aboutsummaryrefslogtreecommitdiffstats
path: root/test/output/custom/rules-save
diff options
context:
space:
mode:
Diffstat (limited to 'test/output/custom/rules-save')
-rw-r--r--test/output/custom/rules-save221
1 files changed, 221 insertions, 0 deletions
diff --git a/test/output/custom/rules-save b/test/output/custom/rules-save
new file mode 100644
index 0000000..57e2166
--- /dev/null
+++ b/test/output/custom/rules-save
@@ -0,0 +1,221 @@
+# rules-save generated by awall
+*filter
+:FORWARD DROP [0:0]
+:INPUT DROP [0:0]
+:OUTPUT DROP [0:0]
+:custom:foo - [0:0]
+:icmp-routing - [0:0]
+:logaccept-0 - [0:0]
+:logaccept-1 - [0:0]
+:logaccept-2 - [0:0]
+:logaccept-3 - [0:0]
+:logdrop-0 - [0:0]
+:logdrop-1 - [0:0]
+:logdrop-2 - [0:0]
+:logdrop-3 - [0:0]
+:logdrop-4 - [0:0]
+:logpass-0 - [0:0]
+:logpass-1 - [0:0]
+:logpass-2 - [0:0]
+:logpass-3 - [0:0]
+-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A FORWARD -o eth0 -m owner --uid-owner 0 -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -j custom:foo
+-A FORWARD -j ACCEPT
+-A FORWARD -j logdrop-0
+-A FORWARD
+-A FORWARD -j ACCEPT
+-A FORWARD -j DROP
+-A FORWARD
+-A FORWARD -j logaccept-0
+-A FORWARD -j logdrop-1
+-A FORWARD -j logpass-0
+-A FORWARD -j logaccept-1
+-A FORWARD -j logdrop-2
+-A FORWARD -j logpass-1
+-A FORWARD -j logaccept-2
+-A FORWARD -j logdrop-3
+-A FORWARD -j logpass-2
+-A FORWARD -j ACCEPT
+-A FORWARD -j DROP
+-A FORWARD
+-A FORWARD -j logaccept-3
+-A FORWARD -j logdrop-4
+-A FORWARD -j logpass-3
+-A FORWARD -i eth0 -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT
+-A FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT
+-A FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth0 -o eth3 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth0 -o eth4 -j ACCEPT
+-A FORWARD -i eth0 -o eth5 -j ACCEPT
+-A FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth0 -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth4 -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth5 -j ACCEPT
+-A FORWARD -i eth1 -s 10.0.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth0 -j ACCEPT
+-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth0 -j ACCEPT
+-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT
+-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT
+-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth4 -j ACCEPT
+-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth5 -j ACCEPT
+-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth4 -j ACCEPT
+-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth5 -j ACCEPT
+-A FORWARD -i eth2 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -i eth3 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -i eth4 -o eth0 -j ACCEPT
+-A FORWARD -i eth5 -o eth0 -j ACCEPT
+-A FORWARD -i eth4 -o eth1 -d 10.0.0.0/12 -j ACCEPT
+-A FORWARD -i eth5 -o eth1 -d 10.0.0.0/12 -j ACCEPT
+-A FORWARD -i eth4 -o eth2 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth4 -o eth3 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth5 -o eth2 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth5 -o eth3 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -i eth4 -o eth4 -j ACCEPT
+-A FORWARD -i eth4 -o eth5 -j ACCEPT
+-A FORWARD -i eth5 -o eth4 -j ACCEPT
+-A FORWARD -i eth5 -o eth5 -j ACCEPT
+-A FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth1 -d 10.0.0.0/12 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth2 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth3 -d 10.1.0.0/12 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
+-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
+-A FORWARD -p icmp -j icmp-routing
+-A INPUT -m limit --limit 12/minute -j ULOG
+-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
