From ec0c0201f12bffa7330ddd87717b663fc2c22e86 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Sat, 7 Oct 2017 12:32:09 +0300 Subject: test: filter-limit: complex limit with mere count --- test/mandatory/filter-limit.lua | 5 +- test/output/dump | 3376 +++++++++++++++++++++++++-------------- test/output/rules-save | 684 +++++--- test/output/rules6-save | 684 +++++--- 4 files changed, 3179 insertions(+), 1570 deletions(-) diff --git a/test/mandatory/filter-limit.lua b/test/mandatory/filter-limit.lua index 73bb6c0..b992a34 100644 --- a/test/mandatory/filter-limit.lua +++ b/test/mandatory/filter-limit.lua @@ -6,7 +6,10 @@ res = {} function add(limit_type, base) for _, count in ipairs{1, 30} do for _, limit in ipairs{ - count, {count=count, log=false}, {count=count, log='none'} + count, + {count=count}, + {count=count, log=false}, + {count=count, log='none'} } do for _, log in ipairs{false, true, 'none'} do for _, action in ipairs{false, 'pass'} do diff --git a/test/output/dump b/test/output/dump index aa4058e..6d03ab9 100644 --- a/test/output/dump +++ b/test/output/dump @@ -170,75 +170,99 @@ Filter 12 {"action":"pass","conn-limit":1,"log":"none"," inet/filter/limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set inet6/filter/limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 13 {"conn-limit":{"count":1,"log":false},"out":"B"} +Filter 13 {"conn-limit":{"count":1},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-6 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-6 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-6 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-6 - inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 + inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 + inet/filter/logdrop-7 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-7 -m limit --limit 1/second -j LOG + inet/filter/logdrop-7 -j DROP + inet6/filter/logdrop-7 -j DROP inet/filter/limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 14 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} +Filter 14 {"action":"pass","conn-limit":{"count":1},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-7 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-7 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-7 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-7 - inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 + inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 + inet/filter/logdrop-8 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-8 -m limit --limit 1/second -j LOG + inet/filter/logdrop-8 -j DROP + inet6/filter/logdrop-8 -j DROP inet/filter/limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set inet6/filter/limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 15 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} +Filter 15 {"conn-limit":{"count":1},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-8 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-8 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-8 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-8 - inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 + inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 + inet/filter/logdrop-9 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-9 -m limit --limit 1/second -j LOG + inet/filter/logdrop-9 -j DROP + inet6/filter/logdrop-9 -j DROP inet/filter/limit-8 -m limit --limit 1/second -j LOG inet6/filter/limit-8 -m limit --limit 1/second -j LOG inet/filter/limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 16 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} +Filter 16 {"action":"pass","conn-limit":{"count":1},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-9 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-9 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-9 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-9 - inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 + inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 + inet/filter/logdrop-10 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-10 -m limit --limit 1/second -j LOG + inet/filter/logdrop-10 -j DROP + inet6/filter/logdrop-10 -j DROP inet/filter/limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG inet6/filter/limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 17 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} +Filter 17 {"conn-limit":{"count":1},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-10 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-10 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-10 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-10 - inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 + inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 + inet/filter/logdrop-11 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-11 -m limit --limit 1/second -j LOG + inet/filter/logdrop-11 -j DROP + inet6/filter/logdrop-11 -j DROP inet/filter/limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 18 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} +Filter 18 {"action":"pass","conn-limit":{"count":1},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-11 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-11 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-11 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-11 - inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 + inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 + inet/filter/logdrop-12 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-12 -m limit --limit 1/second -j LOG + inet/filter/logdrop-12 -j DROP + inet6/filter/logdrop-12 -j DROP inet/filter/limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set inet6/filter/limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 19 {"conn-limit":{"count":1,"log":"none"},"out":"B"} +Filter 19 {"conn-limit":{"count":1,"log":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-12 