diff options
Diffstat (limited to 'test/output/custom/rules-save')
-rw-r--r-- | test/output/custom/rules-save | 221 |
1 files changed, 221 insertions, 0 deletions
diff --git a/test/output/custom/rules-save b/test/output/custom/rules-save new file mode 100644 index 0000000..57e2166 --- /dev/null +++ b/test/output/custom/rules-save @@ -0,0 +1,221 @@ +# rules-save generated by awall +*filter +:FORWARD DROP [0:0] +:INPUT DROP [0:0] +:OUTPUT DROP [0:0] +:custom:foo - [0:0] +:icmp-routing - [0:0] +:logaccept-0 - [0:0] +:logaccept-1 - [0:0] +:logaccept-2 - [0:0] +:logaccept-3 - [0:0] +:logdrop-0 - [0:0] +:logdrop-1 - [0:0] +:logdrop-2 - [0:0] +:logdrop-3 - [0:0] +:logdrop-4 - [0:0] +:logpass-0 - [0:0] +:logpass-1 - [0:0] +:logpass-2 - [0:0] +:logpass-3 - [0:0] +-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A FORWARD -o eth0 -m owner --uid-owner 0 -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -j custom:foo +-A FORWARD -j ACCEPT +-A FORWARD -j logdrop-0 +-A FORWARD +-A FORWARD -j ACCEPT +-A FORWARD -j DROP +-A FORWARD +-A FORWARD -j logaccept-0 +-A FORWARD -j logdrop-1 +-A FORWARD -j logpass-0 +-A FORWARD -j logaccept-1 +-A FORWARD -j logdrop-2 +-A FORWARD -j logpass-1 +-A FORWARD -j logaccept-2 +-A FORWARD -j logdrop-3 +-A FORWARD -j logpass-2 +-A FORWARD -j ACCEPT +-A FORWARD -j DROP +-A FORWARD +-A FORWARD -j logaccept-3 +-A FORWARD -j logdrop-4 +-A FORWARD -j logpass-3 +-A FORWARD -i eth0 -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -o eth1 -d 10.0.0.0/12 -j ACCEPT +-A FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT +-A FORWARD -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth0 -o eth3 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth0 -o eth4 -j ACCEPT +-A FORWARD -i eth0 -o eth5 -j ACCEPT +-A FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth0 -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth4 -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth5 -j ACCEPT +-A FORWARD -i eth1 -s 10.0.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth0 -j ACCEPT +-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth0 -j ACCEPT +-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT +-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth1 -d 10.0.0.0/12 -j ACCEPT +-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth4 -j ACCEPT +-A FORWARD -i eth2 -s 10.1.0.0/12 -o eth5 -j ACCEPT +-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth4 -j ACCEPT +-A FORWARD -i eth3 -s 10.1.0.0/12 -o eth5 -j ACCEPT +-A FORWARD -i eth2 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -i eth3 -s 10.1.0.0/12 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -i eth4 -o eth0 -j ACCEPT +-A FORWARD -i eth5 -o eth0 -j ACCEPT +-A FORWARD -i eth4 -o eth1 -d 10.0.0.0/12 -j ACCEPT +-A FORWARD -i eth5 -o eth1 -d 10.0.0.0/12 -j ACCEPT +-A FORWARD -i eth4 -o eth2 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth4 -o eth3 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth5 -o eth2 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth5 -o eth3 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -i eth4 -o eth4 -j ACCEPT +-A FORWARD -i eth4 -o eth5 -j ACCEPT +-A FORWARD -i eth5 -o eth4 -j ACCEPT +-A FORWARD -i eth5 -o eth5 -j ACCEPT +-A FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth1 -d 10.0.0.0/12 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth2 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth3 -d 10.1.0.0/12 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT +-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT +-A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128 +-A INPUT -j TEE --gateway 10.0.0.2 +-A INPUT -j TEE --gateway 10.0.0.1 +-A INPUT -m limit --limit 1/second -j LOG +-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -i eth1 -s 10.0.0.0/12 -j custom:foo +-A INPUT -j ACCEPT +-A INPUT -j logdrop-0 +-A INPUT +-A INPUT -j ACCEPT +-A INPUT -j DROP +-A INPUT +-A INPUT -j logaccept-0 +-A INPUT -j logdrop-1 +-A INPUT -j logpass-0 +-A INPUT -j logaccept-1 +-A INPUT -j logdrop-2 +-A INPUT -j logpass-1 +-A INPUT -j logaccept-2 +-A INPUT -j logdrop-3 +-A INPUT -j logpass-2 +-A INPUT -j ACCEPT +-A INPUT -j DROP +-A INPUT +-A INPUT -j logaccept-3 +-A INPUT -j logdrop-4 +-A INPUT -j logpass-3 +-A INPUT -i eth0 -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -p icmp -j icmp-routing +-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +-A OUTPUT -o lo -j ACCEPT +-A OUTPUT -o eth0 -m owner --uid-owner 0 -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logdrop-0 +-A OUTPUT +-A OUTPUT -j ACCEPT +-A OUTPUT -j DROP +-A OUTPUT +-A OUTPUT -j logaccept-0 +-A OUTPUT -j logdrop-1 +-A OUTPUT -j logpass-0 +-A OUTPUT -j logaccept-1 +-A OUTPUT -j logdrop-2 +-A OUTPUT -j logpass-1 +-A OUTPUT -j logaccept-2 +-A OUTPUT -j logdrop-3 +-A OUTPUT -j logpass-2 +-A OUTPUT -j ACCEPT +-A OUTPUT -j DROP +-A OUTPUT +-A OUTPUT -j logaccept-3 +-A OUTPUT -j logdrop-4 +-A OUTPUT -j logpass-3 +-A OUTPUT -m limit --limit 12/minute -j ULOG +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT +-A OUTPUT -p icmp -j icmp-routing +-A custom:foo -j LED --led-trigger-id foo +-A icmp-routing -p icmp --icmp-type 3 -j ACCEPT +-A icmp-routing -p icmp --icmp-type 11 -j ACCEPT +-A icmp-routing -p icmp --icmp-type 12 -j ACCEPT +-A logaccept-0 -m limit --limit 1/second -j LOG +-A logaccept-0 -j ACCEPT +-A logaccept-1 -j LOG +-A logaccept-1 -j ACCEPT +-A logaccept-2 -j TEE --gateway 10.0.0.1 +-A logaccept-2 -j TEE --gateway 10.0.0.2 +-A logaccept-2 -j ACCEPT +-A logaccept-3 -m limit --limit 12/minute -j ULOG +-A logaccept-3 -j ACCEPT +-A logdrop-0 -m limit --limit 1/second -j LOG +-A logdrop-0 -j DROP +-A logdrop-1 -m limit --limit 1/second -j LOG +-A logdrop-1 -j DROP +-A logdrop-2 -j LOG +-A logdrop-2 -j DROP +-A logdrop-3 -j TEE --gateway 10.0.0.1 +-A logdrop-3 -j TEE --gateway 10.0.0.2 +-A logdrop-3 -j DROP +-A logdrop-4 -m limit --limit 12/minute -j ULOG +-A logdrop-4 -j DROP +-A logpass-0 -m limit --limit 1/second -j LOG +-A logpass-1 -j LOG +-A logpass-2 -j TEE --gateway 10.0.0.1 +-A logpass-2 -j TEE --gateway 10.0.0.2 +-A logpass-3 -m limit --limit 12/minute -j ULOG +COMMIT +*mangle +:FORWARD ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:PREROUTING ACCEPT [0:0] +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j MARK --set-mark 2 +-A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j MARK --set-mark 2 +-A INPUT -j MARK --set-mark 3 +-A OUTPUT -j MARK --set-mark 1 +-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MARK --set-mark 3 +-A PREROUTING -i eth0 -j MARK --set-mark 1 +COMMIT +*nat +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:PREROUTING ACCEPT [0:0] +:awall-masquerade - [0:0] +-A INPUT -j MASQUERADE +-A OUTPUT -j REDIRECT +-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE +-A POSTROUTING -m set --match-set awall-masquerade src -j awall-masquerade +-A PREROUTING -i eth4 -j NETMAP --to 10.1.0.0/12 +-A PREROUTING -i eth5 -j NETMAP --to 10.1.0.0/12 +-A PREROUTING -i eth0 -j REDIRECT +-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT +-A awall-masquerade -m set ! --match-set awall-masquerade dst -j MASQUERADE +COMMIT +*raw +:OUTPUT ACCEPT [0:0] +:PREROUTING ACCEPT [0:0] +-A OUTPUT -j CT --notrack +-A PREROUTING -i eth0 -j CT --notrack +-A PREROUTING -i eth1 -s 10.0.0.0/12 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +COMMIT |