diff options
Diffstat (limited to 'test/output/no-track/rules-save')
| -rw-r--r-- | test/output/no-track/rules-save | 63 |
1 files changed, 51 insertions, 12 deletions
diff --git a/test/output/no-track/rules-save b/test/output/no-track/rules-save index 5955fb8..9274a53 100644 --- a/test/output/no-track/rules-save +++ b/test/output/no-track/rules-save @@ -6,11 +6,17 @@ :icmp-routing - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] +:logaccept-2 - [0:0] +:logaccept-3 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-2 - [0:0] +:logdrop-3 - [0:0] +:logdrop-4 - [0:0] :logpass-0 - [0:0] :logpass-1 - [0:0] +:logpass-2 - [0:0] +:logpass-3 - [0:0] -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j logdrop-0 @@ -21,12 +27,18 @@ -A FORWARD -j logaccept-0 -A FORWARD -j logdrop-1 -A FORWARD -j logpass-0 --A FORWARD -j ACCEPT --A FORWARD -j DROP --A FORWARD -A FORWARD -j logaccept-1 -A FORWARD -j logdrop-2 -A FORWARD -j logpass-1 +-A FORWARD -j logaccept-2 +-A FORWARD -j logdrop-3 +-A FORWARD -j logpass-2 +-A FORWARD -j ACCEPT +-A FORWARD -j DROP +-A FORWARD +-A FORWARD -j logaccept-3 +-A FORWARD -j logdrop-4 +-A FORWARD -j logpass-3 -A FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A FORWARD -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A FORWARD -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT @@ -84,6 +96,8 @@ -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing -A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -j TEE --gateway 10.0.0.2 +-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT @@ -96,12 +110,18 @@ -A INPUT -j logaccept-0 -A INPUT -j logdrop-1 -A INPUT -j logpass-0 --A INPUT -j ACCEPT --A INPUT -j DROP --A INPUT -A INPUT -j logaccept-1 -A INPUT -j logdrop-2 -A INPUT -j logpass-1 +-A INPUT -j logaccept-2 +-A INPUT -j logdrop-3 +-A INPUT -j logpass-2 +-A INPUT -j ACCEPT +-A INPUT -j DROP +-A INPUT +-A INPUT -j logaccept-3 +-A INPUT -j logdrop-4 +-A INPUT -j logpass-3 -A INPUT -p tcp --sport 80 -j ACCEPT -A INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT @@ -125,12 +145,18 @@ -A OUTPUT -j logaccept-0 -A OUTPUT -j logdrop-1 -A OUTPUT -j logpass-0 --A OUTPUT -j ACCEPT --A OUTPUT -j DROP --A OUTPUT -A OUTPUT -j logaccept-1 -A OUTPUT -j logdrop-2 -A OUTPUT -j logpass-1 +-A OUTPUT -j logaccept-2 +-A OUTPUT -j logdrop-3 +-A OUTPUT -j logpass-2 +-A OUTPUT -j ACCEPT +-A OUTPUT -j DROP +-A OUTPUT +-A OUTPUT -j logaccept-3 +-A OUTPUT -j logdrop-4 +-A OUTPUT -j logpass-3 -A OUTPUT -m limit --limit 12/minute -j ULOG -A OUTPUT -p tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT @@ -149,16 +175,29 @@ -A icmp-routing -p icmp --icmp-type 12 -j ACCEPT -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT --A logaccept-1 -m limit --limit 12/minute -j ULOG +-A logaccept-1 -j LOG -A logaccept-1 -j ACCEPT +-A logaccept-2 -j TEE --gateway 10.0.0.1 +-A logaccept-2 -j TEE --gateway 10.0.0.2 +-A logaccept-2 -j ACCEPT +-A logaccept-3 -m limit --limit 12/minute -j ULOG +-A logaccept-3 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG -A logdrop-1 -j DROP --A logdrop-2 -m limit --limit 12/minute -j ULOG +-A logdrop-2 -j LOG -A logdrop-2 -j DROP +-A logdrop-3 -j TEE --gateway 10.0.0.1 +-A logdrop-3 -j TEE --gateway 10.0.0.2 +-A logdrop-3 -j DROP +-A logdrop-4 -m limit --limit 12/minute -j ULOG +-A logdrop-4 -j DROP -A logpass-0 -m limit --limit 1/second -j LOG --A logpass-1 -m limit --limit 12/minute -j ULOG +-A logpass-1 -j LOG +-A logpass-2 -j TEE --gateway 10.0.0.1 +-A logpass-2 -j TEE --gateway 10.0.0.2 +-A logpass-3 -m limit --limit 12/minute -j ULOG COMMIT *mangle :FORWARD ACCEPT [0:0] |