recent --name limit-1082 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-350 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-350 -m limit --limit 1/second -j LOG
inet/filter/logdrop-350 -j DROP
- inet6/filter/logdrop-350 -j DROP
- inet/filter/limit-1082 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1082
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1082 -m recent --name limit-1082 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-350
inet6/filter/limit-1082 -m limit --limit 1/second -j LOG
- inet/filter/limit-1082 -m recent --name limit-1082 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-1082 -m recent --name limit-1082 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-350 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-350 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1084 {"action":"pass","flow-limit":{},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1083
- inet6/filter/INPUT -i eth0 -j limit-1083
inet/filter/limit-1083 -m recent --name limit-1083 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-351
- inet6/filter/limit-1083 -m recent --name limit-1083 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-351
+ inet/filter/limit-1083 -m recent --name limit-1083 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-351 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-351 -m limit --limit 1/second -j LOG
inet/filter/logdrop-351 -j DROP
- inet6/filter/logdrop-351 -j DROP
- inet/filter/limit-1083 -m recent --name limit-1083 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1083 -m recent --name limit-1083 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1083
+ inet6/filter/limit-1083 -m recent --name limit-1083 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-351
+ inet6/filter/limit-1083 -m recent --name limit-1083 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-351 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-351 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1085 {"flow-limit":{},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1084
- inet6/filter/INPUT -i eth0 -j limit-1084
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1084 -m recent --name limit-1084 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-352
- inet6/filter/limit-1084 -m recent --name limit-1084 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-352
+ inet/filter/limit-1084 -m recent --name limit-1084 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-352 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-352 -m limit --limit 1/second -j LOG
inet/filter/logdrop-352 -j DROP
- inet6/filter/logdrop-352 -j DROP
- inet/filter/limit-1084 -m recent --name limit-1084 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1084 -m recent --name limit-1084 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1084
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1084 -m recent --name limit-1084 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-352
+ inet6/filter/limit-1084 -m recent --name limit-1084 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-352 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-352 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1086 {"action":"pass","flow-limit":{},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1085
- inet6/filter/INPUT -i eth0 -j limit-1085
inet/filter/limit-1085 -m recent --name limit-1085 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-353
- inet6/filter/limit-1085 -m recent --name limit-1085 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-353
+ inet/filter/limit-1085 -m recent --name limit-1085 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-353 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-353 -m limit --limit 1/second -j LOG
inet/filter/logdrop-353 -j DROP
- inet6/filter/logdrop-353 -j DROP
- inet/filter/limit-1085 -m recent --name limit-1085 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1085 -m recent --name limit-1085 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1085
+ inet6/filter/limit-1085 -m recent --name limit-1085 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-353
+ inet6/filter/limit-1085 -m recent --name limit-1085 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-353 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-353 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1087 {"flow-limit":{"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1086
- inet6/filter/INPUT -i eth0 -j limit-1086
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1086 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-354
- inet6/filter/limit-1086 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-354
+ inet/filter/limit-1086 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-354 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-354 -m limit --limit 1/second -j LOG
inet/filter/logdrop-354 -j DROP
- inet6/filter/logdrop-354 -j DROP
- inet/filter/limit-1086 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1086 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1086
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1086 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-354
+ inet6/filter/limit-1086 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-354 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-354 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1088 {"action":"pass","flow-limit":{"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1087
- inet6/filter/INPUT -i eth0 -j limit-1087
inet/filter/limit-1087 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-355
- inet6/filter/limit-1087 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-355
+ inet/filter/limit-1087 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-355 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-355 -m limit --limit 1/second -j LOG
inet/filter/logdrop-355 -j DROP
- inet6/filter/logdrop-355 -j DROP
- inet/filter/limit-1087 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1087 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1087
+ inet6/filter/limit-1087 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-355
+ inet6/filter/limit-1087 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-355 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-355 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1089 {"flow-limit":{"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1088
- inet6/filter/INPUT -i eth0 -j limit-1088
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1088 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-356
- inet6/filter/limit-1088 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-356
+ inet/filter/limit-1088 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1088 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-356 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-356 -m limit --limit 1/second -j LOG
inet/filter/logdrop-356 -j DROP
- inet6/filter/logdrop-356 -j DROP
- inet/filter/limit-1088 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1088
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1088 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-356
inet6/filter/limit-1088 -m limit --limit 1/second -j LOG
- inet/filter/limit-1088 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-1088 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-356 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-356 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1090 {"action":"pass","flow-limit":{"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1089
- inet6/filter/INPUT -i eth0 -j limit-1089
inet/filter/limit-1089 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-357
- inet6/filter/limit-1089 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-357
+ inet/filter/limit-1089 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-357 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-357 -m limit --limit 1/second -j LOG
inet/filter/logdrop-357 -j DROP
- inet6/filter/logdrop-357 -j DROP
- inet/filter/limit-1089 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1089 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1089
+ inet6/filter/limit-1089 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-357
+ inet6/filter/limit-1089 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-357 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-357 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1091 {"flow-limit":{"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1090
- inet6/filter/INPUT -i eth0 -j limit-1090
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1090 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-358
- inet6/filter/limit-1090 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-358
+ inet/filter/limit-1090 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-358 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-358 -m limit --limit 1/second -j LOG
inet/filter/logdrop-358 -j DROP
- inet6/filter/logdrop-358 -j DROP
- inet/filter/limit-1090 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1090 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1090
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1090 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-358
+ inet6/filter/limit-1090 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-358 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-358 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1092 {"action":"pass","flow-limit":{"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1091
- inet6/filter/INPUT -i eth0 -j limit-1091
inet/filter/limit-1091 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-359
- inet6/filter/limit-1091 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-359
+ inet/filter/limit-1091 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-359 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-359 -m limit --limit 1/second -j LOG
inet/filter/logdrop-359 -j DROP
- inet6/filter/logdrop-359 -j DROP
- inet/filter/limit-1091 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1091 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1091
+ inet6/filter/limit-1091 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-359
+ inet6/filter/limit-1091 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-359 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-359 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1093 {"flow-limit":{"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1092
- inet6/filter/INPUT -i eth0 -j limit-1092
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1092 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-360
- inet6/filter/limit-1092 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-360
+ inet/filter/limit-1092 -j ACCEPT
inet/filter/logdrop-360 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-360 -m limit --limit 1/second -j LOG
inet/filter/logdrop-360 -j DROP
- inet6/filter/logdrop-360 -j DROP
- inet/filter/limit-1092 -j ACCEPT
- inet6/filter/limit-1092 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1092
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1092 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-360
+ inet6/filter/limit-1092 -j ACCEPT
+ inet6/filter/logdrop-360 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-360 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1094 {"action":"pass","flow-limit":{"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-361
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-361
inet/filter/logdrop-361 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-361 -m limit --limit 1/second -j LOG
inet/filter/logdrop-361 -j DROP
- inet6/filter/logdrop-361 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-361
+ inet6/filter/logdrop-361 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-361 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1095 {"flow-limit":{"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1094
- inet6/filter/INPUT -i eth0 -j limit-1094
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1094 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-362
- inet6/filter/limit-1094 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-362
+ inet/filter/limit-1094 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1094 -j ACCEPT
inet/filter/logdrop-362 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-362 -m limit --limit 1/second -j LOG
inet/filter/logdrop-362 -j DROP
- inet6/filter/logdrop-362 -j DROP
- inet/filter/limit-1094 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1094
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1094 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-362
inet6/filter/limit-1094 -m limit --limit 1/second -j LOG
- inet/filter/limit-1094 -j ACCEPT
inet6/filter/limit-1094 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-362 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-362 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1096 {"action":"pass","flow-limit":{"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1095
- inet6/filter/INPUT -i eth0 -j limit-1095
inet/filter/limit-1095 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-363
- inet6/filter/limit-1095 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-363
+ inet/filter/limit-1095 -m limit --limit 1/second -j LOG
inet/filter/logdrop-363 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-363 -m limit --limit 1/second -j LOG
inet/filter/logdrop-363 -j DROP
- inet6/filter/logdrop-363 -j DROP
- inet/filter/limit-1095 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1095 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1095
+ inet6/filter/limit-1095 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-363
+ inet6/filter/limit-1095 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-363 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-363 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1097 {"flow-limit":{"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1096
- inet6/filter/INPUT -i eth0 -j limit-1096
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1096 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-364
- inet6/filter/limit-1096 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-364
+ inet/filter/limit-1096 -j ACCEPT
inet/filter/logdrop-364 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-364 -m limit --limit 1/second -j LOG
inet/filter/logdrop-364 -j DROP
- inet6/filter/logdrop-364 -j DROP
- inet/filter/limit-1096 -j ACCEPT
- inet6/filter/limit-1096 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1096
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1096 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-364
+ inet6/filter/limit-1096 -j ACCEPT
+ inet6/filter/logdrop-364 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-364 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1098 {"action":"pass","flow-limit":{"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-365
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-365
inet/filter/logdrop-365 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-365 -m limit --limit 1/second -j LOG
inet/filter/logdrop-365 -j DROP
- inet6/filter/logdrop-365 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-365
+ inet6/filter/logdrop-365 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-365 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1099 {"flow-limit":{"addr":"dest","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1098
- inet6/filter/INPUT -i eth0 -j limit-1098
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1098 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-366
- inet6/filter/limit-1098 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-366
+ inet/filter/limit-1098 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-366 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-366 -m limit --limit 1/second -j LOG
inet/filter/logdrop-366 -j DROP
- inet6/filter/logdrop-366 -j DROP
- inet/filter/limit-1098 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1098 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1098
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1098 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-366
+ inet6/filter/limit-1098 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-366 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-366 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1100 {"action":"pass","flow-limit":{"addr":"dest","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1099
- inet6/filter/INPUT -i eth0 -j limit-1099
inet/filter/limit-1099 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-367
- inet6/filter/limit-1099 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-367
+ inet/filter/limit-1099 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-367 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-367 -m limit --limit 1/second -j LOG
inet/filter/logdrop-367 -j DROP
- inet6/filter/logdrop-367 -j DROP
- inet/filter/limit-1099 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1099 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1099
+ inet6/filter/limit-1099 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-367
+ inet6/filter/limit-1099 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-367 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-367 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1101 {"flow-limit":{"addr":"dest","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1100
- inet6/filter/INPUT -i eth0 -j limit-1100
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1100 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-368
- inet6/filter/limit-1100 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-368
+ inet/filter/limit-1100 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1100 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-368 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-368 -m limit --limit 1/second -j LOG
inet/filter/logdrop-368 -j DROP
- inet6/filter/logdrop-368 -j DROP
- inet/filter/limit-1100 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1100
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1100 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-368
inet6/filter/limit-1100 -m limit --limit 1/second -j LOG
- inet/filter/limit-1100 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-1100 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-368 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-368 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1102 {"action":"pass","flow-limit":{"addr":"dest","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1101
- inet6/filter/INPUT -i eth0 -j limit-1101
inet/filter/limit-1101 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-369
- inet6/filter/limit-1101 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-369
+ inet/filter/limit-1101 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-369 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-369 -m limit --limit 1/second -j LOG
inet/filter/logdrop-369 -j DROP
- inet6/filter/logdrop-369 -j DROP
- inet/filter/limit-1101 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1101 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1101
+ inet6/filter/limit-1101 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-369
+ inet6/filter/limit-1101 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-369 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-369 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1103 {"flow-limit":{"addr":"dest","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1102
- inet6/filter/INPUT -i eth0 -j limit-1102
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1102 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-370
- inet6/filter/limit-1102 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-370
+ inet/filter/limit-1102 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-370 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-370 -m limit --limit 1/second -j LOG
inet/filter/logdrop-370 -j DROP
- inet6/filter/logdrop-370 -j DROP
- inet/filter/limit-1102 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1102 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1102
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1102 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-370
+ inet6/filter/limit-1102 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-370 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-370 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1104 {"action":"pass","flow-limit":{"addr":"dest","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1103
- inet6/filter/INPUT -i eth0 -j limit-1103
inet/filter/limit-1103 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-371
- inet6/filter/limit-1103 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-371
+ inet/filter/limit-1103 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-371 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-371 -m limit --limit 1/second -j LOG
inet/filter/logdrop-371 -j DROP
- inet6/filter/logdrop-371 -j DROP
- inet/filter/limit-1103 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1103 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1103
+ inet6/filter/limit-1103 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-371
+ inet6/filter/limit-1103 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-371 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-371 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1105 {"flow-limit":{"addr":"dest","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1104
- inet6/filter/INPUT -i eth0 -j limit-1104
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1104 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-372
- inet6/filter/limit-1104 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-372
+ inet/filter/limit-1104 -j ACCEPT
inet/filter/logdrop-372 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-372 -m limit --limit 1/second -j LOG
inet/filter/logdrop-372 -j DROP
- inet6/filter/logdrop-372 -j DROP
- inet/filter/limit-1104 -j ACCEPT
- inet6/filter/limit-1104 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1104
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1104 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-372
+ inet6/filter/limit-1104 -j ACCEPT
+ inet6/filter/logdrop-372 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-372 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1106 {"action":"pass","flow-limit":{"addr":"dest","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-373
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-373
inet/filter/logdrop-373 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-373 -m limit --limit 1/second -j LOG
inet/filter/logdrop-373 -j DROP
- inet6/filter/logdrop-373 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-373
+ inet6/filter/logdrop-373 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-373 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1107 {"flow-limit":{"addr":"dest","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1106
- inet6/filter/INPUT -i eth0 -j limit-1106
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1106 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-374
- inet6/filter/limit-1106 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-374
+ inet/filter/limit-1106 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1106 -j ACCEPT
inet/filter/logdrop-374 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-374 -m limit --limit 1/second -j LOG
inet/filter/logdrop-374 -j DROP
- inet6/filter/logdrop-374 -j DROP
- inet/filter/limit-1106 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1106
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1106 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-374
inet6/filter/limit-1106 -m limit --limit 1/second -j LOG
- inet/filter/limit-1106 -j ACCEPT
inet6/filter/limit-1106 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-374 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-374 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1108 {"action":"pass","flow-limit":{"addr":"dest","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1107
- inet6/filter/INPUT -i eth0 -j limit-1107
inet/filter/limit-1107 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-375
- inet6/filter/limit-1107 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-375
+ inet/filter/limit-1107 -m limit --limit 1/second -j LOG
inet/filter/logdrop-375 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-375 -m limit --limit 1/second -j LOG
inet/filter/logdrop-375 -j DROP
- inet6/filter/logdrop-375 -j DROP
- inet/filter/limit-1107 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1107 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1107
+ inet6/filter/limit-1107 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-375
+ inet6/filter/limit-1107 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-375 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-375 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1109 {"flow-limit":{"addr":"dest","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1108
- inet6/filter/INPUT -i eth0 -j limit-1108
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1108 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-376
- inet6/filter/limit-1108 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-376
+ inet/filter/limit-1108 -j ACCEPT
inet/filter/logdrop-376 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-376 -m limit --limit 1/second -j LOG
inet/filter/logdrop-376 -j DROP
- inet6/filter/logdrop-376 -j DROP
- inet/filter/limit-1108 -j ACCEPT
- inet6/filter/limit-1108 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1108
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1108 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-376
+ inet6/filter/limit-1108 -j ACCEPT
+ inet6/filter/logdrop-376 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-376 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1110 {"action":"pass","flow-limit":{"addr":"dest","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j logdrop-377
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-377
inet/filter/logdrop-377 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-377 -m limit --limit 1/second -j LOG
inet/filter/logdrop-377 -j DROP
- inet6/filter/logdrop-377 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j logdrop-377
+ inet6/filter/logdrop-377 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-377 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1111 {"flow-limit":{"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1110
- inet6/filter/INPUT -i eth0 -j limit-1110
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1110 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-378
- inet6/filter/limit-1110 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-378
+ inet/filter/limit-1110 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-378 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-378 -m limit --limit 1/second -j LOG
inet/filter/logdrop-378 -j DROP
- inet6/filter/logdrop-378 -j DROP
- inet/filter/limit-1110 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1110 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1110
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1110 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-378
+ inet6/filter/limit-1110 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-378 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-378 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1112 {"action":"pass","flow-limit":{"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1111
- inet6/filter/INPUT -i eth0 -j limit-1111
inet/filter/limit-1111 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-379
- inet6/filter/limit-1111 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-379
+ inet/filter/limit-1111 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-379 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-379 -m limit --limit 1/second -j LOG
inet/filter/logdrop-379 -j DROP
- inet6/filter/logdrop-379 -j DROP
- inet/filter/limit-1111 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1111 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1111
+ inet6/filter/limit-1111 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-379
+ inet6/filter/limit-1111 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-379 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-379 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1113 {"flow-limit":{"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1112
- inet6/filter/INPUT -i eth0 -j limit-1112
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1112 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-380
- inet6/filter/limit-1112 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-380
+ inet/filter/limit-1112 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1112 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-380 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-380 -m limit --limit 1/second -j LOG
inet/filter/logdrop-380 -j DROP
- inet6/filter/logdrop-380 -j DROP
- inet/filter/limit-1112 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1112
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1112 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-380
inet6/filter/limit-1112 -m limit --limit 1/second -j LOG
- inet/filter/limit-1112 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-1112 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-380 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-380 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1114 {"action":"pass","flow-limit":{"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1113
- inet6/filter/INPUT -i eth0 -j limit-1113
inet/filter/limit-1113 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-381
- inet6/filter/limit-1113 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-381
+ inet/filter/limit-1113 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-381 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-381 -m limit --limit 1/second -j LOG
inet/filter/logdrop-381 -j DROP
- inet6/filter/logdrop-381 -j DROP
- inet/filter/limit-1113 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1113 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1113
+ inet6/filter/limit-1113 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-381
+ inet6/filter/limit-1113 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-381 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-381 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1115 {"flow-limit":{"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1114
- inet6/filter/INPUT -i eth0 -j limit-1114
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1114 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-382
- inet6/filter/limit-1114 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-382
+ inet/filter/limit-1114 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-382 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-382 -m limit --limit 1/second -j LOG
inet/filter/logdrop-382 -j DROP
- inet6/filter/logdrop-382 -j DROP
- inet/filter/limit-1114 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1114 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1114
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1114 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-382
+ inet6/filter/limit-1114 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-382 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-382 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1116 {"action":"pass","flow-limit":{"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1115
- inet6/filter/INPUT -i eth0 -j limit-1115
inet/filter/limit-1115 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-383
- inet6/filter/limit-1115 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-383
+ inet/filter/limit-1115 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-383 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-383 -m limit --limit 1/second -j LOG
inet/filter/logdrop-383 -j DROP
- inet6/filter/logdrop-383 -j DROP
- inet/filter/limit-1115 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1115 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1115
+ inet6/filter/limit-1115 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-383
+ inet6/filter/limit-1115 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-383 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-383 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1117 {"flow-limit":{"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1116
- inet6/filter/INPUT -i eth0 -j limit-1116
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1116 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-384
- inet6/filter/limit-1116 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-384
+ inet/filter/limit-1116 -j ACCEPT
inet/filter/logdrop-384 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-384 -m limit --limit 1/second -j LOG
inet/filter/logdrop-384 -j DROP
- inet6/filter/logdrop-384 -j DROP
- inet/filter/limit-1116 -j ACCEPT
- inet6/filter/limit-1116 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1116