+-A INPUT -j TEE --gateway 10.0.0.2
+-A INPUT -j TEE --gateway 10.0.0.1
+-A INPUT -m limit --limit 1/second -j LOG
+-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i eth1 -s 10.0.0.0/12 -j custom:foo
+-A INPUT -j ACCEPT
+-A INPUT -j logdrop-0
+-A INPUT
+-A INPUT -j ACCEPT
+-A INPUT -j DROP
+-A INPUT
+-A INPUT -j logaccept-0
+-A INPUT -j logdrop-1
+-A INPUT -j logpass-0
+-A INPUT -j logaccept-1
+-A INPUT -j logdrop-2
+-A INPUT -j logpass-1
+-A INPUT -j logaccept-2
+-A INPUT -j logdrop-3
+-A INPUT -j logpass-2
+-A INPUT -j ACCEPT
+-A INPUT -j DROP
+-A INPUT
+-A INPUT -j logaccept-3
+-A INPUT -j logdrop-4
+-A INPUT -j logpass-3
+-A INPUT -i eth0 -j ACCEPT
+-A INPUT -j ACCEPT
+-A INPUT -p icmp -j icmp-routing
+-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A OUTPUT -o lo -j ACCEPT
+-A OUTPUT -o eth0 -m owner --uid-owner 0 -j ACCEPT
+-A OUTPUT -j ACCEPT
+-A OUTPUT -j logdrop-0
+-A OUTPUT
+-A OUTPUT -j ACCEPT
+-A OUTPUT -j DROP
+-A OUTPUT
+-A OUTPUT -j logaccept-0
+-A OUTPUT -j logdrop-1
+-A OUTPUT -j logpass-0
+-A OUTPUT -j logaccept-1
+-A OUTPUT -j logdrop-2
+-A OUTPUT -j logpass-1
+-A OUTPUT -j logaccept-2
+-A OUTPUT -j logdrop-3
+-A OUTPUT -j logpass-2
+-A OUTPUT -j ACCEPT
+-A OUTPUT -j DROP
+-A OUTPUT
+-A OUTPUT -j logaccept-3
+-A OUTPUT -j logdrop-4
+-A OUTPUT -j logpass-3
+-A OUTPUT -m limit --limit 12/minute -j ULOG
+-A OUTPUT -j ACCEPT
+-A OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
+-A OUTPUT -p icmp -j icmp-routing
+-A custom:foo -j LED --led-trigger-id foo
+-A icmp-routing -p icmp --icmp-type 3 -j ACCEPT
+-A icmp-routing -p icmp --icmp-type 11 -j ACCEPT
+-A icmp-routing -p icmp --icmp-type 12 -j ACCEPT
+-A logaccept-0 -m limit --limit 1/second -j LOG
+-A logaccept-0 -j ACCEPT
+-A logaccept-1 -j LOG
+-A logaccept-1 -j ACCEPT
+-A logaccept-2 -j TEE --gateway 10.0.0.1
+-A logaccept-2 -j TEE --gateway 10.0.0.2
+-A logaccept-2 -j ACCEPT
+-A logaccept-3 -m limit --limit 12/minute -j ULOG
+-A logaccept-3 -j ACCEPT
+-A logdrop-0 -m limit --limit 1/second -j LOG
+-A logdrop-0 -j DROP
+-A logdrop-1 -m limit --limit 1/second -j LOG
+-A logdrop-1 -j DROP
+-A logdrop-2 -j LOG
+-A logdrop-2 -j DROP
+-A logdrop-3 -j TEE --gateway 10.0.0.1
+-A logdrop-3 -j TEE --gateway 10.0.0.2
+-A logdrop-3 -j DROP
+-A logdrop-4 -m limit --limit 12/minute -j ULOG
+-A logdrop-4 -j DROP
+-A logpass-0 -m limit --limit 1/second -j LOG
+-A logpass-1 -j LOG
+-A logpass-2 -j TEE --gateway 10.0.0.1
+-A logpass-2 -j TEE --gateway 10.0.0.2
+-A logpass-3 -m limit --limit 12/minute -j ULOG
+COMMIT
+*mangle
+:FORWARD ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j MARK --set-mark 2
+-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j MARK --set-mark 2
+-A INPUT -j MARK --set-mark 3
+-A OUTPUT -j MARK --set-mark 1
+-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MARK --set-mark 3
+-A PREROUTING -i eth0 -j MARK --set-mark 1
+COMMIT
+*nat
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
+:awall-masquerade - [0:0]
+-A INPUT -j MASQUERADE
+-A OUTPUT -j REDIRECT
+-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
+-A POSTROUTING -m set --match-set awall-masquerade src -j awall-masquerade
+-A PREROUTING -i eth4 -j NETMAP --to 10.1.0.0/12
+-A PREROUTING -i eth5 -j NETMAP --to 10.1.0.0/12
+-A PREROUTING -i eth0 -j REDIRECT
+-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
+-A awall-masquerade -m set ! --match-set awall-masquerade dst -j MASQUERADE
+COMMIT
+*raw
+:OUTPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
+-A OUTPUT -j CT --notrack
+-A PREROUTING -i eth0 -j CT --notrack
+-A PREROUTING -i eth1 -s 10.0.0.0/12 -j CT --notrack
+-A PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
+COMMIT
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 19:09:41 +0000