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1116 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-384
+ inet6/filter/limit-1116 -j ACCEPT
+ inet6/filter/logdrop-384 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-384 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1118 {"action":"pass","flow-limit":{"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-385
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-385
inet/filter/logdrop-385 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-385 -m limit --limit 1/second -j LOG
inet/filter/logdrop-385 -j DROP
- inet6/filter/logdrop-385 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-385
+ inet6/filter/logdrop-385 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-385 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1119 {"flow-limit":{"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1118
- inet6/filter/INPUT -i eth0 -j limit-1118
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1118 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-386
- inet6/filter/limit-1118 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-386
+ inet/filter/limit-1118 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1118 -j ACCEPT
inet/filter/logdrop-386 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-386 -m limit --limit 1/second -j LOG
inet/filter/logdrop-386 -j DROP
- inet6/filter/logdrop-386 -j DROP
- inet/filter/limit-1118 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1118
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1118 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-386
inet6/filter/limit-1118 -m limit --limit 1/second -j LOG
- inet/filter/limit-1118 -j ACCEPT
inet6/filter/limit-1118 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-386 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-386 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1120 {"action":"pass","flow-limit":{"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1119
- inet6/filter/INPUT -i eth0 -j limit-1119
inet/filter/limit-1119 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-387
- inet6/filter/limit-1119 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-387
+ inet/filter/limit-1119 -m limit --limit 1/second -j LOG
inet/filter/logdrop-387 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-387 -m limit --limit 1/second -j LOG
inet/filter/logdrop-387 -j DROP
- inet6/filter/logdrop-387 -j DROP
- inet/filter/limit-1119 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1119 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1119
+ inet6/filter/limit-1119 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-387
+ inet6/filter/limit-1119 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-387 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-387 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1121 {"flow-limit":{"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1120
- inet6/filter/INPUT -i eth0 -j limit-1120
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1120 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-388
- inet6/filter/limit-1120 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-388
+ inet/filter/limit-1120 -j ACCEPT
inet/filter/logdrop-388 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-388 -m limit --limit 1/second -j LOG
inet/filter/logdrop-388 -j DROP
- inet6/filter/logdrop-388 -j DROP
- inet/filter/limit-1120 -j ACCEPT
- inet6/filter/limit-1120 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1120
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1120 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-388
+ inet6/filter/limit-1120 -j ACCEPT
+ inet6/filter/logdrop-388 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-388 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1122 {"action":"pass","flow-limit":{"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-389
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-389
inet/filter/logdrop-389 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-389 -m limit --limit 1/second -j LOG
inet/filter/logdrop-389 -j DROP
- inet6/filter/logdrop-389 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-389
+ inet6/filter/logdrop-389 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-389 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1123 {"flow-limit":{"addr":"dest","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1122
- inet6/filter/INPUT -i eth0 -j limit-1122
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1122 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-390
- inet6/filter/limit-1122 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-390
+ inet/filter/limit-1122 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-390 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-390 -m limit --limit 1/second -j LOG
inet/filter/logdrop-390 -j DROP
- inet6/filter/logdrop-390 -j DROP
- inet/filter/limit-1122 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1122 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1122
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1122 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-390
+ inet6/filter/limit-1122 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-390 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-390 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1124 {"action":"pass","flow-limit":{"addr":"dest","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1123
- inet6/filter/INPUT -i eth0 -j limit-1123
inet/filter/limit-1123 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-391
- inet6/filter/limit-1123 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-391
+ inet/filter/limit-1123 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-391 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-391 -m limit --limit 1/second -j LOG
inet/filter/logdrop-391 -j DROP
- inet6/filter/logdrop-391 -j DROP
- inet/filter/limit-1123 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1123 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1123
+ inet6/filter/limit-1123 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-391
+ inet6/filter/limit-1123 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-391 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-391 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1125 {"flow-limit":{"addr":"dest","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1124
- inet6/filter/INPUT -i eth0 -j limit-1124
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1124 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-392
- inet6/filter/limit-1124 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-392
+ inet/filter/limit-1124 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1124 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-392 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-392 -m limit --limit 1/second -j LOG
inet/filter/logdrop-392 -j DROP
- inet6/filter/logdrop-392 -j DROP
- inet/filter/limit-1124 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1124
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1124 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-392
inet6/filter/limit-1124 -m limit --limit 1/second -j LOG
- inet/filter/limit-1124 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-1124 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-392 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-392 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1126 {"action":"pass","flow-limit":{"addr":"dest","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1125
- inet6/filter/INPUT -i eth0 -j limit-1125
inet/filter/limit-1125 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-393
- inet6/filter/limit-1125 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-393
+ inet/filter/limit-1125 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-393 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-393 -m limit --limit 1/second -j LOG
inet/filter/logdrop-393 -j DROP
- inet6/filter/logdrop-393 -j DROP
- inet/filter/limit-1125 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1125 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1125
+ inet6/filter/limit-1125 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-393
+ inet6/filter/limit-1125 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-393 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-393 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1127 {"flow-limit":{"addr":"dest","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1126
- inet6/filter/INPUT -i eth0 -j limit-1126
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1126 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-394
- inet6/filter/limit-1126 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-394
+ inet/filter/limit-1126 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-394 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-394 -m limit --limit 1/second -j LOG
inet/filter/logdrop-394 -j DROP
- inet6/filter/logdrop-394 -j DROP
- inet/filter/limit-1126 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1126 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1126
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1126 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-394
+ inet6/filter/limit-1126 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-394 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-394 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1128 {"action":"pass","flow-limit":{"addr":"dest","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1127
- inet6/filter/INPUT -i eth0 -j limit-1127
inet/filter/limit-1127 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j logdrop-395
- inet6/filter/limit-1127 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-395
+ inet/filter/limit-1127 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-395 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-395 -m limit --limit 1/second -j LOG
inet/filter/logdrop-395 -j DROP
- inet6/filter/logdrop-395 -j DROP
- inet/filter/limit-1127 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1127 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1127
+ inet6/filter/limit-1127 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j logdrop-395
+ inet6/filter/limit-1127 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-395 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-395 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1129 {"flow-limit":{"addr":"dest","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1128
- inet6/filter/INPUT -i eth0 -j limit-1128
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1128 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-396
- inet6/filter/limit-1128 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-396
+ inet/filter/limit-1128 -j ACCEPT
inet/filter/logdrop-396 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-396 -m limit --limit 1/second -j LOG
inet/filter/logdrop-396 -j DROP
- inet6/filter/logdrop-396 -j DROP
- inet/filter/limit-1128 -j ACCEPT
- inet6/filter/limit-1128 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1128
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1128 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-396
+ inet6/filter/limit-1128 -j ACCEPT
+ inet6/filter/logdrop-396 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-396 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1130 {"action":"pass","flow-limit":{"addr":"dest","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-397
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-397
inet/filter/logdrop-397 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-397 -m limit --limit 1/second -j LOG
inet/filter/logdrop-397 -j DROP
- inet6/filter/logdrop-397 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-397
+ inet6/filter/logdrop-397 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-397 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1131 {"flow-limit":{"addr":"dest","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1130
- inet6/filter/INPUT -i eth0 -j limit-1130
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1130 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-398
- inet6/filter/limit-1130 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-398
+ inet/filter/limit-1130 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1130 -j ACCEPT
inet/filter/logdrop-398 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-398 -m limit --limit 1/second -j LOG
inet/filter/logdrop-398 -j DROP
- inet6/filter/logdrop-398 -j DROP
- inet/filter/limit-1130 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1130
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1130 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-398
inet6/filter/limit-1130 -m limit --limit 1/second -j LOG
- inet/filter/limit-1130 -j ACCEPT
inet6/filter/limit-1130 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-398 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-398 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1132 {"action":"pass","flow-limit":{"addr":"dest","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1131
- inet6/filter/INPUT -i eth0 -j limit-1131
inet/filter/limit-1131 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-399
- inet6/filter/limit-1131 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-399
+ inet/filter/limit-1131 -m limit --limit 1/second -j LOG
inet/filter/logdrop-399 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-399 -m limit --limit 1/second -j LOG
inet/filter/logdrop-399 -j DROP
- inet6/filter/logdrop-399 -j DROP
- inet/filter/limit-1131 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1131 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1131
+ inet6/filter/limit-1131 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-399
+ inet6/filter/limit-1131 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-399 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-399 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1133 {"flow-limit":{"addr":"dest","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1132
- inet6/filter/INPUT -i eth0 -j limit-1132
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1132 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-400
- inet6/filter/limit-1132 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-400
+ inet/filter/limit-1132 -j ACCEPT
inet/filter/logdrop-400 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-400 -m limit --limit 1/second -j LOG
inet/filter/logdrop-400 -j DROP
- inet6/filter/logdrop-400 -j DROP
- inet/filter/limit-1132 -j ACCEPT
- inet6/filter/limit-1132 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1132
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1132 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-400
+ inet6/filter/limit-1132 -j ACCEPT
+ inet6/filter/logdrop-400 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-400 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1134 {"action":"pass","flow-limit":{"addr":"dest","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j logdrop-401
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-401
inet/filter/logdrop-401 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-401 -m limit --limit 1/second -j LOG
inet/filter/logdrop-401 -j DROP
- inet6/filter/logdrop-401 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j logdrop-401
+ inet6/filter/logdrop-401 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-401 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1135 {"flow-limit":{"log":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1134
- inet6/filter/INPUT -i eth0 -j limit-1134
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1134 -m recent --name limit-1134 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1134 -m recent --name limit-1134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1134 -m recent --name limit-1134 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1134 -m recent --name limit-1134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1134
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1134 -m recent --name limit-1134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1134 -m recent --name limit-1134 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1136 {"action":"pass","flow-limit":{"log":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1135
- inet6/filter/INPUT -i eth0 -j limit-1135
inet/filter/limit-1135 -m recent --name limit-1135 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1135 -m recent --name limit-1135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1135 -m recent --name limit-1135 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1135 -m recent --name limit-1135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1135
+ inet6/filter/limit-1135 -m recent --name limit-1135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1135 -m recent --name limit-1135 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1137 {"flow-limit":{"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1136
- inet6/filter/INPUT -i eth0 -j limit-1136
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1136 -m recent --name limit-1136 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1136 -m recent --name limit-1136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1136 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1136 -m limit --limit 1/second -j LOG
inet/filter/limit-1136 -m recent --name limit-1136 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1136 -m recent --name limit-1136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1136
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1136 -m recent --name limit-1136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1136 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1136 -m recent --name limit-1136 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1138 {"action":"pass","flow-limit":{"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1137
- inet6/filter/INPUT -i eth0 -j limit-1137
inet/filter/limit-1137 -m recent --name limit-1137 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1137 -m recent --name limit-1137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1137 -m recent --name limit-1137 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1137 -m recent --name limit-1137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1137
+ inet6/filter/limit-1137 -m recent --name limit-1137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1137 -m recent --name limit-1137 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1139 {"flow-limit":{"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1138
- inet6/filter/INPUT -i eth0 -j limit-1138
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1138 -m recent --name limit-1138 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1138 -m recent --name limit-1138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1138 -m recent --name limit-1138 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1138 -m recent --name limit-1138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1138
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1138 -m recent --name limit-1138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1138 -m recent --name limit-1138 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1140 {"action":"pass","flow-limit":{"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1139
- inet6/filter/INPUT -i eth0 -j limit-1139
inet/filter/limit-1139 -m recent --name limit-1139 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1139 -m recent --name limit-1139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1139 -m recent --name limit-1139 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1139 -m recent --name limit-1139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1139
+ inet6/filter/limit-1139 -m recent --name limit-1139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1139 -m recent --name limit-1139 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1141 {"flow-limit":{"log":false,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1140
- inet6/filter/INPUT -i eth0 -j limit-1140
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1140 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1140 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1140 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1140 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1140
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1140 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1140 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1142 {"action":"pass","flow-limit":{"log":false,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1141
- inet6/filter/INPUT -i eth0 -j limit-1141
inet/filter/limit-1141 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1141 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1141 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1141 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1141
+ inet6/filter/limit-1141 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1141 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1143 {"flow-limit":{"log":false,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1142
- inet6/filter/INPUT -i eth0 -j limit-1142
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1142 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1142 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1142 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1142 -m limit --limit 1/second -j LOG
inet/filter/limit-1142 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1142 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1142
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1142 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1142 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1142 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1144 {"action":"pass","flow-limit":{"log":false,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1143
- inet6/filter/INPUT -i eth0 -j limit-1143
inet/filter/limit-1143 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1143 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1143 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1143 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1143
+ inet6/filter/limit-1143 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1143 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1145 {"flow-limit":{"log":false,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1144
- inet6/filter/INPUT -i eth0 -j limit-1144
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1144 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1144 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1144 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1144 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1144
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1144 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1144 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1146 {"action":"pass","flow-limit":{"log":false,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1145
- inet6/filter/INPUT -i eth0 -j limit-1145
inet/filter/limit-1145 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1145 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1145 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1145 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1145
+ inet6/filter/limit-1145 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1145 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1147 {"flow-limit":{"log":false,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1146
- inet6/filter/INPUT -i eth0 -j limit-1146
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1146 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1146 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1146 -j ACCEPT
- inet6/filter/limit-1146 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1146
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1146 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1146 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1148 {"action":"pass","flow-limit":{"log":false,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1149 {"flow-limit":{"log":false,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1148
- inet6/filter/INPUT -i eth0 -j limit-1148
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1148 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1148 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1148 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1148 -m limit --limit 1/second -j LOG
inet/filter/limit-1148 -j ACCEPT
- inet6/filter/limit-1148 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1148
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1148 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1148 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1148 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1150 {"action":"pass","flow-limit":{"log":false,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1149
- inet6/filter/INPUT -i eth0 -j limit-1149
inet/filter/limit-1149 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1149 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1149 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1149 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1149
+ inet6/filter/limit-1149 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1149 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1151 {"flow-limit":{"log":false,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1150
- inet6/filter/INPUT -i eth0 -j limit-1150
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1150 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1150 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1150 -j ACCEPT
- inet6/filter/limit-1150 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1150
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1150 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1150 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1152 {"action":"pass","flow-limit":{"log":false,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1153 {"flow-limit":{"addr":"dest","log":false,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1152
- inet6/filter/INPUT -i eth0 -j limit-1152
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1152 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1152 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1152 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1152 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1152
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1152 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1152 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1154 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1153
- inet6/filter/INPUT -i eth0 -j limit-1153
inet/filter/limit-1153 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1153 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1153 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1153 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1153
+ inet6/filter/limit-1153 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1153 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1155 {"flow-limit":{"addr":"dest","log":false,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1154
- inet6/filter/INPUT -i eth0 -j limit-1154
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1154 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1154 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1154 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1154 -m limit --limit 1/second -j LOG
inet/filter/limit-1154 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1154 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1154
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1154 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1154 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1154 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1156 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1155
- inet6/filter/INPUT -i eth0 -j limit-1155
inet/filter/limit-1155 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1155 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1155 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1155 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1155
+ inet6/filter/limit-1155 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1155 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1157 {"flow-limit":{"addr":"dest","log":false,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1156
- inet6/filter/INPUT -i eth0 -j limit-1156
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1156 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1156 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1156 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1156 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1156
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1156 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1156 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1158 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1157
- inet6/filter/INPUT -i eth0 -j limit-1157
inet/filter/limit-1157 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1157 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1157 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1157 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1157
+ inet6/filter/limit-1157 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1157 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1159 {"flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1158
- inet6/filter/INPUT -i eth0 -j limit-1158
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1158 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1158 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1158 -j ACCEPT
- inet6/filter/limit-1158 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1158
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1158 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1158 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1160 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1161 {"flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1160
- inet6/filter/INPUT -i eth0 -j limit-1160
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1160 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1160 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1160 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1160 -m limit --limit 1/second -j LOG
inet/filter/limit-1160 -j ACCEPT
- inet6/filter/limit-1160 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1160
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1160 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1160 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1160 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1162 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1161
- inet6/filter/INPUT -i eth0 -j limit-1161
inet/filter/limit-1161 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1161 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1161 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1161 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1161
+ inet6/filter/limit-1161 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1161 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1163 {"flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1162
- inet6/filter/INPUT -i eth0 -j limit-1162
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1162 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1162 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1162 -j ACCEPT
- inet6/filter/limit-1162 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1162
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1162 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1162 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1164 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1165 {"flow-limit":{"log":false,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1164
- inet6/filter/INPUT -i eth0 -j limit-1164
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1164 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1164 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1164 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1164 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1164
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1164 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1164 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1166 {"action":"pass","flow-limit":{"log":false,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1165
- inet6/filter/INPUT -i eth0 -j limit-1165
inet/filter/limit-1165 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1165 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1165 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1165 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1165
+ inet6/filter/limit-1165 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1165 -m recent --name user:C --rsource --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1167 {"flow-limit":{"log":false,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1166
- inet6/filter/INPUT -i eth0 -j limit-1166
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1166 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1166 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1166 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1166 -m limit --limit 1/second -j LOG
inet/filter/limit-1166 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1166 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1166
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1166 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1166 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1166 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1168 {"action":"pass","flow-limit":{"log":false,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1167
- inet6/filter/INPUT -i eth0 -j limit-1167
inet/filter/limit-1167 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1167 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1167 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1167 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1167
+ inet6/filter/limit-1167 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1167 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1169 {"flow-limit":{"log":false,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1168
- inet6/filter/INPUT -i eth0 -j limit-1168
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1168 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1168 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1168 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1168 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1168
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1168 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1168 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1170 {"action":"pass","flow-limit":{"log":false,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1169
- inet6/filter/INPUT -i eth0 -j limit-1169
inet/filter/limit-1169 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1169 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1169 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1169 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1169
+ inet6/filter/limit-1169 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1169 -m recent --name user:C --rsource --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1171 {"flow-limit":{"log":false,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1170
- inet6/filter/INPUT -i eth0 -j limit-1170
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1170 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1170 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1170 -j ACCEPT
- inet6/filter/limit-1170 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1170
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1170 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1170 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1172 {"action":"pass","flow-limit":{"log":false,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1173 {"flow-limit":{"log":false,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1172
- inet6/filter/INPUT -i eth0 -j limit-1172
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1172 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1172 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1172 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1172 -m limit --limit 1/second -j LOG
inet/filter/limit-1172 -j ACCEPT
- inet6/filter/limit-1172 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1172
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1172 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1172 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1172 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1174 {"action":"pass","flow-limit":{"log":false,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1173
- inet6/filter/INPUT -i eth0 -j limit-1173
inet/filter/limit-1173 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1173 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1173 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1173 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1173
+ inet6/filter/limit-1173 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1173 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1175 {"flow-limit":{"log":false,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1174
- inet6/filter/INPUT -i eth0 -j limit-1174
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1174 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1174 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1174 -j ACCEPT
- inet6/filter/limit-1174 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1174
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1174 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1174 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1176 {"action":"pass","flow-limit":{"log":false,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1177 {"flow-limit":{"addr":"dest","log":false,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1176
- inet6/filter/INPUT -i eth0 -j limit-1176
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1176 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1176 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1176 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1176 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1176
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1176 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1176 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1178 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1177
- inet6/filter/INPUT -i eth0 -j limit-1177
inet/filter/limit-1177 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1177 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1177 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1177 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1177
+ inet6/filter/limit-1177 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1177 -m recent --name user:C --rdest --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1179 {"flow-limit":{"addr":"dest","log":false,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1178
- inet6/filter/INPUT -i eth0 -j limit-1178
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1178 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1178 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1178 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1178 -m limit --limit 1/second -j LOG
inet/filter/limit-1178 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1178 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1178
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1178 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1178 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1178 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1180 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1179
- inet6/filter/INPUT -i eth0 -j limit-1179
inet/filter/limit-1179 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1179 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1179 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1179 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1179
+ inet6/filter/limit-1179 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1179 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1181 {"flow-limit":{"addr":"dest","log":false,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1180
- inet6/filter/INPUT -i eth0 -j limit-1180
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1180 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1180 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1180 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1180 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1180
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1180 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1180 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1182 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1181
- inet6/filter/INPUT -i eth0 -j limit-1181
inet/filter/limit-1181 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1181 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1181 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1181 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1181
+ inet6/filter/limit-1181 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1181 -m recent --name user:C --rdest --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1183 {"flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1182
- inet6/filter/INPUT -i eth0 -j limit-1182
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1182 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1182 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1182 -j ACCEPT
- inet6/filter/limit-1182 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1182
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1182 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1182 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1184 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1185 {"flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1184
- inet6/filter/INPUT -i eth0 -j limit-1184
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1184 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1184 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1184 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1184 -m limit --limit 1/second -j LOG
inet/filter/limit-1184 -j ACCEPT
- inet6/filter/limit-1184 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1184
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1184 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1184 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1184 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1186 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1185
- inet6/filter/INPUT -i eth0 -j limit-1185
inet/filter/limit-1185 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1185 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1185 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1185 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1185
+ inet6/filter/limit-1185 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1185 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1187 {"flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1186
- inet6/filter/INPUT -i eth0 -j limit-1186
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1186 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1186 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1186 -j ACCEPT
- inet6/filter/limit-1186 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1186
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1186 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1186 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1188 {"action":"pass","flow-limit":{"addr":"dest","log":false,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1189 {"flow-limit":{"log":"none"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1188
- inet6/filter/INPUT -i eth0 -j limit-1188
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1188 -m recent --name limit-1188 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1188 -m recent --name limit-1188 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1188 -m recent --name limit-1188 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1188 -m recent --name limit-1188 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1188
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1188 -m recent --name limit-1188 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1188 -m recent --name limit-1188 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1190 {"action":"pass","flow-limit":{"log":"none"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1189
- inet6/filter/INPUT -i eth0 -j limit-1189
inet/filter/limit-1189 -m recent --name limit-1189 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1189 -m recent --name limit-1189 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1189 -m recent --name limit-1189 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1189 -m recent --name limit-1189 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1189
+ inet6/filter/limit-1189 -m recent --name limit-1189 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1189 -m recent --name limit-1189 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1191 {"flow-limit":{"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1190
- inet6/filter/INPUT -i eth0 -j limit-1190
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1190 -m recent --name limit-1190 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1190 -m recent --name limit-1190 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1190 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1190 -m limit --limit 1/second -j LOG
inet/filter/limit-1190 -m recent --name limit-1190 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1190 -m recent --name limit-1190 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1190
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1190 -m recent --name limit-1190 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1190 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1190 -m recent --name limit-1190 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1192 {"action":"pass","flow-limit":{"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1191
- inet6/filter/INPUT -i eth0 -j limit-1191
inet/filter/limit-1191 -m recent --name limit-1191 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1191 -m recent --name limit-1191 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1191 -m recent --name limit-1191 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1191 -m recent --name limit-1191 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1191
+ inet6/filter/limit-1191 -m recent --name limit-1191 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1191 -m recent --name limit-1191 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1193 {"flow-limit":{"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1192
- inet6/filter/INPUT -i eth0 -j limit-1192
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1192 -m recent --name limit-1192 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1192 -m recent --name limit-1192 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1192 -m recent --name limit-1192 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1192 -m recent --name limit-1192 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1192
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1192 -m recent --name limit-1192 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1192 -m recent --name limit-1192 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1194 {"action":"pass","flow-limit":{"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1193
- inet6/filter/INPUT -i eth0 -j limit-1193
inet/filter/limit-1193 -m recent --name limit-1193 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1193 -m recent --name limit-1193 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1193 -m recent --name limit-1193 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1193 -m recent --name limit-1193 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1193
+ inet6/filter/limit-1193 -m recent --name limit-1193 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1193 -m recent --name limit-1193 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1195 {"flow-limit":{"log":"none","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1194
- inet6/filter/INPUT -i eth0 -j limit-1194
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1194 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1194 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1194 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1194 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1194
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1194 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1194 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1196 {"action":"pass","flow-limit":{"log":"none","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1195
- inet6/filter/INPUT -i eth0 -j limit-1195
inet/filter/limit-1195 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1195 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1195 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1195 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1195
+ inet6/filter/limit-1195 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1195 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1197 {"flow-limit":{"log":"none","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1196
- inet6/filter/INPUT -i eth0 -j limit-1196
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1196 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1196 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1196 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1196 -m limit --limit 1/second -j LOG
inet/filter/limit-1196 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1196 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1196
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1196 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1196 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1196 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1198 {"action":"pass","flow-limit":{"log":"none","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1197
- inet6/filter/INPUT -i eth0 -j limit-1197
inet/filter/limit-1197 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1197 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1197 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1197 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1197
+ inet6/filter/limit-1197 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1197 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1199 {"flow-limit":{"log":"none","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1198
- inet6/filter/INPUT -i eth0 -j limit-1198
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1198 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1198 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1198 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1198 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1198
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1198 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1198 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1200 {"action":"pass","flow-limit":{"log":"none","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1199
- inet6/filter/INPUT -i eth0 -j limit-1199
inet/filter/limit-1199 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1199 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1199 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1199 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1199
+ inet6/filter/limit-1199 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1199 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1201 {"flow-limit":{"log":"none","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1200
- inet6/filter/INPUT -i eth0 -j limit-1200
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1200 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1200 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1200 -j ACCEPT
- inet6/filter/limit-1200 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1200
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1200 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1200 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1202 {"action":"pass","flow-limit":{"log":"none","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1203 {"flow-limit":{"log":"none","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1202
- inet6/filter/INPUT -i eth0 -j limit-1202
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1202 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1202 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1202 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1202 -m limit --limit 1/second -j LOG
inet/filter/limit-1202 -j ACCEPT
- inet6/filter/limit-1202 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1202
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1202 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1202 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1202 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1204 {"action":"pass","flow-limit":{"log":"none","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1203
- inet6/filter/INPUT -i eth0 -j limit-1203
inet/filter/limit-1203 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1203 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1203 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1203 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1203
+ inet6/filter/limit-1203 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1203 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1205 {"flow-limit":{"log":"none","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1204
- inet6/filter/INPUT -i eth0 -j limit-1204
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1204 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1204 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1204 -j ACCEPT
- inet6/filter/limit-1204 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1204
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1204 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1204 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1206 {"action":"pass","flow-limit":{"log":"none","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1207 {"flow-limit":{"addr":"dest","log":"none","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1206
- inet6/filter/INPUT -i eth0 -j limit-1206
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1206 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1206 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1206 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1206 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1206
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1206 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1206 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1208 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1207
- inet6/filter/INPUT -i eth0 -j limit-1207
inet/filter/limit-1207 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1207 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1207 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1207 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1207
+ inet6/filter/limit-1207 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1207 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1209 {"flow-limit":{"addr":"dest","log":"none","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1208
- inet6/filter/INPUT -i eth0 -j limit-1208
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1208 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1208 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1208 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1208 -m limit --limit 1/second -j LOG
inet/filter/limit-1208 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1208 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1208
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1208 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1208 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1208 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1210 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1209
- inet6/filter/INPUT -i eth0 -j limit-1209
inet/filter/limit-1209 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1209 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1209 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1209 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1209
+ inet6/filter/limit-1209 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1209 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1211 {"flow-limit":{"addr":"dest","log":"none","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1210
- inet6/filter/INPUT -i eth0 -j limit-1210
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1210 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1210 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1210 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1210 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1210
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1210 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1210 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1212 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1211
- inet6/filter/INPUT -i eth0 -j limit-1211
inet/filter/limit-1211 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1211 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1211 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1211 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1211
+ inet6/filter/limit-1211 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1211 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1213 {"flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1212
- inet6/filter/INPUT -i eth0 -j limit-1212
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1212 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1212 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1212 -j ACCEPT
- inet6/filter/limit-1212 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1212
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1212 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1212 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1214 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1215 {"flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1214
- inet6/filter/INPUT -i eth0 -j limit-1214
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1214 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1214 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1214 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1214 -m limit --limit 1/second -j LOG
inet/filter/limit-1214 -j ACCEPT
- inet6/filter/limit-1214 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1214
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1214 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1214 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1214 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1216 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1215
- inet6/filter/INPUT -i eth0 -j limit-1215
inet/filter/limit-1215 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1215 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1215 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1215 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1215
+ inet6/filter/limit-1215 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1215 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1217 {"flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1216
- inet6/filter/INPUT -i eth0 -j limit-1216
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1216 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1216 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1216 -j ACCEPT
- inet6/filter/limit-1216 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1216
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1216 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1216 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1218 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1219 {"flow-limit":{"log":"none","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1218
- inet6/filter/INPUT -i eth0 -j limit-1218
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1218 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1218 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1218 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1218 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1218
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1218 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1218 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1220 {"action":"pass","flow-limit":{"log":"none","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1219
- inet6/filter/INPUT -i eth0 -j limit-1219
inet/filter/limit-1219 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1219 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1219 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1219 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1219
+ inet6/filter/limit-1219 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1219 -m recent --name user:C --rsource --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1221 {"flow-limit":{"log":"none","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1220
- inet6/filter/INPUT -i eth0 -j limit-1220
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1220 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1220 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1220 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1220 -m limit --limit 1/second -j LOG
inet/filter/limit-1220 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1220 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1220
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1220 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1220 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1220 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1222 {"action":"pass","flow-limit":{"log":"none","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1221
- inet6/filter/INPUT -i eth0 -j limit-1221
inet/filter/limit-1221 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1221 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1221 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1221 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1221
+ inet6/filter/limit-1221 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1221 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1223 {"flow-limit":{"log":"none","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1222
- inet6/filter/INPUT -i eth0 -j limit-1222
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1222 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1222 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1222 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1222 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1222
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1222 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1222 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1224 {"action":"pass","flow-limit":{"log":"none","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1223
- inet6/filter/INPUT -i eth0 -j limit-1223
inet/filter/limit-1223 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1223 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1223 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1223 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1223
+ inet6/filter/limit-1223 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1223 -m recent --name user:C --rsource --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1225 {"flow-limit":{"log":"none","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1224
- inet6/filter/INPUT -i eth0 -j limit-1224
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1224 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1224 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1224 -j ACCEPT
- inet6/filter/limit-1224 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1224
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1224 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1224 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1226 {"action":"pass","flow-limit":{"log":"none","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1227 {"flow-limit":{"log":"none","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1226
- inet6/filter/INPUT -i eth0 -j limit-1226
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1226 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1226 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1226 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1226 -m limit --limit 1/second -j LOG
inet/filter/limit-1226 -j ACCEPT
- inet6/filter/limit-1226 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1226
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1226 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1226 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1226 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1228 {"action":"pass","flow-limit":{"log":"none","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1227
- inet6/filter/INPUT -i eth0 -j limit-1227
inet/filter/limit-1227 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1227 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1227 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1227 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1227
+ inet6/filter/limit-1227 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1227 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1229 {"flow-limit":{"log":"none","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1228
- inet6/filter/INPUT -i eth0 -j limit-1228
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1228 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1228 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1228 -j ACCEPT
- inet6/filter/limit-1228 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1228
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1228 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1228 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1230 {"action":"pass","flow-limit":{"log":"none","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1231 {"flow-limit":{"addr":"dest","log":"none","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1230
- inet6/filter/INPUT -i eth0 -j limit-1230
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1230 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1230 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1230 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1230 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1230
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1230 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1230 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1232 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1231
- inet6/filter/INPUT -i eth0 -j limit-1231
inet/filter/limit-1231 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1231 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1231 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1231 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1231
+ inet6/filter/limit-1231 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1231 -m recent --name user:C --rdest --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1233 {"flow-limit":{"addr":"dest","log":"none","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1232
- inet6/filter/INPUT -i eth0 -j limit-1232
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1232 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1232 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1232 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1232 -m limit --limit 1/second -j LOG
inet/filter/limit-1232 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1232 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1232
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1232 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1232 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1232 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1234 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1233
- inet6/filter/INPUT -i eth0 -j limit-1233
inet/filter/limit-1233 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1233 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1233 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1233 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1233
+ inet6/filter/limit-1233 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1233 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1235 {"flow-limit":{"addr":"dest","log":"none","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1234
- inet6/filter/INPUT -i eth0 -j limit-1234
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1234 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1234 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1234 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1234 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1234
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1234 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1234 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1236 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1235
- inet6/filter/INPUT -i eth0 -j limit-1235
inet/filter/limit-1235 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1235 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1235 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1235 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1235
+ inet6/filter/limit-1235 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1235 -m recent --name user:C --rdest --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1237 {"flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1236
- inet6/filter/INPUT -i eth0 -j limit-1236
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1236 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1236 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1236 -j ACCEPT
- inet6/filter/limit-1236 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1236
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1236 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1236 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1238 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1239 {"flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1238
- inet6/filter/INPUT -i eth0 -j limit-1238
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1238 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1238 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1238 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1238 -m limit --limit 1/second -j LOG
inet/filter/limit-1238 -j ACCEPT
- inet6/filter/limit-1238 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1238
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1238 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1238 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1238 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1240 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1239
- inet6/filter/INPUT -i eth0 -j limit-1239
inet/filter/limit-1239 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1239 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1239 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1239 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1239
+ inet6/filter/limit-1239 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1239 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1241 {"flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1240
- inet6/filter/INPUT -i eth0 -j limit-1240
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1240 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/limit-1240 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/filter/limit-1240 -j ACCEPT
- inet6/filter/limit-1240 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1240
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1240 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
+ inet6/filter/limit-1240 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1242 {"action":"pass","flow-limit":{"addr":"dest","log":"none","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 1 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 1 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1243 {"flow-limit":{"interval":5},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1242
- inet6/filter/INPUT -i eth0 -j limit-1242
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1242 -m recent --name limit-1242 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-402
- inet6/filter/limit-1242 -m recent --name limit-1242 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-402
+ inet/filter/limit-1242 -m recent --name limit-1242 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-402 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-402 -m limit --limit 1/second -j LOG
inet/filter/logdrop-402 -j DROP
- inet6/filter/logdrop-402 -j DROP
- inet/filter/limit-1242 -m recent --name limit-1242 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1242 -m recent --name limit-1242 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1242
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1242 -m recent --name limit-1242 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-402
+ inet6/filter/limit-1242 -m recent --name limit-1242 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-402 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-402 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1244 {"action":"pass","flow-limit":{"interval":5},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1243
- inet6/filter/INPUT -i eth0 -j limit-1243
inet/filter/limit-1243 -m recent --name limit-1243 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-403
- inet6/filter/limit-1243 -m recent --name limit-1243 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-403
+ inet/filter/limit-1243 -m recent --name limit-1243 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-403 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-403 -m limit --limit 1/second -j LOG
inet/filter/logdrop-403 -j DROP
- inet6/filter/logdrop-403 -j DROP
- inet/filter/limit-1243 -m recent --name limit-1243 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1243 -m recent --name limit-1243 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1243
+ inet6/filter/limit-1243 -m recent --name limit-1243 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-403
+ inet6/filter/limit-1243 -m recent --name limit-1243 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-403 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-403 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1245 {"flow-limit":{"interval":5},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1244
- inet6/filter/INPUT -i eth0 -j limit-1244
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1244 -m recent --name limit-1244 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-404
- inet6/filter/limit-1244 -m recent --name limit-1244 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-404
+ inet/filter/limit-1244 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1244 -m recent --name limit-1244 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-404 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-404 -m limit --limit 1/second -j LOG
inet/filter/logdrop-404 -j DROP
- inet6/filter/logdrop-404 -j DROP
- inet/filter/limit-1244 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1244
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1244 -m recent --name limit-1244 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-404
inet6/filter/limit-1244 -m limit --limit 1/second -j LOG
- inet/filter/limit-1244 -m recent --name limit-1244 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-1244 -m recent --name limit-1244 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-404 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-404 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1246 {"action":"pass","flow-limit":{"interval":5},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1245
- inet6/filter/INPUT -i eth0 -j limit-1245
inet/filter/limit-1245 -m recent --name limit-1245 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-405
- inet6/filter/limit-1245 -m recent --name limit-1245 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-405
+ inet/filter/limit-1245 -m recent --name limit-1245 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-405 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-405 -m limit --limit 1/second -j LOG
inet/filter/logdrop-405 -j DROP
- inet6/filter/logdrop-405 -j DROP
- inet/filter/limit-1245 -m recent --name limit-1245 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1245 -m recent --name limit-1245 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1245
+ inet6/filter/limit-1245 -m recent --name limit-1245 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-405
+ inet6/filter/limit-1245 -m recent --name limit-1245 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-405 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-405 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1247 {"flow-limit":{"interval":5},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1246
- inet6/filter/INPUT -i eth0 -j limit-1246
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1246 -m recent --name limit-1246 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-406
- inet6/filter/limit-1246 -m recent --name limit-1246 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-406
+ inet/filter/limit-1246 -m recent --name limit-1246 --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-406 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-406 -m limit --limit 1/second -j LOG
inet/filter/logdrop-406 -j DROP
- inet6/filter/logdrop-406 -j DROP
- inet/filter/limit-1246 -m recent --name limit-1246 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1246 -m recent --name limit-1246 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1246
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1246 -m recent --name limit-1246 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-406
+ inet6/filter/limit-1246 -m recent --name limit-1246 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-406 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-406 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1248 {"action":"pass","flow-limit":{"interval":5},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1247
- inet6/filter/INPUT -i eth0 -j limit-1247
inet/filter/limit-1247 -m recent --name limit-1247 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-407
- inet6/filter/limit-1247 -m recent --name limit-1247 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-407
+ inet/filter/limit-1247 -m recent --name limit-1247 --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-407 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-407 -m limit --limit 1/second -j LOG
inet/filter/logdrop-407 -j DROP
- inet6/filter/logdrop-407 -j DROP
- inet/filter/limit-1247 -m recent --name limit-1247 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1247 -m recent --name limit-1247 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1247
+ inet6/filter/limit-1247 -m recent --name limit-1247 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-407
+ inet6/filter/limit-1247 -m recent --name limit-1247 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-407 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-407 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1249 {"flow-limit":{"interval":5,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1248
- inet6/filter/INPUT -i eth0 -j limit-1248
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1248 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-408
- inet6/filter/limit-1248 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-408
+ inet/filter/limit-1248 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-408 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-408 -m limit --limit 1/second -j LOG
inet/filter/logdrop-408 -j DROP
- inet6/filter/logdrop-408 -j DROP
- inet/filter/limit-1248 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1248 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1248
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1248 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-408
+ inet6/filter/limit-1248 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-408 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-408 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1250 {"action":"pass","flow-limit":{"interval":5,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1249
- inet6/filter/INPUT -i eth0 -j limit-1249
inet/filter/limit-1249 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-409
- inet6/filter/limit-1249 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-409
+ inet/filter/limit-1249 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-409 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-409 -m limit --limit 1/second -j LOG
inet/filter/logdrop-409 -j DROP
- inet6/filter/logdrop-409 -j DROP
- inet/filter/limit-1249 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1249 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1249
+ inet6/filter/limit-1249 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-409
+ inet6/filter/limit-1249 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-409 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-409 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1251 {"flow-limit":{"interval":5,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1250
- inet6/filter/INPUT -i eth0 -j limit-1250
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1250 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-410
- inet6/filter/limit-1250 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-410
+ inet/filter/limit-1250 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1250 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-410 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-410 -m limit --limit 1/second -j LOG
inet/filter/logdrop-410 -j DROP
- inet6/filter/logdrop-410 -j DROP
- inet/filter/limit-1250 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1250
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1250 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-410
inet6/filter/limit-1250 -m limit --limit 1/second -j LOG
- inet/filter/limit-1250 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-1250 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-410 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-410 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1252 {"action":"pass","flow-limit":{"interval":5,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1251
- inet6/filter/INPUT -i eth0 -j limit-1251
inet/filter/limit-1251 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-411
- inet6/filter/limit-1251 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-411
+ inet/filter/limit-1251 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-411 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-411 -m limit --limit 1/second -j LOG
inet/filter/logdrop-411 -j DROP
- inet6/filter/logdrop-411 -j DROP
- inet/filter/limit-1251 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1251 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1251
+ inet6/filter/limit-1251 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-411
+ inet6/filter/limit-1251 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-411 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-411 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1253 {"flow-limit":{"interval":5,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1252
- inet6/filter/INPUT -i eth0 -j limit-1252
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1252 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-412
- inet6/filter/limit-1252 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-412
+ inet/filter/limit-1252 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-412 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-412 -m limit --limit 1/second -j LOG
inet/filter/logdrop-412 -j DROP
- inet6/filter/logdrop-412 -j DROP
- inet/filter/limit-1252 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1252 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1252
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1252 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-412
+ inet6/filter/limit-1252 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-412 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-412 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1254 {"action":"pass","flow-limit":{"interval":5,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1253
- inet6/filter/INPUT -i eth0 -j limit-1253
inet/filter/limit-1253 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-413
- inet6/filter/limit-1253 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-413
+ inet/filter/limit-1253 -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/logdrop-413 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-413 -m limit --limit 1/second -j LOG
inet/filter/logdrop-413 -j DROP
- inet6/filter/logdrop-413 -j DROP
- inet/filter/limit-1253 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1253 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1253
+ inet6/filter/limit-1253 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-413
+ inet6/filter/limit-1253 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-413 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-413 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1255 {"flow-limit":{"interval":5,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1254
- inet6/filter/INPUT -i eth0 -j limit-1254
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1254 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-414
- inet6/filter/limit-1254 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-414
+ inet/filter/limit-1254 -j ACCEPT
inet/filter/logdrop-414 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-414 -m limit --limit 1/second -j LOG
inet/filter/logdrop-414 -j DROP
- inet6/filter/logdrop-414 -j DROP
- inet/filter/limit-1254 -j ACCEPT
- inet6/filter/limit-1254 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1254
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1254 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-414
+ inet6/filter/limit-1254 -j ACCEPT
+ inet6/filter/logdrop-414 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-414 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1256 {"action":"pass","flow-limit":{"interval":5,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-415
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-415
inet/filter/logdrop-415 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-415 -m limit --limit 1/second -j LOG
inet/filter/logdrop-415 -j DROP
- inet6/filter/logdrop-415 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-415
+ inet6/filter/logdrop-415 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-415 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1257 {"flow-limit":{"interval":5,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1256
- inet6/filter/INPUT -i eth0 -j limit-1256
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1256 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-416
- inet6/filter/limit-1256 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-416
+ inet/filter/limit-1256 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1256 -j ACCEPT
inet/filter/logdrop-416 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-416 -m limit --limit 1/second -j LOG
inet/filter/logdrop-416 -j DROP
- inet6/filter/logdrop-416 -j DROP
- inet/filter/limit-1256 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1256
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1256 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-416
inet6/filter/limit-1256 -m limit --limit 1/second -j LOG
- inet/filter/limit-1256 -j ACCEPT
inet6/filter/limit-1256 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-416 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-416 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1258 {"action":"pass","flow-limit":{"interval":5,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1257
- inet6/filter/INPUT -i eth0 -j limit-1257
inet/filter/limit-1257 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-417
- inet6/filter/limit-1257 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-417
+ inet/filter/limit-1257 -m limit --limit 1/second -j LOG
inet/filter/logdrop-417 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-417 -m limit --limit 1/second -j LOG
inet/filter/logdrop-417 -j DROP
- inet6/filter/logdrop-417 -j DROP
- inet/filter/limit-1257 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1257 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1257
+ inet6/filter/limit-1257 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-417
+ inet6/filter/limit-1257 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-417 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-417 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1259 {"flow-limit":{"interval":5,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1258
- inet6/filter/INPUT -i eth0 -j limit-1258
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1258 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-418
- inet6/filter/limit-1258 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-418
+ inet/filter/limit-1258 -j ACCEPT
inet/filter/logdrop-418 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-418 -m limit --limit 1/second -j LOG
inet/filter/logdrop-418 -j DROP
- inet6/filter/logdrop-418 -j DROP
- inet/filter/limit-1258 -j ACCEPT
- inet6/filter/limit-1258 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1258
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1258 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-418
+ inet6/filter/limit-1258 -j ACCEPT
+ inet6/filter/logdrop-418 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-418 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1260 {"action":"pass","flow-limit":{"interval":5,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-419
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-419
inet/filter/logdrop-419 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-419 -m limit --limit 1/second -j LOG
inet/filter/logdrop-419 -j DROP
- inet6/filter/logdrop-419 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-419
+ inet6/filter/logdrop-419 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-419 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1261 {"flow-limit":{"addr":"dest","interval":5,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1260
- inet6/filter/INPUT -i eth0 -j limit-1260
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1260 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-420
- inet6/filter/limit-1260 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-420
+ inet/filter/limit-1260 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-420 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-420 -m limit --limit 1/second -j LOG
inet/filter/logdrop-420 -j DROP
- inet6/filter/logdrop-420 -j DROP
- inet/filter/limit-1260 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1260 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1260
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1260 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-420
+ inet6/filter/limit-1260 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-420 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-420 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1262 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1261
- inet6/filter/INPUT -i eth0 -j limit-1261
inet/filter/limit-1261 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-421
- inet6/filter/limit-1261 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-421
+ inet/filter/limit-1261 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-421 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-421 -m limit --limit 1/second -j LOG
inet/filter/logdrop-421 -j DROP
- inet6/filter/logdrop-421 -j DROP
- inet/filter/limit-1261 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1261 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1261
+ inet6/filter/limit-1261 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-421
+ inet6/filter/limit-1261 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-421 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-421 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1263 {"flow-limit":{"addr":"dest","interval":5,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1262
- inet6/filter/INPUT -i eth0 -j limit-1262
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1262 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-422
- inet6/filter/limit-1262 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-422
+ inet/filter/limit-1262 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1262 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-422 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-422 -m limit --limit 1/second -j LOG
inet/filter/logdrop-422 -j DROP
- inet6/filter/logdrop-422 -j DROP
- inet/filter/limit-1262 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1262
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1262 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-422
inet6/filter/limit-1262 -m limit --limit 1/second -j LOG
- inet/filter/limit-1262 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet6/filter/limit-1262 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-422 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-422 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1264 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1263
- inet6/filter/INPUT -i eth0 -j limit-1263
inet/filter/limit-1263 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-423
- inet6/filter/limit-1263 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-423
+ inet/filter/limit-1263 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-423 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-423 -m limit --limit 1/second -j LOG
inet/filter/logdrop-423 -j DROP
- inet6/filter/logdrop-423 -j DROP
- inet/filter/limit-1263 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1263 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1263
+ inet6/filter/limit-1263 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-423
+ inet6/filter/limit-1263 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-423 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-423 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1265 {"flow-limit":{"addr":"dest","interval":5,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1264
- inet6/filter/INPUT -i eth0 -j limit-1264
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1264 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-424
- inet6/filter/limit-1264 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-424
+ inet/filter/limit-1264 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
inet/filter/logdrop-424 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-424 -m limit --limit 1/second -j LOG
inet/filter/logdrop-424 -j DROP
- inet6/filter/logdrop-424 -j DROP
- inet/filter/limit-1264 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1264 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1264
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1264 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-424
+ inet6/filter/limit-1264 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/filter/logdrop-424 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-424 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1266 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1265
- inet6/filter/INPUT -i eth0 -j limit-1265
inet/filter/limit-1265 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j logdrop-425
- inet6/filter/limit-1265 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-425
+ inet/filter/limit-1265 -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/logdrop-425 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-425 -m limit --limit 1/second -j LOG
inet/filter/logdrop-425 -j DROP
- inet6/filter/logdrop-425 -j DROP
- inet/filter/limit-1265 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1265 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1265
+ inet6/filter/limit-1265 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j logdrop-425
+ inet6/filter/limit-1265 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
+ inet6/filter/logdrop-425 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-425 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1267 {"flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1266
- inet6/filter/INPUT -i eth0 -j limit-1266
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1266 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-426
- inet6/filter/limit-1266 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-426
+ inet/filter/limit-1266 -j ACCEPT
inet/filter/logdrop-426 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-426 -m limit --limit 1/second -j LOG
inet/filter/logdrop-426 -j DROP
- inet6/filter/logdrop-426 -j DROP
- inet/filter/limit-1266 -j ACCEPT
- inet6/filter/limit-1266 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1266
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1266 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-426
+ inet6/filter/limit-1266 -j ACCEPT
+ inet6/filter/logdrop-426 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-426 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1268 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-427
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-427
inet/filter/logdrop-427 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-427 -m limit --limit 1/second -j LOG
inet/filter/logdrop-427 -j DROP
- inet6/filter/logdrop-427 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-427
+ inet6/filter/logdrop-427 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-427 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1269 {"flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1268
- inet6/filter/INPUT -i eth0 -j limit-1268
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1268 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-428
- inet6/filter/limit-1268 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-428
+ inet/filter/limit-1268 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1268 -j ACCEPT
inet/filter/logdrop-428 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-428 -m limit --limit 1/second -j LOG
inet/filter/logdrop-428 -j DROP
- inet6/filter/logdrop-428 -j DROP
- inet/filter/limit-1268 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1268
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1268 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-428
inet6/filter/limit-1268 -m limit --limit 1/second -j LOG
- inet/filter/limit-1268 -j ACCEPT
inet6/filter/limit-1268 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-428 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-428 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1270 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1269
- inet6/filter/INPUT -i eth0 -j limit-1269
inet/filter/limit-1269 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-429
- inet6/filter/limit-1269 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-429
+ inet/filter/limit-1269 -m limit --limit 1/second -j LOG
inet/filter/logdrop-429 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-429 -m limit --limit 1/second -j LOG
inet/filter/logdrop-429 -j DROP
- inet6/filter/logdrop-429 -j DROP
- inet/filter/limit-1269 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1269 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1269
+ inet6/filter/limit-1269 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-429
+ inet6/filter/limit-1269 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-429 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-429 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1271 {"flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1270
- inet6/filter/INPUT -i eth0 -j limit-1270
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1270 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-430
- inet6/filter/limit-1270 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-430
+ inet/filter/limit-1270 -j ACCEPT
inet/filter/logdrop-430 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-430 -m limit --limit 1/second -j LOG
inet/filter/logdrop-430 -j DROP
- inet6/filter/logdrop-430 -j DROP
- inet/filter/limit-1270 -j ACCEPT
- inet6/filter/limit-1270 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1270
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1270 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-430
+ inet6/filter/limit-1270 -j ACCEPT
+ inet6/filter/logdrop-430 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-430 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1272 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j logdrop-431
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-431
inet/filter/logdrop-431 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-431 -m limit --limit 1/second -j LOG
inet/filter/logdrop-431 -j DROP
- inet6/filter/logdrop-431 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j logdrop-431
+ inet6/filter/logdrop-431 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-431 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1273 {"flow-limit":{"interval":5,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1272
- inet6/filter/INPUT -i eth0 -j limit-1272
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1272 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-432
- inet6/filter/limit-1272 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-432
+ inet/filter/limit-1272 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-432 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-432 -m limit --limit 1/second -j LOG
inet/filter/logdrop-432 -j DROP
- inet6/filter/logdrop-432 -j DROP
- inet/filter/limit-1272 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1272 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1272
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1272 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-432
+ inet6/filter/limit-1272 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-432 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-432 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1274 {"action":"pass","flow-limit":{"interval":5,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1273
- inet6/filter/INPUT -i eth0 -j limit-1273
inet/filter/limit-1273 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-433
- inet6/filter/limit-1273 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-433
+ inet/filter/limit-1273 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-433 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-433 -m limit --limit 1/second -j LOG
inet/filter/logdrop-433 -j DROP
- inet6/filter/logdrop-433 -j DROP
- inet/filter/limit-1273 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1273 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1273
+ inet6/filter/limit-1273 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-433
+ inet6/filter/limit-1273 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-433 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-433 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1275 {"flow-limit":{"interval":5,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1274
- inet6/filter/INPUT -i eth0 -j limit-1274
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1274 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-434
- inet6/filter/limit-1274 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-434
+ inet/filter/limit-1274 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1274 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-434 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-434 -m limit --limit 1/second -j LOG
inet/filter/logdrop-434 -j DROP
- inet6/filter/logdrop-434 -j DROP
- inet/filter/limit-1274 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1274
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1274 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-434
inet6/filter/limit-1274 -m limit --limit 1/second -j LOG
- inet/filter/limit-1274 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-1274 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-434 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-434 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1276 {"action":"pass","flow-limit":{"interval":5,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1275
- inet6/filter/INPUT -i eth0 -j limit-1275
inet/filter/limit-1275 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-435
- inet6/filter/limit-1275 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-435
+ inet/filter/limit-1275 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-435 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-435 -m limit --limit 1/second -j LOG
inet/filter/logdrop-435 -j DROP
- inet6/filter/logdrop-435 -j DROP
- inet/filter/limit-1275 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1275 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1275
+ inet6/filter/limit-1275 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-435
+ inet6/filter/limit-1275 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-435 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-435 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1277 {"flow-limit":{"interval":5,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1276
- inet6/filter/INPUT -i eth0 -j limit-1276
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1276 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-436
- inet6/filter/limit-1276 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-436
+ inet/filter/limit-1276 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-436 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-436 -m limit --limit 1/second -j LOG
inet/filter/logdrop-436 -j DROP
- inet6/filter/logdrop-436 -j DROP
- inet/filter/limit-1276 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1276 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1276
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1276 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-436
+ inet6/filter/limit-1276 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-436 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-436 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1278 {"action":"pass","flow-limit":{"interval":5,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1277
- inet6/filter/INPUT -i eth0 -j limit-1277
inet/filter/limit-1277 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-437
- inet6/filter/limit-1277 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-437
+ inet/filter/limit-1277 -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/logdrop-437 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-437 -m limit --limit 1/second -j LOG
inet/filter/logdrop-437 -j DROP
- inet6/filter/logdrop-437 -j DROP
- inet/filter/limit-1277 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1277 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1277
+ inet6/filter/limit-1277 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-437
+ inet6/filter/limit-1277 -m recent --name user:C --rsource --mask fe00:: --set
+ inet6/filter/logdrop-437 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-437 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1279 {"flow-limit":{"interval":5,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1278
- inet6/filter/INPUT -i eth0 -j limit-1278
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1278 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-438
- inet6/filter/limit-1278 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-438
+ inet/filter/limit-1278 -j ACCEPT
inet/filter/logdrop-438 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-438 -m limit --limit 1/second -j LOG
inet/filter/logdrop-438 -j DROP
- inet6/filter/logdrop-438 -j DROP
- inet/filter/limit-1278 -j ACCEPT
- inet6/filter/limit-1278 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1278
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1278 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-438
+ inet6/filter/limit-1278 -j ACCEPT
+ inet6/filter/logdrop-438 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-438 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1280 {"action":"pass","flow-limit":{"interval":5,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-439
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-439
inet/filter/logdrop-439 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-439 -m limit --limit 1/second -j LOG
inet/filter/logdrop-439 -j DROP
- inet6/filter/logdrop-439 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-439
+ inet6/filter/logdrop-439 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-439 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1281 {"flow-limit":{"interval":5,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1280
- inet6/filter/INPUT -i eth0 -j limit-1280
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1280 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-440
- inet6/filter/limit-1280 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-440
+ inet/filter/limit-1280 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1280 -j ACCEPT
inet/filter/logdrop-440 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-440 -m limit --limit 1/second -j LOG
inet/filter/logdrop-440 -j DROP
- inet6/filter/logdrop-440 -j DROP
- inet/filter/limit-1280 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1280
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1280 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-440
inet6/filter/limit-1280 -m limit --limit 1/second -j LOG
- inet/filter/limit-1280 -j ACCEPT
inet6/filter/limit-1280 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-440 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-440 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1282 {"action":"pass","flow-limit":{"interval":5,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1281
- inet6/filter/INPUT -i eth0 -j limit-1281
inet/filter/limit-1281 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-441
- inet6/filter/limit-1281 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-441
+ inet/filter/limit-1281 -m limit --limit 1/second -j LOG
inet/filter/logdrop-441 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-441 -m limit --limit 1/second -j LOG
inet/filter/logdrop-441 -j DROP
- inet6/filter/logdrop-441 -j DROP
- inet/filter/limit-1281 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1281 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1281
+ inet6/filter/limit-1281 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-441
+ inet6/filter/limit-1281 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-441 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-441 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1283 {"flow-limit":{"interval":5,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1282
- inet6/filter/INPUT -i eth0 -j limit-1282
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1282 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-442
- inet6/filter/limit-1282 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-442
+ inet/filter/limit-1282 -j ACCEPT
inet/filter/logdrop-442 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-442 -m limit --limit 1/second -j LOG
inet/filter/logdrop-442 -j DROP
- inet6/filter/logdrop-442 -j DROP
- inet/filter/limit-1282 -j ACCEPT
- inet6/filter/limit-1282 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1282
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1282 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-442
+ inet6/filter/limit-1282 -j ACCEPT
+ inet6/filter/logdrop-442 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-442 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1284 {"action":"pass","flow-limit":{"interval":5,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-443
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-443
inet/filter/logdrop-443 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-443 -m limit --limit 1/second -j LOG
inet/filter/logdrop-443 -j DROP
- inet6/filter/logdrop-443 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-443
+ inet6/filter/logdrop-443 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-443 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1285 {"flow-limit":{"addr":"dest","interval":5,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1284
- inet6/filter/INPUT -i eth0 -j limit-1284
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1284 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-444
- inet6/filter/limit-1284 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-444
+ inet/filter/limit-1284 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-444 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-444 -m limit --limit 1/second -j LOG
inet/filter/logdrop-444 -j DROP
- inet6/filter/logdrop-444 -j DROP
- inet/filter/limit-1284 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1284 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1284
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1284 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-444
+ inet6/filter/limit-1284 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-444 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-444 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1286 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1285
- inet6/filter/INPUT -i eth0 -j limit-1285
inet/filter/limit-1285 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-445
- inet6/filter/limit-1285 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-445
+ inet/filter/limit-1285 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-445 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-445 -m limit --limit 1/second -j LOG
inet/filter/logdrop-445 -j DROP
- inet6/filter/logdrop-445 -j DROP
- inet/filter/limit-1285 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1285 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1285
+ inet6/filter/limit-1285 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-445
+ inet6/filter/limit-1285 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-445 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-445 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1287 {"flow-limit":{"addr":"dest","interval":5,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1286
- inet6/filter/INPUT -i eth0 -j limit-1286
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1286 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-446
- inet6/filter/limit-1286 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-446
+ inet/filter/limit-1286 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1286 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-446 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-446 -m limit --limit 1/second -j LOG
inet/filter/logdrop-446 -j DROP
- inet6/filter/logdrop-446 -j DROP
- inet/filter/limit-1286 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1286
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1286 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-446
inet6/filter/limit-1286 -m limit --limit 1/second -j LOG
- inet/filter/limit-1286 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet6/filter/limit-1286 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-446 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-446 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1288 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1287
- inet6/filter/INPUT -i eth0 -j limit-1287
inet/filter/limit-1287 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-447
- inet6/filter/limit-1287 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-447
+ inet/filter/limit-1287 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
inet/filter/logdrop-447 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-447 -m limit --limit 1/second -j LOG
inet/filter/logdrop-447 -j DROP
- inet6/filter/logdrop-447 -j DROP
- inet/filter/limit-1287 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1287 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1287
+ inet6/filter/limit-1287 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-447
+ inet6/filter/limit-1287 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-447 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-447 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1289 {"flow-limit":{"addr":"dest","interval":5,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1288
- inet6/filter/INPUT -i eth0 -j limit-1288
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1288 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-448
- inet6/filter/limit-1288 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-448
+ inet/filter/limit-1288 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
inet/filter/logdrop-448 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-448 -m limit --limit 1/second -j LOG
inet/filter/logdrop-448 -j DROP
- inet6/filter/logdrop-448 -j DROP
- inet/filter/limit-1288 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1288 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1288
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1288 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-448
+ inet6/filter/limit-1288 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/filter/logdrop-448 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-448 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1290 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1289
- inet6/filter/INPUT -i eth0 -j limit-1289
inet/filter/limit-1289 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j logdrop-449
- inet6/filter/limit-1289 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-449
+ inet/filter/limit-1289 -m recent --name user:C --rdest --mask 254.0.0.0 --set
inet/filter/logdrop-449 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-449 -m limit --limit 1/second -j LOG
inet/filter/logdrop-449 -j DROP
- inet6/filter/logdrop-449 -j DROP
- inet/filter/limit-1289 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1289 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1289
+ inet6/filter/limit-1289 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j logdrop-449
+ inet6/filter/limit-1289 -m recent --name user:C --rdest --mask fe00:: --set
+ inet6/filter/logdrop-449 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-449 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1291 {"flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1290
- inet6/filter/INPUT -i eth0 -j limit-1290
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1290 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-450
- inet6/filter/limit-1290 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-450
+ inet/filter/limit-1290 -j ACCEPT
inet/filter/logdrop-450 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-450 -m limit --limit 1/second -j LOG
inet/filter/logdrop-450 -j DROP
- inet6/filter/logdrop-450 -j DROP
- inet/filter/limit-1290 -j ACCEPT
- inet6/filter/limit-1290 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1290
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1290 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-450
+ inet6/filter/limit-1290 -j ACCEPT
+ inet6/filter/logdrop-450 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-450 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1292 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-451
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-451
inet/filter/logdrop-451 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-451 -m limit --limit 1/second -j LOG
inet/filter/logdrop-451 -j DROP
- inet6/filter/logdrop-451 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-451
+ inet6/filter/logdrop-451 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-451 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1293 {"flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1292
- inet6/filter/INPUT -i eth0 -j limit-1292
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1292 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-452
- inet6/filter/limit-1292 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-452
+ inet/filter/limit-1292 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1292 -j ACCEPT
inet/filter/logdrop-452 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-452 -m limit --limit 1/second -j LOG
inet/filter/logdrop-452 -j DROP
- inet6/filter/logdrop-452 -j DROP
- inet/filter/limit-1292 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1292
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1292 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-452
inet6/filter/limit-1292 -m limit --limit 1/second -j LOG
- inet/filter/limit-1292 -j ACCEPT
inet6/filter/limit-1292 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logdrop-452 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-452 -j DROP
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1294 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1293
- inet6/filter/INPUT -i eth0 -j limit-1293
inet/filter/limit-1293 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-453
- inet6/filter/limit-1293 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-453
+ inet/filter/limit-1293 -m limit --limit 1/second -j LOG
inet/filter/logdrop-453 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-453 -m limit --limit 1/second -j LOG
inet/filter/logdrop-453 -j DROP
- inet6/filter/logdrop-453 -j DROP
- inet/filter/limit-1293 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1293 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1293
+ inet6/filter/limit-1293 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-453
+ inet6/filter/limit-1293 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-453 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-453 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1295 {"flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1294
- inet6/filter/INPUT -i eth0 -j limit-1294
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1294 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-454
- inet6/filter/limit-1294 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-454
+ inet/filter/limit-1294 -j ACCEPT
inet/filter/logdrop-454 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-454 -m limit --limit 1/second -j LOG
inet/filter/logdrop-454 -j DROP
- inet6/filter/logdrop-454 -j DROP
- inet/filter/limit-1294 -j ACCEPT
- inet6/filter/limit-1294 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1294
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1294 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-454
+ inet6/filter/limit-1294 -j ACCEPT
+ inet6/filter/logdrop-454 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-454 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1296 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j logdrop-455
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-455
inet/filter/logdrop-455 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-455 -m limit --limit 1/second -j LOG
inet/filter/logdrop-455 -j DROP
- inet6/filter/logdrop-455 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j logdrop-455
+ inet6/filter/logdrop-455 -m limit --limit 1/second -j LOG
+ inet6/filter/logdrop-455 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1297 {"flow-limit":{"interval":5,"log":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1296
- inet6/filter/INPUT -i eth0 -j limit-1296
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1296 -m recent --name limit-1296 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1296 -m recent --name limit-1296 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1296 -m recent --name limit-1296 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1296 -m recent --name limit-1296 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1296
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1296 -m recent --name limit-1296 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1296 -m recent --name limit-1296 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1298 {"action":"pass","flow-limit":{"interval":5,"log":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1297
- inet6/filter/INPUT -i eth0 -j limit-1297
inet/filter/limit-1297 -m recent --name limit-1297 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1297 -m recent --name limit-1297 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1297 -m recent --name limit-1297 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1297 -m recent --name limit-1297 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1297
+ inet6/filter/limit-1297 -m recent --name limit-1297 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1297 -m recent --name limit-1297 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1299 {"flow-limit":{"interval":5,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1298
- inet6/filter/INPUT -i eth0 -j limit-1298
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1298 -m recent --name limit-1298 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1298 -m recent --name limit-1298 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1298 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1298 -m limit --limit 1/second -j LOG
inet/filter/limit-1298 -m recent --name limit-1298 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1298 -m recent --name limit-1298 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1298
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1298 -m recent --name limit-1298 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1298 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1298 -m recent --name limit-1298 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1300 {"action":"pass","flow-limit":{"interval":5,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1299
- inet6/filter/INPUT -i eth0 -j limit-1299
inet/filter/limit-1299 -m recent --name limit-1299 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1299 -m recent --name limit-1299 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1299 -m recent --name limit-1299 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1299 -m recent --name limit-1299 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1299
+ inet6/filter/limit-1299 -m recent --name limit-1299 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1299 -m recent --name limit-1299 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1301 {"flow-limit":{"interval":5,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1300
- inet6/filter/INPUT -i eth0 -j limit-1300
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1300 -m recent --name limit-1300 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1300 -m recent --name limit-1300 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1300 -m recent --name limit-1300 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1300 -m recent --name limit-1300 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1300
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1300 -m recent --name limit-1300 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1300 -m recent --name limit-1300 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1302 {"action":"pass","flow-limit":{"interval":5,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1301
- inet6/filter/INPUT -i eth0 -j limit-1301
inet/filter/limit-1301 -m recent --name limit-1301 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1301 -m recent --name limit-1301 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1301 -m recent --name limit-1301 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1301 -m recent --name limit-1301 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1301
+ inet6/filter/limit-1301 -m recent --name limit-1301 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1301 -m recent --name limit-1301 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1303 {"flow-limit":{"interval":5,"log":false,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1302
- inet6/filter/INPUT -i eth0 -j limit-1302
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1302 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1302 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1302 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1302 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1302
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1302 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1302 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1304 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1303
- inet6/filter/INPUT -i eth0 -j limit-1303
inet/filter/limit-1303 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1303 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1303 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1303 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1303
+ inet6/filter/limit-1303 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1303 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1305 {"flow-limit":{"interval":5,"log":false,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1304
- inet6/filter/INPUT -i eth0 -j limit-1304
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1304 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1304 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1304 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1304 -m limit --limit 1/second -j LOG
inet/filter/limit-1304 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1304 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1304
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1304 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1304 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1304 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1306 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1305
- inet6/filter/INPUT -i eth0 -j limit-1305
inet/filter/limit-1305 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1305 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1305 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1305 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1305
+ inet6/filter/limit-1305 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1305 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1307 {"flow-limit":{"interval":5,"log":false,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1306
- inet6/filter/INPUT -i eth0 -j limit-1306
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1306 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1306 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1306 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1306 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1306
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1306 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1306 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1308 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1307
- inet6/filter/INPUT -i eth0 -j limit-1307
inet/filter/limit-1307 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1307 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1307 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1307 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1307
+ inet6/filter/limit-1307 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1307 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1309 {"flow-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1308
- inet6/filter/INPUT -i eth0 -j limit-1308
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1308 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1308 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1308 -j ACCEPT
- inet6/filter/limit-1308 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1308
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1308 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1308 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1310 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1311 {"flow-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1310
- inet6/filter/INPUT -i eth0 -j limit-1310
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1310 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1310 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1310 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1310 -m limit --limit 1/second -j LOG
inet/filter/limit-1310 -j ACCEPT
- inet6/filter/limit-1310 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1310
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1310 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1310 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1310 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1312 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1311
- inet6/filter/INPUT -i eth0 -j limit-1311
inet/filter/limit-1311 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1311 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1311 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1311 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1311
+ inet6/filter/limit-1311 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1311 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1313 {"flow-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1312
- inet6/filter/INPUT -i eth0 -j limit-1312
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1312 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1312 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1312 -j ACCEPT
- inet6/filter/limit-1312 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1312
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1312 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1312 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1314 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1315 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1314
- inet6/filter/INPUT -i eth0 -j limit-1314
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1314 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1314 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1314 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1314 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1314
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1314 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1314 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1316 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1315
- inet6/filter/INPUT -i eth0 -j limit-1315
inet/filter/limit-1315 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1315 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1315 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1315 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1315
+ inet6/filter/limit-1315 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1315 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1317 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1316
- inet6/filter/INPUT -i eth0 -j limit-1316
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1316 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1316 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1316 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1316 -m limit --limit 1/second -j LOG
inet/filter/limit-1316 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1316 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1316
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1316 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1316 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1316 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1318 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1317
- inet6/filter/INPUT -i eth0 -j limit-1317
inet/filter/limit-1317 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1317 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1317 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1317 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1317
+ inet6/filter/limit-1317 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1317 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1319 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1318
- inet6/filter/INPUT -i eth0 -j limit-1318
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1318 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1318 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1318 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1318 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1318
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1318 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1318 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1320 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1319
- inet6/filter/INPUT -i eth0 -j limit-1319
inet/filter/limit-1319 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1319 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1319 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1319 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1319
+ inet6/filter/limit-1319 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1319 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1321 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1320
- inet6/filter/INPUT -i eth0 -j limit-1320
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1320 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1320 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1320 -j ACCEPT
- inet6/filter/limit-1320 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1320
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1320 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1320 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1322 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1323 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1322
- inet6/filter/INPUT -i eth0 -j limit-1322
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1322 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1322 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1322 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1322 -m limit --limit 1/second -j LOG
inet/filter/limit-1322 -j ACCEPT
- inet6/filter/limit-1322 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1322
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1322 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1322 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1322 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1324 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1323
- inet6/filter/INPUT -i eth0 -j limit-1323
inet/filter/limit-1323 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1323 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1323 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1323 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1323
+ inet6/filter/limit-1323 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1323 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1325 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1324
- inet6/filter/INPUT -i eth0 -j limit-1324
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1324 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1324 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1324 -j ACCEPT
- inet6/filter/limit-1324 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1324
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1324 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1324 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1326 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1327 {"flow-limit":{"interval":5,"log":false,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1326
- inet6/filter/INPUT -i eth0 -j limit-1326
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1326 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1326 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1326 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1326 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1326
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1326 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1326 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1328 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1327
- inet6/filter/INPUT -i eth0 -j limit-1327
inet/filter/limit-1327 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1327 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1327 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1327 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1327
+ inet6/filter/limit-1327 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1327 -m recent --name user:C --rsource --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1329 {"flow-limit":{"interval":5,"log":false,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1328
- inet6/filter/INPUT -i eth0 -j limit-1328
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1328 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1328 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1328 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1328 -m limit --limit 1/second -j LOG
inet/filter/limit-1328 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1328 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1328
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1328 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1328 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1328 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1330 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1329
- inet6/filter/INPUT -i eth0 -j limit-1329
inet/filter/limit-1329 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1329 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1329 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1329 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1329
+ inet6/filter/limit-1329 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1329 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1331 {"flow-limit":{"interval":5,"log":false,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1330
- inet6/filter/INPUT -i eth0 -j limit-1330
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1330 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1330 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1330 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1330 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1330
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1330 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1330 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1332 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1331
- inet6/filter/INPUT -i eth0 -j limit-1331
inet/filter/limit-1331 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1331 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1331 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1331 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1331
+ inet6/filter/limit-1331 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1331 -m recent --name user:C --rsource --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1333 {"flow-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1332
- inet6/filter/INPUT -i eth0 -j limit-1332
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1332 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1332 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1332 -j ACCEPT
- inet6/filter/limit-1332 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1332
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1332 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1332 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1334 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1335 {"flow-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1334
- inet6/filter/INPUT -i eth0 -j limit-1334
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1334 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1334 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1334 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1334 -m limit --limit 1/second -j LOG
inet/filter/limit-1334 -j ACCEPT
- inet6/filter/limit-1334 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1334
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1334 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1334 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1334 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1336 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1335
- inet6/filter/INPUT -i eth0 -j limit-1335
inet/filter/limit-1335 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1335 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1335 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1335 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1335
+ inet6/filter/limit-1335 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1335 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1337 {"flow-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1336
- inet6/filter/INPUT -i eth0 -j limit-1336
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1336 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1336 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1336 -j ACCEPT
- inet6/filter/limit-1336 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1336
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1336 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1336 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1338 {"action":"pass","flow-limit":{"interval":5,"log":false,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1339 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1338
- inet6/filter/INPUT -i eth0 -j limit-1338
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1338 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1338 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1338 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1338 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1338
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1338 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1338 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1340 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1339
- inet6/filter/INPUT -i eth0 -j limit-1339
inet/filter/limit-1339 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1339 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1339 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1339 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1339
+ inet6/filter/limit-1339 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1339 -m recent --name user:C --rdest --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1341 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1340
- inet6/filter/INPUT -i eth0 -j limit-1340
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1340 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1340 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1340 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1340 -m limit --limit 1/second -j LOG
inet/filter/limit-1340 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1340 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1340
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1340 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1340 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1340 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1342 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1341
- inet6/filter/INPUT -i eth0 -j limit-1341
inet/filter/limit-1341 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1341 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1341 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1341 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1341
+ inet6/filter/limit-1341 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1341 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1343 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1342
- inet6/filter/INPUT -i eth0 -j limit-1342
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1342 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1342 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1342 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1342 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1342
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1342 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1342 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1344 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1343
- inet6/filter/INPUT -i eth0 -j limit-1343
inet/filter/limit-1343 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1343 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1343 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1343 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1343
+ inet6/filter/limit-1343 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1343 -m recent --name user:C --rdest --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1345 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1344
- inet6/filter/INPUT -i eth0 -j limit-1344
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1344 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1344 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1344 -j ACCEPT
- inet6/filter/limit-1344 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1344
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1344 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1344 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1346 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1347 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1346
- inet6/filter/INPUT -i eth0 -j limit-1346
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1346 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1346 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1346 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1346 -m limit --limit 1/second -j LOG
inet/filter/limit-1346 -j ACCEPT
- inet6/filter/limit-1346 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1346
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1346 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1346 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1346 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1348 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1347
- inet6/filter/INPUT -i eth0 -j limit-1347
inet/filter/limit-1347 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1347 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1347 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1347 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1347
+ inet6/filter/limit-1347 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1347 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1349 {"flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1348
- inet6/filter/INPUT -i eth0 -j limit-1348
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1348 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1348 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1348 -j ACCEPT
- inet6/filter/limit-1348 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1348
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1348 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1348 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1350 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":false,"name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1351 {"flow-limit":{"interval":5,"log":"none"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1350
- inet6/filter/INPUT -i eth0 -j limit-1350
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1350 -m recent --name limit-1350 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1350 -m recent --name limit-1350 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1350 -m recent --name limit-1350 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1350 -m recent --name limit-1350 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1350
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1350 -m recent --name limit-1350 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1350 -m recent --name limit-1350 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1352 {"action":"pass","flow-limit":{"interval":5,"log":"none"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1351
- inet6/filter/INPUT -i eth0 -j limit-1351
inet/filter/limit-1351 -m recent --name limit-1351 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1351 -m recent --name limit-1351 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1351 -m recent --name limit-1351 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1351 -m recent --name limit-1351 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1351
+ inet6/filter/limit-1351 -m recent --name limit-1351 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1351 -m recent --name limit-1351 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1353 {"flow-limit":{"interval":5,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1352
- inet6/filter/INPUT -i eth0 -j limit-1352
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1352 -m recent --name limit-1352 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1352 -m recent --name limit-1352 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1352 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1352 -m limit --limit 1/second -j LOG
inet/filter/limit-1352 -m recent --name limit-1352 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1352 -m recent --name limit-1352 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1352
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1352 -m recent --name limit-1352 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1352 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1352 -m recent --name limit-1352 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1354 {"action":"pass","flow-limit":{"interval":5,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1353
- inet6/filter/INPUT -i eth0 -j limit-1353
inet/filter/limit-1353 -m recent --name limit-1353 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1353 -m recent --name limit-1353 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1353 -m recent --name limit-1353 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1353 -m recent --name limit-1353 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1353
+ inet6/filter/limit-1353 -m recent --name limit-1353 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1353 -m recent --name limit-1353 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1355 {"flow-limit":{"interval":5,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1354
- inet6/filter/INPUT -i eth0 -j limit-1354
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1354 -m recent --name limit-1354 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1354 -m recent --name limit-1354 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1354 -m recent --name limit-1354 --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1354 -m recent --name limit-1354 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1354
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1354 -m recent --name limit-1354 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1354 -m recent --name limit-1354 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1356 {"action":"pass","flow-limit":{"interval":5,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1355
- inet6/filter/INPUT -i eth0 -j limit-1355
inet/filter/limit-1355 -m recent --name limit-1355 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1355 -m recent --name limit-1355 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1355 -m recent --name limit-1355 --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1355 -m recent --name limit-1355 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1355
+ inet6/filter/limit-1355 -m recent --name limit-1355 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1355 -m recent --name limit-1355 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1357 {"flow-limit":{"interval":5,"log":"none","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1356
- inet6/filter/INPUT -i eth0 -j limit-1356
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1356 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1356 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1356 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1356 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1356
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1356 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1356 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1358 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1357
- inet6/filter/INPUT -i eth0 -j limit-1357
inet/filter/limit-1357 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1357 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1357 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1357 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1357
+ inet6/filter/limit-1357 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1357 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1359 {"flow-limit":{"interval":5,"log":"none","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1358
- inet6/filter/INPUT -i eth0 -j limit-1358
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1358 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1358 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1358 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1358 -m limit --limit 1/second -j LOG
inet/filter/limit-1358 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1358 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1358
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1358 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1358 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1358 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1360 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1359
- inet6/filter/INPUT -i eth0 -j limit-1359
inet/filter/limit-1359 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1359 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1359 -m recent --name user:A --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1359 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1359
+ inet6/filter/limit-1359 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1359 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1361 {"flow-limit":{"interval":5,"log":"none","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1360
- inet6/filter/INPUT -i eth0 -j limit-1360
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1360 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1360 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1360 -m recent --name user:A --rsource --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1360 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1360
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1360 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1360 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1362 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1361
- inet6/filter/INPUT -i eth0 -j limit-1361
inet/filter/limit-1361 -m recent --name user:A --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1361 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1361 -m recent --name user:A --rsource --mask 255.255.255.255 --set
- inet6/filter/limit-1361 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1361
+ inet6/filter/limit-1361 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1361 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1363 {"flow-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1362
- inet6/filter/INPUT -i eth0 -j limit-1362
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1362 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1362 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1362 -j ACCEPT
- inet6/filter/limit-1362 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1362
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1362 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1362 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1364 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1365 {"flow-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1364
- inet6/filter/INPUT -i eth0 -j limit-1364
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1364 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1364 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1364 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1364 -m limit --limit 1/second -j LOG
inet/filter/limit-1364 -j ACCEPT
- inet6/filter/limit-1364 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1364
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1364 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1364 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1364 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1366 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1365
- inet6/filter/INPUT -i eth0 -j limit-1365
inet/filter/limit-1365 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1365 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1365 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1365 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1365
+ inet6/filter/limit-1365 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1365 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1367 {"flow-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1366
- inet6/filter/INPUT -i eth0 -j limit-1366
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1366 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1366 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1366 -j ACCEPT
- inet6/filter/limit-1366 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1366
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1366 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1366 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1368 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1369 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1368
- inet6/filter/INPUT -i eth0 -j limit-1368
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1368 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1368 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1368 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1368 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1368
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1368 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1368 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1370 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1369
- inet6/filter/INPUT -i eth0 -j limit-1369
inet/filter/limit-1369 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1369 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1369 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1369 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1369
+ inet6/filter/limit-1369 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1369 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1371 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1370
- inet6/filter/INPUT -i eth0 -j limit-1370
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1370 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1370 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1370 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1370 -m limit --limit 1/second -j LOG
inet/filter/limit-1370 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1370 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1370
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1370 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1370 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1370 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1372 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1371
- inet6/filter/INPUT -i eth0 -j limit-1371
inet/filter/limit-1371 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1371 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1371 -m recent --name user:A --rdest --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1371 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1371
+ inet6/filter/limit-1371 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1371 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1373 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1372
- inet6/filter/INPUT -i eth0 -j limit-1372
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1372 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1372 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1372 -m recent --name user:A --rdest --mask 255.255.255.255 --set -j ACCEPT
- inet6/filter/limit-1372 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1372
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1372 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1372 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1374 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1373
- inet6/filter/INPUT -i eth0 -j limit-1373
inet/filter/limit-1373 -m recent --name user:A --rdest --mask 255.255.255.255 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1373 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1373 -m recent --name user:A --rdest --mask 255.255.255.255 --set
- inet6/filter/limit-1373 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1373
+ inet6/filter/limit-1373 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1373 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1375 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1374
- inet6/filter/INPUT -i eth0 -j limit-1374
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1374 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1374 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1374 -j ACCEPT
- inet6/filter/limit-1374 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1374
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1374 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1374 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1376 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1377 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1376
- inet6/filter/INPUT -i eth0 -j limit-1376
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1376 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1376 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1376 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1376 -m limit --limit 1/second -j LOG
inet/filter/limit-1376 -j ACCEPT
- inet6/filter/limit-1376 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1376
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1376 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1376 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1376 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1378 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1377
- inet6/filter/INPUT -i eth0 -j limit-1377
inet/filter/limit-1377 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1377 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1377 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1377 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1377
+ inet6/filter/limit-1377 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1377 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1379 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1378
- inet6/filter/INPUT -i eth0 -j limit-1378
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1378 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1378 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1378 -j ACCEPT
- inet6/filter/limit-1378 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1378
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1378 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1378 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1380 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"A","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask 255.255.255.255 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1381 {"flow-limit":{"interval":5,"log":"none","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1380
- inet6/filter/INPUT -i eth0 -j limit-1380
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1380 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1380 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1380 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1380 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1380
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1380 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1380 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1382 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1381
- inet6/filter/INPUT -i eth0 -j limit-1381
inet/filter/limit-1381 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1381 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1381 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1381 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1381
+ inet6/filter/limit-1381 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1381 -m recent --name user:C --rsource --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1383 {"flow-limit":{"interval":5,"log":"none","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1382
- inet6/filter/INPUT -i eth0 -j limit-1382
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1382 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1382 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1382 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1382 -m limit --limit 1/second -j LOG
inet/filter/limit-1382 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1382 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1382
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1382 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1382 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1382 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1384 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1383
- inet6/filter/INPUT -i eth0 -j limit-1383
inet/filter/limit-1383 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1383 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1383 -m recent --name user:C --rsource --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1383 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1383
+ inet6/filter/limit-1383 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1383 -m recent --name user:C --rsource --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1385 {"flow-limit":{"interval":5,"log":"none","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1384
- inet6/filter/INPUT -i eth0 -j limit-1384
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1384 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1384 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1384 -m recent --name user:C --rsource --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1384 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1384
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1384 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1384 -m recent --name user:C --rsource --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1386 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1385
- inet6/filter/INPUT -i eth0 -j limit-1385
inet/filter/limit-1385 -m recent --name user:C --rsource --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1385 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1385 -m recent --name user:C --rsource --mask 254.0.0.0 --set
- inet6/filter/limit-1385 -m recent --name user:C --rsource --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1385
+ inet6/filter/limit-1385 -m recent --name user:C --rsource --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1385 -m recent --name user:C --rsource --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1387 {"flow-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1386
- inet6/filter/INPUT -i eth0 -j limit-1386
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1386 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1386 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1386 -j ACCEPT
- inet6/filter/limit-1386 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1386
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1386 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1386 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1388 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1389 {"flow-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1388
- inet6/filter/INPUT -i eth0 -j limit-1388
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1388 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1388 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1388 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1388 -m limit --limit 1/second -j LOG
inet/filter/limit-1388 -j ACCEPT
- inet6/filter/limit-1388 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1388
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1388 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1388 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1388 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1390 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1389
- inet6/filter/INPUT -i eth0 -j limit-1389
inet/filter/limit-1389 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1389 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1389 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1389 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1389
+ inet6/filter/limit-1389 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1389 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1391 {"flow-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1390
- inet6/filter/INPUT -i eth0 -j limit-1390
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1390 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1390 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1390 -j ACCEPT
- inet6/filter/limit-1390 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1390
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1390 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1390 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1392 {"action":"pass","flow-limit":{"interval":5,"log":"none","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rsource --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1393 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1392
- inet6/filter/INPUT -i eth0 -j limit-1392
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1392 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1392 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1392 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1392 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1392
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1392 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1392 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1394 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1393
- inet6/filter/INPUT -i eth0 -j limit-1393
inet/filter/limit-1393 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1393 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1393 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1393 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1393
+ inet6/filter/limit-1393 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1393 -m recent --name user:C --rdest --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1395 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1394
- inet6/filter/INPUT -i eth0 -j limit-1394
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1394 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1394 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1394 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1394 -m limit --limit 1/second -j LOG
inet/filter/limit-1394 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1394 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1394
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1394 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1394 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1394 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1396 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1395
- inet6/filter/INPUT -i eth0 -j limit-1395
inet/filter/limit-1395 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1395 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1395 -m recent --name user:C --rdest --mask 254.0.0.0 --set -m limit --limit 1/second -j LOG
- inet6/filter/limit-1395 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1395
+ inet6/filter/limit-1395 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1395 -m recent --name user:C --rdest --mask fe00:: --set -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1397 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1396
- inet6/filter/INPUT -i eth0 -j limit-1396
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1396 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1396 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1396 -m recent --name user:C --rdest --mask 254.0.0.0 --set -j ACCEPT
- inet6/filter/limit-1396 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1396
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1396 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1396 -m recent --name user:C --rdest --mask fe00:: --set -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1398 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1397
- inet6/filter/INPUT -i eth0 -j limit-1397
inet/filter/limit-1397 -m recent --name user:C --rdest --mask 254.0.0.0 --update --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1397 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1397 -m recent --name user:C --rdest --mask 254.0.0.0 --set
- inet6/filter/limit-1397 -m recent --name user:C --rdest --mask fe00:: --set
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1397
+ inet6/filter/limit-1397 -m recent --name user:C --rdest --mask fe00:: --update --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1397 -m recent --name user:C --rdest --mask fe00:: --set
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1399 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1398
- inet6/filter/INPUT -i eth0 -j limit-1398
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1398 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1398 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1398 -j ACCEPT
- inet6/filter/limit-1398 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1398
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1398 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1398 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1400 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1401 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1400
- inet6/filter/INPUT -i eth0 -j limit-1400
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1400 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1400 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1400 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1400 -m limit --limit 1/second -j LOG
inet/filter/limit-1400 -j ACCEPT
- inet6/filter/limit-1400 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1400
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1400 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1400 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1400 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1402 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1401
- inet6/filter/INPUT -i eth0 -j limit-1401
inet/filter/limit-1401 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1401 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1401 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1401 -m limit --limit 1/second -j LOG
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1401
+ inet6/filter/limit-1401 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1401 -m limit --limit 1/second -j LOG
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1403 {"flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1402
- inet6/filter/INPUT -i eth0 -j limit-1402
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1402 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/limit-1402 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/filter/limit-1402 -j ACCEPT
- inet6/filter/limit-1402 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1402
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1402 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
+ inet6/filter/limit-1402 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1404 {"action":"pass","flow-limit":{"addr":"dest","interval":5,"log":"none","name":"C","update":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask 254.0.0.0 --rcheck --hitcount 1 --seconds 5 -j DROP
- inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -m recent --name user:C --rdest --mask fe00:: --rcheck --hitcount 1 --seconds 5 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1405 {"flow-limit":150,"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1404
- inet6/filter/INPUT -i eth0 -j limit-1404
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1404 -j ACCEPT
- inet6/filter/limit-1404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1404 -j ACCEPT
inet/filter/limit-1404 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1404 -m limit --limit 1/second -j LOG
inet/filter/limit-1404 -j DROP
- inet6/filter/limit-1404 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1404
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1404 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1404 -j ACCEPT
+ inet6/filter/limit-1404 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1404 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1406 {"action":"pass","flow-limit":150,"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1405
- inet6/filter/INPUT -i eth0 -j limit-1405
inet/filter/limit-1405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1405 -j RETURN
- inet6/filter/limit-1405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1405 -j RETURN
inet/filter/limit-1405 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1405 -m limit --limit 1/second -j LOG
inet/filter/limit-1405 -j DROP
- inet6/filter/limit-1405 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1405
+ inet6/filter/limit-1405 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1405 -j RETURN
+ inet6/filter/limit-1405 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1405 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1407 {"flow-limit":150,"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1406
- inet6/filter/INPUT -i eth0 -j limit-1406
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1406 -j logaccept-14
- inet6/filter/limit-1406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1406 -j logaccept-14
+ inet/filter/limit-1406 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1406 -j DROP
inet/filter/logaccept-14 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-14 -m limit --limit 1/second -j LOG
inet/filter/logaccept-14 -j ACCEPT
- inet6/filter/logaccept-14 -j ACCEPT
- inet/filter/limit-1406 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1406
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1406 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1406 -j logaccept-14
inet6/filter/limit-1406 -m limit --limit 1/second -j LOG
- inet/filter/limit-1406 -j DROP
inet6/filter/limit-1406 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logaccept-14 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-14 -j ACCEPT
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1408 {"flow-limit":150,"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1407
- inet6/filter/INPUT -i eth0 -j limit-1407
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1407 -j ACCEPT
- inet6/filter/limit-1407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1407 -j ACCEPT
inet/filter/limit-1407 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1407 -m limit --limit 1/second -j LOG
inet/filter/limit-1407 -j DROP
- inet6/filter/limit-1407 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1407
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1407 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1407 -j ACCEPT
+ inet6/filter/limit-1407 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1407 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1409 {"flow-limit":{"count":150},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1408
- inet6/filter/INPUT -i eth0 -j limit-1408
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1408 -j ACCEPT
- inet6/filter/limit-1408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1408 -j ACCEPT
inet/filter/limit-1408 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1408 -m limit --limit 1/second -j LOG
inet/filter/limit-1408 -j DROP
- inet6/filter/limit-1408 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1408
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1408 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1408 -j ACCEPT
+ inet6/filter/limit-1408 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1408 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1410 {"action":"pass","flow-limit":{"count":150},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1409
- inet6/filter/INPUT -i eth0 -j limit-1409
inet/filter/limit-1409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1409 -j RETURN
- inet6/filter/limit-1409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1409 -j RETURN
inet/filter/limit-1409 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1409 -m limit --limit 1/second -j LOG
inet/filter/limit-1409 -j DROP
- inet6/filter/limit-1409 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1409
+ inet6/filter/limit-1409 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1409 -j RETURN
+ inet6/filter/limit-1409 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1409 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1411 {"flow-limit":{"count":150},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1410
- inet6/filter/INPUT -i eth0 -j limit-1410
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1410 -j logaccept-15
- inet6/filter/limit-1410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1410 -j logaccept-15
+ inet/filter/limit-1410 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1410 -j DROP
inet/filter/logaccept-15 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-15 -m limit --limit 1/second -j LOG
inet/filter/logaccept-15 -j ACCEPT
- inet6/filter/logaccept-15 -j ACCEPT
- inet/filter/limit-1410 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1410
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1410 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1410 -j logaccept-15
inet6/filter/limit-1410 -m limit --limit 1/second -j LOG
- inet/filter/limit-1410 -j DROP
inet6/filter/limit-1410 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logaccept-15 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-15 -j ACCEPT
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1412 {"flow-limit":{"count":150},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1411
- inet6/filter/INPUT -i eth0 -j limit-1411
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1411 -j ACCEPT
- inet6/filter/limit-1411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1411 -j ACCEPT
inet/filter/limit-1411 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1411 -m limit --limit 1/second -j LOG
inet/filter/limit-1411 -j DROP
- inet6/filter/limit-1411 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1411
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1411 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1411 -j ACCEPT
+ inet6/filter/limit-1411 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1411 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1413 {"flow-limit":{"count":150,"log":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1412
- inet6/filter/INPUT -i eth0 -j limit-1412
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1412 -j ACCEPT
- inet6/filter/limit-1412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1412 -j ACCEPT
inet/filter/limit-1412 -j DROP
- inet6/filter/limit-1412 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1412
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1412 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1412 -j ACCEPT
+ inet6/filter/limit-1412 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1414 {"action":"pass","flow-limit":{"count":150,"log":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1413
- inet6/filter/INPUT -i eth0 -j limit-1413
inet/filter/limit-1413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1413 -j RETURN
- inet6/filter/limit-1413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1413 -j RETURN
inet/filter/limit-1413 -j DROP
- inet6/filter/limit-1413 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1413
+ inet6/filter/limit-1413 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1413 -j RETURN
+ inet6/filter/limit-1413 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1415 {"flow-limit":{"count":150,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1414
- inet6/filter/INPUT -i eth0 -j limit-1414
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1414 -j logaccept-16
- inet6/filter/limit-1414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1414 -j logaccept-16
+ inet/filter/limit-1414 -j DROP
inet/filter/logaccept-16 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-16 -m limit --limit 1/second -j LOG
inet/filter/logaccept-16 -j ACCEPT
- inet6/filter/logaccept-16 -j ACCEPT
- inet/filter/limit-1414 -j DROP
- inet6/filter/limit-1414 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1414
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1414 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1414 -j logaccept-16
+ inet6/filter/limit-1414 -j DROP
+ inet6/filter/logaccept-16 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-16 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1416 {"flow-limit":{"count":150,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1415
- inet6/filter/INPUT -i eth0 -j limit-1415
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1415 -j ACCEPT
- inet6/filter/limit-1415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1415 -j ACCEPT
inet/filter/limit-1415 -j DROP
- inet6/filter/limit-1415 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1415
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1415 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1415 -j ACCEPT
+ inet6/filter/limit-1415 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1417 {"flow-limit":{"count":150,"log":"none"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1416
- inet6/filter/INPUT -i eth0 -j limit-1416
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1416 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1416 -j ACCEPT
- inet6/filter/limit-1416 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1416 -j ACCEPT
inet/filter/limit-1416 -j DROP
- inet6/filter/limit-1416 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1416
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1416 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1416 -j ACCEPT
+ inet6/filter/limit-1416 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1418 {"action":"pass","flow-limit":{"count":150,"log":"none"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1417
- inet6/filter/INPUT -i eth0 -j limit-1417
inet/filter/limit-1417 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1417 -j RETURN
- inet6/filter/limit-1417 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1417 -j RETURN
inet/filter/limit-1417 -j DROP
- inet6/filter/limit-1417 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1417
+ inet6/filter/limit-1417 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1417 -j RETURN
+ inet6/filter/limit-1417 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1419 {"flow-limit":{"count":150,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1418
- inet6/filter/INPUT -i eth0 -j limit-1418
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1418 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1418 -j logaccept-17
- inet6/filter/limit-1418 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1418 -j logaccept-17
+ inet/filter/limit-1418 -j DROP
inet/filter/logaccept-17 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-17 -m limit --limit 1/second -j LOG
inet/filter/logaccept-17 -j ACCEPT
- inet6/filter/logaccept-17 -j ACCEPT
- inet/filter/limit-1418 -j DROP
- inet6/filter/limit-1418 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1418
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1418 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1418 -j logaccept-17
+ inet6/filter/limit-1418 -j DROP
+ inet6/filter/logaccept-17 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-17 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1420 {"flow-limit":{"count":150,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1419
- inet6/filter/INPUT -i eth0 -j limit-1419
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1419 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1419 -j ACCEPT
- inet6/filter/limit-1419 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1419 -j ACCEPT
inet/filter/limit-1419 -j DROP
- inet6/filter/limit-1419 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1419
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1419 -m hashlimit --hashlimit-upto 150/second --hashlimit-burst 150 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1419 -j ACCEPT
+ inet6/filter/limit-1419 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1421 {"flow-limit":{"count":150,"interval":5},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1420
- inet6/filter/INPUT -i eth0 -j limit-1420
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1420 -j ACCEPT
- inet6/filter/limit-1420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1420 -j ACCEPT
inet/filter/limit-1420 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1420 -m limit --limit 1/second -j LOG
inet/filter/limit-1420 -j DROP
- inet6/filter/limit-1420 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1420
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1420 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1420 -j ACCEPT
+ inet6/filter/limit-1420 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1420 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1422 {"action":"pass","flow-limit":{"count":150,"interval":5},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1421
- inet6/filter/INPUT -i eth0 -j limit-1421
inet/filter/limit-1421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1421 -j RETURN
- inet6/filter/limit-1421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1421 -j RETURN
inet/filter/limit-1421 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1421 -m limit --limit 1/second -j LOG
inet/filter/limit-1421 -j DROP
- inet6/filter/limit-1421 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1421
+ inet6/filter/limit-1421 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1421 -j RETURN
+ inet6/filter/limit-1421 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1421 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1423 {"flow-limit":{"count":150,"interval":5},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1422
- inet6/filter/INPUT -i eth0 -j limit-1422
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1422 -j logaccept-18
- inet6/filter/limit-1422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1422 -j logaccept-18
+ inet/filter/limit-1422 -m limit --limit 1/second -j LOG
+ inet/filter/limit-1422 -j DROP
inet/filter/logaccept-18 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-18 -m limit --limit 1/second -j LOG
inet/filter/logaccept-18 -j ACCEPT
- inet6/filter/logaccept-18 -j ACCEPT
- inet/filter/limit-1422 -m limit --limit 1/second -j LOG
+ inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1422
+ inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1422 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1422 -j logaccept-18
inet6/filter/limit-1422 -m limit --limit 1/second -j LOG
- inet/filter/limit-1422 -j DROP
inet6/filter/limit-1422 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/filter/logaccept-18 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-18 -j ACCEPT
inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
- inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1424 {"flow-limit":{"count":150,"interval":5},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1423
- inet6/filter/INPUT -i eth0 -j limit-1423
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1423 -j ACCEPT
- inet6/filter/limit-1423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1423 -j ACCEPT
inet/filter/limit-1423 -m limit --limit 1/second -j LOG
- inet6/filter/limit-1423 -m limit --limit 1/second -j LOG
inet/filter/limit-1423 -j DROP
- inet6/filter/limit-1423 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1423
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1423 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1423 -j ACCEPT
+ inet6/filter/limit-1423 -m limit --limit 1/second -j LOG
+ inet6/filter/limit-1423 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1425 {"flow-limit":{"count":150,"interval":5,"log":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1424
- inet6/filter/INPUT -i eth0 -j limit-1424
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1424 -j ACCEPT
- inet6/filter/limit-1424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1424 -j ACCEPT
inet/filter/limit-1424 -j DROP
- inet6/filter/limit-1424 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1424
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1424 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1424 -j ACCEPT
+ inet6/filter/limit-1424 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1426 {"action":"pass","flow-limit":{"count":150,"interval":5,"log":false},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1425
- inet6/filter/INPUT -i eth0 -j limit-1425
inet/filter/limit-1425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1425 -j RETURN
- inet6/filter/limit-1425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1425 -j RETURN
inet/filter/limit-1425 -j DROP
- inet6/filter/limit-1425 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1425
+ inet6/filter/limit-1425 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1425 -j RETURN
+ inet6/filter/limit-1425 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1427 {"flow-limit":{"count":150,"interval":5,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1426
- inet6/filter/INPUT -i eth0 -j limit-1426
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1426 -j logaccept-19
- inet6/filter/limit-1426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1426 -j logaccept-19
+ inet/filter/limit-1426 -j DROP
inet/filter/logaccept-19 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-19 -m limit --limit 1/second -j LOG
inet/filter/logaccept-19 -j ACCEPT
- inet6/filter/logaccept-19 -j ACCEPT
- inet/filter/limit-1426 -j DROP
- inet6/filter/limit-1426 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1426
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1426 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1426 -j logaccept-19
+ inet6/filter/limit-1426 -j DROP
+ inet6/filter/logaccept-19 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-19 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1428 {"flow-limit":{"count":150,"interval":5,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1427
- inet6/filter/INPUT -i eth0 -j limit-1427
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1427 -j ACCEPT
- inet6/filter/limit-1427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1427 -j ACCEPT
inet/filter/limit-1427 -j DROP
- inet6/filter/limit-1427 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1427
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1427 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1427 -j ACCEPT
+ inet6/filter/limit-1427 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1429 {"flow-limit":{"count":150,"interval":5,"log":"none"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1428
- inet6/filter/INPUT -i eth0 -j limit-1428
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1428 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1428 -j ACCEPT
- inet6/filter/limit-1428 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1428 -j ACCEPT
inet/filter/limit-1428 -j DROP
- inet6/filter/limit-1428 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1428
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1428 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1428 -j ACCEPT
+ inet6/filter/limit-1428 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1430 {"action":"pass","flow-limit":{"count":150,"interval":5,"log":"none"},"in":"A","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1429
- inet6/filter/INPUT -i eth0 -j limit-1429
inet/filter/limit-1429 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1429 -j RETURN
- inet6/filter/limit-1429 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1429 -j RETURN
inet/filter/limit-1429 -j DROP
- inet6/filter/limit-1429 -j DROP
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1429
+ inet6/filter/limit-1429 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1429 -j RETURN
+ inet6/filter/limit-1429 -j DROP
inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1431 {"flow-limit":{"count":150,"interval":5,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1430
- inet6/filter/INPUT -i eth0 -j limit-1430
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1430 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1430 -j logaccept-20
- inet6/filter/limit-1430 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1430 -j logaccept-20
+ inet/filter/limit-1430 -j DROP
inet/filter/logaccept-20 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-20 -m limit --limit 1/second -j LOG
inet/filter/logaccept-20 -j ACCEPT
- inet6/filter/logaccept-20 -j ACCEPT
- inet/filter/limit-1430 -j DROP
- inet6/filter/limit-1430 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1430
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1430 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1430 -j logaccept-20
+ inet6/filter/limit-1430 -j DROP
+ inet6/filter/logaccept-20 -m limit --limit 1/second -j LOG
+ inet6/filter/logaccept-20 -j ACCEPT
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1432 {"flow-limit":{"count":150,"interval":5,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"}
(filter-limit)
inet/filter/INPUT -i eth0 -j limit-1431
- inet6/filter/INPUT -i eth0 -j limit-1431
+ inet/filter/OUTPUT -o eth0 -j ACCEPT
inet/filter/limit-1431 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-1431 -j ACCEPT
- inet6/filter/limit-1431 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1431 -j ACCEPT
inet/filter/limit-1431 -j DROP
- inet6/filter/limit-1431 -j DROP
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
inet/raw/OUTPUT -o eth0 -j CT --notrack
- inet6/raw/OUTPUT -o eth0 -j CT --notrack
- inet/filter/OUTPUT -o eth0 -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
+ inet6/filter/INPUT -i eth0 -j limit-1431
inet6/filter/OUTPUT -o eth0 -j ACCEPT
+ inet6/filter/limit-1431 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-1431 -j ACCEPT
+ inet6/filter/limit-1431 -j DROP
+ inet6/raw/OUTPUT -o eth0 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack
Filter 1433 {"update-limit":"A"}
(filter-limit)
inet/filter/FORWARD -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/OUTPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/OUTPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1434 {"update-limit":"B"}
(filter-limit)
inet/filter/FORWARD -m recent --name user:B --rsource --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set
+ inet/filter/OUTPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/OUTPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1435 {"update-limit":"C"}
(filter-limit)
inet/filter/FORWARD -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet/filter/INPUT -m recent --name user:C --rsource --mask 254.0.0.0 --set
+ inet/filter/OUTPUT -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/FORWARD -m recent --name user:C --rsource --mask fe00:: --set
inet6/filter/INPUT -m recent --name user:C --rsource --mask fe00:: --set
- inet/filter/OUTPUT -m recent --name user:C --rsource --mask 254.0.0.0 --set
inet6/filter/OUTPUT -m recent --name user:C --rsource --mask fe00:: --set
Filter 1436 {"update-limit":"D"}
(filter-limit)
inet/filter/FORWARD -m recent --name user:D --rsource --mask 255.255.252.0 --set
inet/filter/INPUT -m recent --name user:D --rsource --mask 255.255.252.0 --set
+ inet/filter/OUTPUT -m recent --name user:D --rsource --mask 255.255.252.0 --set
inet6/filter/FORWARD -m recent --name user:D --rsource --mask ffff:ffff:ffff:ffc0:: --set
inet6/filter/INPUT -m recent --name user:D --rsource --mask ffff:ffff:ffff:ffc0:: --set
- inet/filter/OUTPUT -m recent --name user:D --rsource --mask 255.255.252.0 --set
inet6/filter/OUTPUT -m recent --name user:D --rsource --mask ffff:ffff:ffff:ffc0:: --set
Filter 1437 {"update-limit":{"addr":"src","measure":"conn","name":"A"}}
(filter-limit)
inet/filter/FORWARD -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/OUTPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/OUTPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1438 {"update-limit":{"addr":"dest","measure":"conn","name":"A"}}
(filter-limit)
inet/filter/FORWARD -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet/filter/OUTPUT -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/OUTPUT -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1439 {"update-limit":{"addr":"src","measure":"flow","name":"A"}}
(filter-limit)
inet/filter/FORWARD -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
+ inet/filter/OUTPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/OUTPUT -m recent --name user:A --rsource --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:A --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1440 {"update-limit":{"addr":"dest","measure":"flow","name":"A"}}
(filter-limit)
inet/filter/FORWARD -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet/filter/INPUT -m recent --name user:A --rdest --mask 255.255.255.255 --set
+ inet/filter/OUTPUT -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/FORWARD -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
inet6/filter/INPUT -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
- inet/filter/OUTPUT -m recent --name user:A --rdest --mask 255.255.255.255 --set
inet6/filter/OUTPUT -m recent --name user:A --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
Filter 1441 {}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 1442 {"action":"drop"}
(log)
inet/filter/FORWARD -j logdrop-456
- inet6/filter/FORWARD -j logdrop-456
inet/filter/INPUT -j logdrop-456
- inet6/filter/INPUT -j logdrop-456
inet/filter/OUTPUT -j logdrop-456
- inet6/filter/OUTPUT -j logdrop-456
inet/filter/logdrop-456 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-456 -m limit --limit 1/second -j LOG
inet/filter/logdrop-456 -j DROP
+ inet6/filter/FORWARD -j logdrop-456
+ inet6/filter/INPUT -j logdrop-456
+ inet6/filter/OUTPUT -j logdrop-456
+ inet6/filter/logdrop-456 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-456 -j DROP
Filter 1443 {"action":"pass"}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 1444 {"log":false}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 1445 {"action":"drop","log":false}
(log)
inet/filter/FORWARD -j DROP
- inet6/filter/FORWARD -j DROP
inet/filter/INPUT -j DROP
- inet6/filter/INPUT -j DROP
inet/filter/OUTPUT -j DROP
+ inet6/filter/FORWARD -j DROP
+ inet6/filter/INPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 1446 {"action":"pass","log":false}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 1447 {"log":true}
(log)
inet/filter/FORWARD -j logaccept-21
- inet6/filter/FORWARD -j logaccept-21
inet/filter/INPUT -j logaccept-21
- inet6/filter/INPUT -j logaccept-21
inet/filter/OUTPUT -j logaccept-21
- inet6/filter/OUTPUT -j logaccept-21
inet/filter/logaccept-21 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-21 -m limit --limit 1/second -j LOG
inet/filter/logaccept-21 -j ACCEPT
+ inet6/filter/FORWARD -j logaccept-21
+ inet6/filter/INPUT -j logaccept-21
+ inet6/filter/OUTPUT -j logaccept-21
+ inet6/filter/logaccept-21 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-21 -j ACCEPT
Filter 1448 {"action":"drop","log":true}
(log)
inet/filter/FORWARD -j logdrop-457
- inet6/filter/FORWARD -j logdrop-457
inet/filter/INPUT -j logdrop-457
- inet6/filter/INPUT -j logdrop-457
inet/filter/OUTPUT -j logdrop-457
- inet6/filter/OUTPUT -j logdrop-457
inet/filter/logdrop-457 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-457 -m limit --limit 1/second -j LOG
inet/filter/logdrop-457 -j DROP
+ inet6/filter/FORWARD -j logdrop-457
+ inet6/filter/INPUT -j logdrop-457
+ inet6/filter/OUTPUT -j logdrop-457
+ inet6/filter/logdrop-457 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-457 -j DROP
Filter 1449 {"action":"pass","log":true}
(log)
inet/filter/FORWARD -j logpass-0
- inet6/filter/FORWARD -j logpass-0
inet/filter/INPUT -j logpass-0
- inet6/filter/INPUT -j logpass-0
inet/filter/OUTPUT -j logpass-0
- inet6/filter/OUTPUT -j logpass-0
inet/filter/logpass-0 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j logpass-0
+ inet6/filter/INPUT -j logpass-0
+ inet6/filter/OUTPUT -j logpass-0
inet6/filter/logpass-0 -m limit --limit 1/second -j LOG
Filter 1450 {"log":"none"}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 1451 {"action":"drop","log":"none"}
(log)
inet/filter/FORWARD -j DROP
- inet6/filter/FORWARD -j DROP
inet/filter/INPUT -j DROP
- inet6/filter/INPUT -j DROP
inet/filter/OUTPUT -j DROP
+ inet6/filter/FORWARD -j DROP
+ inet6/filter/INPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 1452 {"action":"pass","log":"none"}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 1453 {"in":["_fw","A"]}
(zone)
- inet/filter/OUTPUT -j ACCEPT
- inet6/filter/OUTPUT -j ACCEPT
inet/filter/FORWARD -i eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -j ACCEPT
inet/filter/INPUT -i eth0 -j ACCEPT
+ inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -j ACCEPT
inet6/filter/INPUT -i eth0 -j ACCEPT
+ inet6/filter/OUTPUT -j ACCEPT
Filter 1454 {"in":"B","out":"C"}
(zone)
@@ -19692,35 +19692,27 @@ Filter 1454 {"in":"B","out":"C"}
Filter 1455 {"out":["_fw","B"]}
(zone)
- inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
Filter 1456 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
(zone)
inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT
@@ -19734,40 +19726,48 @@ Filter 1456 {"in":["A","B","C","D","E"],"out":["A","B","C
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
inet6/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
@@ -19795,8 +19795,8 @@ Log none {"mode":"none"}
Mark 1 {"in":["_fw","A"],"mark":0}
(zone)
inet/mangle/OUTPUT -j MARK --set-mark 0
- inet6/mangle/OUTPUT -j MARK --set-mark 0
inet/mangle/PREROUTING -i eth0 -j MARK --set-mark 0
+ inet6/mangle/OUTPUT -j MARK --set-mark 0
inet6/mangle/PREROUTING -i eth0 -j MARK --set-mark 0
Mark 2 {"in":"B","mark":1,"out":"C"}
@@ -19807,16 +19807,16 @@ Mark 2 {"in":"B","mark":1,"out":"C"}
Mark 3 {"mark":2,"out":["_fw","B"]}
(zone)
inet/mangle/INPUT -j MARK --set-mark 2
- inet6/mangle/INPUT -j MARK --set-mark 2
inet/mangle/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MARK --set-mark 2
+ inet6/mangle/INPUT -j MARK --set-mark 2
inet6/mangle/POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 2
No-track 1 {"in":["_fw","A"]}
(zone)
inet/raw/OUTPUT -j CT --notrack
- inet6/raw/OUTPUT -j CT --notrack
inet/raw/PREROUTING -i eth0 -j CT --notrack
+ inet6/raw/OUTPUT -j CT --notrack
inet6/raw/PREROUTING -i eth0 -j CT --notrack
No-track 2 {"in":"B"}
diff --git a/test/output/filter/dump b/test/output/filter/dump
index b05066f..c6b0b60 100644
--- a/test/output/filter/dump
+++ b/test/output/filter/dump
@@ -11,203 +11,203 @@ Dnat 2 {"in":"B"}
Filter 1 {}
(filter)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 2 {"action":"accept"}
(filter)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 3 {"action":"drop"}
(filter)
inet/filter/FORWARD -j logdrop-0
- inet6/filter/FORWARD -j logdrop-0
inet/filter/INPUT -j logdrop-0
- inet6/filter/INPUT -j logdrop-0
inet/filter/OUTPUT -j logdrop-0
- inet6/filter/OUTPUT -j logdrop-0
inet/filter/logdrop-0 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG
inet/filter/logdrop-0 -j DROP
+ inet6/filter/FORWARD -j logdrop-0
+ inet6/filter/INPUT -j logdrop-0
+ inet6/filter/OUTPUT -j logdrop-0
+ inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-0 -j DROP
Filter 4 {"action":"pass"}
(filter)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 5 {"action":"reject"}
(filter)
inet/filter/FORWARD -j logreject-0
- inet6/filter/FORWARD -j logreject-0
inet/filter/INPUT -j logreject-0
- inet6/filter/INPUT -j logreject-0
inet/filter/OUTPUT -j logreject-0
- inet6/filter/OUTPUT -j logreject-0
inet/filter/logreject-0 -m limit --limit 1/second -j LOG
- inet6/filter/logreject-0 -m limit --limit 1/second -j LOG
inet/filter/logreject-0 -j REJECT
+ inet6/filter/FORWARD -j logreject-0
+ inet6/filter/INPUT -j logreject-0
+ inet6/filter/OUTPUT -j logreject-0
+ inet6/filter/logreject-0 -m limit --limit 1/second -j LOG
inet6/filter/logreject-0 -j REJECT
Filter 6 {"action":"tarpit"}
(filter)
inet/filter/FORWARD -j logtarpit-0
- inet6/filter/FORWARD -j logtarpit-0
inet/filter/INPUT -j logtarpit-0
- inet6/filter/INPUT -j logtarpit-0
inet/filter/OUTPUT -j logtarpit-0
- inet6/filter/OUTPUT -j logtarpit-0
inet/filter/logtarpit-0 -m limit --limit 1/second -j LOG
- inet6/filter/logtarpit-0 -m limit --limit 1/second -j LOG
inet/filter/logtarpit-0 -j tarpit
- inet6/filter/logtarpit-0 -j tarpit
- inet/raw/PREROUTING -j CT --notrack
- inet6/raw/PREROUTING -j CT --notrack
inet/raw/OUTPUT -j CT --notrack
+ inet/raw/PREROUTING -j CT --notrack
+ inet6/filter/FORWARD -j logtarpit-0
+ inet6/filter/INPUT -j logtarpit-0
+ inet6/filter/OUTPUT -j logtarpit-0
+ inet6/filter/logtarpit-0 -m limit --limit 1/second -j LOG
+ inet6/filter/logtarpit-0 -j tarpit
inet6/raw/OUTPUT -j CT --notrack
+ inet6/raw/PREROUTING -j CT --notrack
Filter 7 {}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 8 {"action":"drop"}
(log)
inet/filter/FORWARD -j logdrop-1
- inet6/filter/FORWARD -j logdrop-1
inet/filter/INPUT -j logdrop-1
- inet6/filter/INPUT -j logdrop-1
inet/filter/OUTPUT -j logdrop-1
- inet6/filter/OUTPUT -j logdrop-1
inet/filter/logdrop-1 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG
inet/filter/logdrop-1 -j DROP
+ inet6/filter/FORWARD -j logdrop-1
+ inet6/filter/INPUT -j logdrop-1
+ inet6/filter/OUTPUT -j logdrop-1
+ inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-1 -j DROP
Filter 9 {"action":"pass"}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 10 {"log":false}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 11 {"action":"drop","log":false}
(log)
inet/filter/FORWARD -j DROP
- inet6/filter/FORWARD -j DROP
inet/filter/INPUT -j DROP
- inet6/filter/INPUT -j DROP
inet/filter/OUTPUT -j DROP
+ inet6/filter/FORWARD -j DROP
+ inet6/filter/INPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 12 {"action":"pass","log":false}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 13 {"log":true}
(log)
inet/filter/FORWARD -j logaccept-0
- inet6/filter/FORWARD -j logaccept-0
inet/filter/INPUT -j logaccept-0
- inet6/filter/INPUT -j logaccept-0
inet/filter/OUTPUT -j logaccept-0
- inet6/filter/OUTPUT -j logaccept-0
inet/filter/logaccept-0 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG
inet/filter/logaccept-0 -j ACCEPT
+ inet6/filter/FORWARD -j logaccept-0
+ inet6/filter/INPUT -j logaccept-0
+ inet6/filter/OUTPUT -j logaccept-0
+ inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-0 -j ACCEPT
Filter 14 {"action":"drop","log":true}
(log)
inet/filter/FORWARD -j logdrop-2
- inet6/filter/FORWARD -j logdrop-2
inet/filter/INPUT -j logdrop-2
- inet6/filter/INPUT -j logdrop-2
inet/filter/OUTPUT -j logdrop-2
- inet6/filter/OUTPUT -j logdrop-2
inet/filter/logdrop-2 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-2 -m limit --limit 1/second -j LOG
inet/filter/logdrop-2 -j DROP
+ inet6/filter/FORWARD -j logdrop-2
+ inet6/filter/INPUT -j logdrop-2
+ inet6/filter/OUTPUT -j logdrop-2
+ inet6/filter/logdrop-2 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-2 -j DROP
Filter 15 {"action":"pass","log":true}
(log)
inet/filter/FORWARD -j logpass-0
- inet6/filter/FORWARD -j logpass-0
inet/filter/INPUT -j logpass-0
- inet6/filter/INPUT -j logpass-0
inet/filter/OUTPUT -j logpass-0
- inet6/filter/OUTPUT -j logpass-0
inet/filter/logpass-0 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j logpass-0
+ inet6/filter/INPUT -j logpass-0
+ inet6/filter/OUTPUT -j logpass-0
inet6/filter/logpass-0 -m limit --limit 1/second -j LOG
Filter 16 {"log":"none"}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 17 {"action":"drop","log":"none"}
(log)
inet/filter/FORWARD -j DROP
- inet6/filter/FORWARD -j DROP
inet/filter/INPUT -j DROP
- inet6/filter/INPUT -j DROP
inet/filter/OUTPUT -j DROP
+ inet6/filter/FORWARD -j DROP
+ inet6/filter/INPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 18 {"action":"pass","log":"none"}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 19 {"in":["_fw","A"]}
(zone)
- inet/filter/OUTPUT -j ACCEPT
- inet6/filter/OUTPUT -j ACCEPT
inet/filter/FORWARD -i eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -j ACCEPT
inet/filter/INPUT -i eth0 -j ACCEPT
+ inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -j ACCEPT
inet6/filter/INPUT -i eth0 -j ACCEPT
+ inet6/filter/OUTPUT -j ACCEPT
Filter 20 {"in":"B","out":"C"}
(zone)
@@ -216,35 +216,27 @@ Filter 20 {"in":"B","out":"C"}
Filter 21 {"out":["_fw","B"]}
(zone)
- inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
Filter 22 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
(zone)
inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT
@@ -258,40 +250,48 @@ Filter 22 {"in":["A","B","C","D","E"],"out":["A","B","C","D","
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
inet6/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
@@ -319,8 +319,8 @@ Log none {"mode":"none"}
Mark 1 {"in":["_fw","A"],"mark":0}
(zone)
inet/mangle/OUTPUT -j MARK --set-mark 0
- inet6/mangle/OUTPUT -j MARK --set-mark 0
inet/mangle/PREROUTING -i eth0 -j MARK --set-mark 0
+ inet6/mangle/OUTPUT -j MARK --set-mark 0
inet6/mangle/PREROUTING -i eth0 -j MARK --set-mark 0
Mark 2 {"in":"B","mark":1,"out":"C"}
@@ -331,16 +331,16 @@ Mark 2 {"in":"B","mark":1,"out":"C"}
Mark 3 {"mark":2,"out":["_fw","B"]}
(zone)
inet/mangle/INPUT -j MARK --set-mark 2
- inet6/mangle/INPUT -j MARK --set-mark 2
inet/mangle/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MARK --set-mark 2
+ inet6/mangle/INPUT -j MARK --set-mark 2
inet6/mangle/POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 2
No-track 1 {"in":["_fw","A"]}
(zone)
inet/raw/OUTPUT -j CT --notrack
- inet6/raw/OUTPUT -j CT --notrack
inet/raw/PREROUTING -i eth0 -j CT --notrack
+ inet6/raw/OUTPUT -j CT --notrack
inet6/raw/PREROUTING -i eth0 -j CT --notrack
No-track 2 {"in":"B"}
diff --git a/test/output/no-track/dump b/test/output/no-track/dump
index 9079c95..230dae5 100644
--- a/test/output/no-track/dump
+++ b/test/output/no-track/dump
@@ -11,199 +11,199 @@ Dnat 2 {"in":"B"}
Filter 1 {}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 2 {"action":"drop"}
(log)
inet/filter/FORWARD -j logdrop-0
- inet6/filter/FORWARD -j logdrop-0
inet/filter/INPUT -j logdrop-0
- inet6/filter/INPUT -j logdrop-0
inet/filter/OUTPUT -j logdrop-0
- inet6/filter/OUTPUT -j logdrop-0
inet/filter/logdrop-0 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG
inet/filter/logdrop-0 -j DROP
+ inet6/filter/FORWARD -j logdrop-0
+ inet6/filter/INPUT -j logdrop-0
+ inet6/filter/OUTPUT -j logdrop-0
+ inet6/filter/logdrop-0 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-0 -j DROP
Filter 3 {"action":"pass"}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 4 {"log":false}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 5 {"action":"drop","log":false}
(log)
inet/filter/FORWARD -j DROP
- inet6/filter/FORWARD -j DROP
inet/filter/INPUT -j DROP
- inet6/filter/INPUT -j DROP
inet/filter/OUTPUT -j DROP
+ inet6/filter/FORWARD -j DROP
+ inet6/filter/INPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 6 {"action":"pass","log":false}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 7 {"log":true}
(log)
inet/filter/FORWARD -j logaccept-0
- inet6/filter/FORWARD -j logaccept-0
inet/filter/INPUT -j logaccept-0
- inet6/filter/INPUT -j logaccept-0
inet/filter/OUTPUT -j logaccept-0
- inet6/filter/OUTPUT -j logaccept-0
inet/filter/logaccept-0 -m limit --limit 1/second -j LOG
- inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG
inet/filter/logaccept-0 -j ACCEPT
+ inet6/filter/FORWARD -j logaccept-0
+ inet6/filter/INPUT -j logaccept-0
+ inet6/filter/OUTPUT -j logaccept-0
+ inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG
inet6/filter/logaccept-0 -j ACCEPT
Filter 8 {"action":"drop","log":true}
(log)
inet/filter/FORWARD -j logdrop-1
- inet6/filter/FORWARD -j logdrop-1
inet/filter/INPUT -j logdrop-1
- inet6/filter/INPUT -j logdrop-1
inet/filter/OUTPUT -j logdrop-1
- inet6/filter/OUTPUT -j logdrop-1
inet/filter/logdrop-1 -m limit --limit 1/second -j LOG
- inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG
inet/filter/logdrop-1 -j DROP
+ inet6/filter/FORWARD -j logdrop-1
+ inet6/filter/INPUT -j logdrop-1
+ inet6/filter/OUTPUT -j logdrop-1
+ inet6/filter/logdrop-1 -m limit --limit 1/second -j LOG
inet6/filter/logdrop-1 -j DROP
Filter 9 {"action":"pass","log":true}
(log)
inet/filter/FORWARD -j logpass-0
- inet6/filter/FORWARD -j logpass-0
inet/filter/INPUT -j logpass-0
- inet6/filter/INPUT -j logpass-0
inet/filter/OUTPUT -j logpass-0
- inet6/filter/OUTPUT -j logpass-0
inet/filter/logpass-0 -m limit --limit 1/second -j LOG
+ inet6/filter/FORWARD -j logpass-0
+ inet6/filter/INPUT -j logpass-0
+ inet6/filter/OUTPUT -j logpass-0
inet6/filter/logpass-0 -m limit --limit 1/second -j LOG
Filter 10 {"log":"none"}
(log)
inet/filter/FORWARD -j ACCEPT
- inet6/filter/FORWARD -j ACCEPT
inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -j ACCEPT
Filter 11 {"action":"drop","log":"none"}
(log)
inet/filter/FORWARD -j DROP
- inet6/filter/FORWARD -j DROP
inet/filter/INPUT -j DROP
- inet6/filter/INPUT -j DROP
inet/filter/OUTPUT -j DROP
+ inet6/filter/FORWARD -j DROP
+ inet6/filter/INPUT -j DROP
inet6/filter/OUTPUT -j DROP
Filter 12 {"action":"pass","log":"none"}
(log)
inet/filter/FORWARD
- inet6/filter/FORWARD
inet/filter/INPUT
- inet6/filter/INPUT
inet/filter/OUTPUT
+ inet6/filter/FORWARD
+ inet6/filter/INPUT
inet6/filter/OUTPUT
Filter 13 {"in":"_fw","no-track":true,"service":"http"}
(no-track)
+ inet/filter/INPUT -p tcp --sport 80 -j ACCEPT
inet/filter/OUTPUT -p tcp --dport 80 -j ACCEPT
- inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT
inet/raw/OUTPUT -p tcp --dport 80 -j CT --notrack
- inet6/raw/OUTPUT -p tcp --dport 80 -j CT --notrack
inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack
- inet/filter/INPUT -p tcp --sport 80 -j ACCEPT
inet6/filter/INPUT -p tcp --sport 80 -j ACCEPT
+ inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT
+ inet6/raw/OUTPUT -p tcp --dport 80 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack
Filter 14 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"}
(no-track)
inet/filter/FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
- inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
inet/filter/FORWARD -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
+ inet/filter/FORWARD -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
+ inet/filter/FORWARD -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
+ inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
inet/filter/INPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
+ inet/filter/INPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
+ inet/filter/INPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
inet/filter/OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
inet/filter/OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT
- inet/raw/PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
- inet/raw/PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
+ inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
+ inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
inet/raw/OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
inet/raw/OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
- inet/raw/PREROUTING -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
- inet/raw/PREROUTING -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
inet/raw/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
inet/raw/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
- inet/filter/FORWARD -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
- inet/filter/INPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
- inet/filter/FORWARD -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
- inet/filter/INPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
- inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
- inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT
+ inet/raw/PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
+ inet/raw/PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack
+ inet/raw/PREROUTING -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
+ inet/raw/PREROUTING -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j CT --notrack
Filter 15 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"}
(no-track)
inet/filter/FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT
+ inet/filter/FORWARD -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
inet/filter/INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT
+ inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
inet/filter/OUTPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT
- inet/raw/PREROUTING -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack
+ inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
inet/raw/OUTPUT -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack
- inet/raw/PREROUTING -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack
inet/raw/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack
- inet/filter/FORWARD -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
- inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
- inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT
+ inet/raw/PREROUTING -p tcp --dport 22 -d 172.18.0.0/16 -j CT --notrack
+ inet/raw/PREROUTING -p tcp --sport 22 -s 172.18.0.0/16 -j CT --notrack
Filter 16 {"no-track":true,"out":"_fw","service":"ipsec"}
(no-track)
inet/filter/INPUT -p esp -j ACCEPT
- inet6/filter/INPUT -p esp -j ACCEPT
inet/filter/INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
- inet6/filter/INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack
- inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack
- inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack
+ inet/filter/OUTPUT -p esp -j ACCEPT
+ inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT
inet/raw/OUTPUT -p esp -j CT --notrack
- inet6/raw/OUTPUT -p esp -j CT --notrack
inet/raw/OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack
- inet6/raw/OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack
- inet/filter/OUTPUT -p esp -j ACCEPT
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack
+ inet/raw/PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack
+ inet6/filter/INPUT -p esp -j ACCEPT
+ inet6/filter/INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
inet6/filter/OUTPUT -p esp -j ACCEPT
- inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT
inet6/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT
+ inet6/raw/OUTPUT -p esp -j CT --notrack
+ inet6/raw/OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack
+ inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack
Filter 17 {"in":["_fw","A"]}
(zone)
- inet/filter/OUTPUT -j ACCEPT
- inet6/filter/OUTPUT -j ACCEPT
inet/filter/FORWARD -i eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -j ACCEPT
inet/filter/INPUT -i eth0 -j ACCEPT
+ inet/filter/OUTPUT -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -j ACCEPT
inet6/filter/INPUT -i eth0 -j ACCEPT
+ inet6/filter/OUTPUT -j ACCEPT
Filter 18 {"in":"B","out":"C"}
(zone)
@@ -212,35 +212,27 @@ Filter 18 {"in":"B","out":"C"}
Filter 19 {"out":["_fw","B"]}
(zone)
- inet/filter/INPUT -j ACCEPT
- inet6/filter/INPUT -j ACCEPT
inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT
+ inet/filter/INPUT -j ACCEPT
inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/INPUT -j ACCEPT
inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
Filter 20 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
(zone)
inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT
@@ -254,40 +246,48 @@ Filter 20 {"in":["A","B","C","D","E"],"out":["A","B","C","D","
inet/filter/FORWARD -i eth2 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth3 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
inet/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
- inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
inet/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
- inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d 10.0.0.0/12 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth2 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth3 -d 10.1.0.0/12 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
- inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
inet/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -o eth5 -j ACCEPT
+ inet6/filter/FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
+ inet6/filter/FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
inet6/filter/FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
@@ -315,8 +315,8 @@ Log none {"mode":"none"}
Mark 1 {"in":["_fw","A"],"mark":0}
(zone)
inet/mangle/OUTPUT -j MARK --set-mark 0
- inet6/mangle/OUTPUT -j MARK --set-mark 0
inet/mangle/PREROUTING -i eth0 -j MARK --set-mark 0
+ inet6/mangle/OUTPUT -j MARK --set-mark 0
inet6/mangle/PREROUTING -i eth0 -j MARK --set-mark 0
Mark 2 {"in":"B","mark":1,"out":"C"}
@@ -327,16 +327,16 @@ Mark 2 {"in":"B","mark":1,"out":"C"}
Mark 3 {"mark":2,"out":["_fw","B"]}
(zone)
inet/mangle/INPUT -j MARK --set-mark 2
- inet6/mangle/INPUT -j MARK --set-mark 2
inet/mangle/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MARK --set-mark 2
+ inet6/mangle/INPUT -j MARK --set-mark 2
inet6/mangle/POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 2
No-track 1 {"in":["_fw","A"]}
(zone)
inet/raw/OUTPUT -j CT --notrack
- inet6/raw/OUTPUT -j CT --notrack
inet/raw/PREROUTING -i eth0 -j CT --notrack
+ inet6/raw/OUTPUT -j CT --notrack
inet6/raw/PREROUTING -i eth0 -j CT --notrack
No-track 2 {"in":"B"}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 23:34:09 +0000