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-12 @@ -249,7 +273,7 @@ Filter 19 {"conn-limit":{"count":1,"log":"none"},"out":" inet/filter/limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 20 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} +Filter 20 {"action":"pass","conn-limit":{"count":1,"log":false},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-13 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-13 @@ -260,7 +284,7 @@ Filter 20 {"action":"pass","conn-limit":{"count":1,"log" inet/filter/limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --set inet6/filter/limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 21 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} +Filter 21 {"conn-limit":{"count":1,"log":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-14 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-14 @@ -273,7 +297,7 @@ Filter 21 {"conn-limit":{"count":1,"log":"none"},"log":t inet/filter/limit-14 -m recent --name limit-14 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-14 -m recent --name limit-14 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 22 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} +Filter 22 {"action":"pass","conn-limit":{"count":1,"log":false},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-15 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-15 @@ -284,7 +308,7 @@ Filter 22 {"action":"pass","conn-limit":{"count":1,"log" inet/filter/limit-15 -m recent --name limit-15 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG inet6/filter/limit-15 -m recent --name limit-15 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 23 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} +Filter 23 {"conn-limit":{"count":1,"log":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-16 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-16 @@ -295,7 +319,7 @@ Filter 23 {"conn-limit":{"count":1,"log":"none"},"log":" inet/filter/limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --set -j ACCEPT inet6/filter/limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 24 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} +Filter 24 {"action":"pass","conn-limit":{"count":1,"log":false},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-17 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-17 @@ -306,351 +330,283 @@ Filter 24 {"action":"pass","conn-limit":{"count":1,"log" inet/filter/limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --set inet6/filter/limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 25 {"conn-limit":30,"out":"B"} +Filter 25 {"conn-limit":{"count":1,"log":"none"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-18 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-18 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-18 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-18 - inet/filter/limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-18 -j ACCEPT - inet6/filter/limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-18 -j ACCEPT - inet/filter/limit-18 -m limit --limit 1/second -j LOG - inet6/filter/limit-18 -m limit --limit 1/second -j LOG - inet/filter/limit-18 -j DROP - inet6/filter/limit-18 -j DROP + inet/filter/limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 26 {"action":"pass","conn-limit":30,"out":"B"} +Filter 26 {"action":"pass","conn-limit":{"count":1,"log":"none"},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-19 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-19 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-19 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-19 - inet/filter/limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-19 -j RETURN - inet6/filter/limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-19 -j RETURN - inet/filter/limit-19 -m limit --limit 1/second -j LOG - inet6/filter/limit-19 -m limit --limit 1/second -j LOG - inet/filter/limit-19 -j DROP - inet6/filter/limit-19 -j DROP + inet/filter/limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 27 {"conn-limit":30,"log":true,"out":"B"} +Filter 27 {"conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-20 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-20 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-20 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-20 - inet/filter/limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-20 -j logaccept-0 - inet6/filter/limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-20 -j logaccept-0 - inet/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-0 -j ACCEPT - inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP inet/filter/limit-20 -m limit --limit 1/second -j LOG inet6/filter/limit-20 -m limit --limit 1/second -j LOG - inet/filter/limit-20 -j DROP - inet6/filter/limit-20 -j DROP + inet/filter/limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 28 {"conn-limit":30,"log":"none","out":"B"} +Filter 28 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-21 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-21 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-21 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-21 - inet/filter/limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-21 -j ACCEPT - inet6/filter/limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-21 -j ACCEPT - inet/filter/limit-21 -m limit --limit 1/second -j LOG - inet6/filter/limit-21 -m limit --limit 1/second -j LOG - inet/filter/limit-21 -j DROP - inet6/filter/limit-21 -j DROP + inet/filter/limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 29 {"conn-limit":{"count":30,"log":false},"out":"B"} +Filter 29 {"conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-22 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-22 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-22 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-22 - inet/filter/limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-22 -j ACCEPT - inet6/filter/limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-22 -j ACCEPT - inet/filter/limit-22 -j DROP - inet6/filter/limit-22 -j DROP + inet/filter/limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -Filter 30 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} +Filter 30 {"action":"pass","conn-limit":{"count":1,"log":"none"},"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-23 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-23 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-23 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-23 - inet/filter/limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-23 -j RETURN - inet6/filter/limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-23 -j RETURN - inet/filter/limit-23 -j DROP - inet6/filter/limit-23 -j DROP + inet/filter/limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 31 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} +Filter 31 {"conn-limit":30,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-24 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-24 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-24 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-24 - inet/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j logaccept-1 - inet6/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j logaccept-1 - inet/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-1 -j ACCEPT - inet6/filter/logaccept-1 -j ACCEPT + inet/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j ACCEPT + inet6/filter/limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j ACCEPT + inet/filter/limit-24 -m limit --limit 1/second -j LOG + inet6/filter/limit-24 -m limit --limit 1/second -j LOG inet/filter/limit-24 -j DROP inet6/filter/limit-24 -j DROP -Filter 32 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} +Filter 32 {"action":"pass","conn-limit":30,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-25 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-25 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-25 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-25 - inet/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j ACCEPT - inet6/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j ACCEPT + inet/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j RETURN + inet6/filter/limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j RETURN + inet/filter/limit-25 -m limit --limit 1/second -j LOG + inet6/filter/limit-25 -m limit --limit 1/second -j LOG inet/filter/limit-25 -j DROP inet6/filter/limit-25 -j DROP -Filter 33 {"conn-limit":{"count":30,"log":"none"},"out":"B"} +Filter 33 {"conn-limit":30,"log":true,"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-26 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-26 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-26 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-26 - inet/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j ACCEPT - inet6/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j ACCEPT + inet/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j logaccept-0 + inet6/filter/limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j logaccept-0 + inet/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-0 -j ACCEPT + inet6/filter/logaccept-0 -j ACCEPT + inet/filter/limit-26 -m limit --limit 1/second -j LOG + inet6/filter/limit-26 -m limit --limit 1/second -j LOG inet/filter/limit-26 -j DROP inet6/filter/limit-26 -j DROP -Filter 34 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} +Filter 34 {"conn-limit":30,"log":"none","out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-27 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-27 - inet/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j RETURN - inet6/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j RETURN + inet/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j ACCEPT + inet6/filter/limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j ACCEPT + inet/filter/limit-27 -m limit --limit 1/second -j LOG + inet6/filter/limit-27 -m limit --limit 1/second -j LOG inet/filter/limit-27 -j DROP inet6/filter/limit-27 -j DROP -Filter 35 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} +Filter 35 {"conn-limit":{"count":30},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-28 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-28 - inet/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j logaccept-2 - inet6/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j logaccept-2 - inet/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-2 -j ACCEPT - inet6/filter/logaccept-2 -j ACCEPT + inet/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j ACCEPT + inet6/filter/limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j ACCEPT + inet/filter/limit-28 -m limit --limit 1/second -j LOG + inet6/filter/limit-28 -m limit --limit 1/second -j LOG inet/filter/limit-28 -j DROP inet6/filter/limit-28 -j DROP -Filter 36 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} +Filter 36 {"action":"pass","conn-limit":{"count":30},"out":"B"} (filter-limit) inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-29 inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-29 - inet/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j ACCEPT - inet6/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j ACCEPT + inet/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j RETURN + inet6/filter/limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j RETURN + inet/filter/limit-29 -m limit --limit 1/second -j LOG + inet6/filter/limit-29 -m limit --limit 1/second -j LOG inet/filter/limit-29 -j DROP inet6/filter/limit-29 -j DROP -Filter 37 {"flow-limit":1} +Filter 37 {"conn-limit":{"count":30},"log":true,"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-30 - inet6/filter/FORWARD -j limit-30 - inet/filter/INPUT -j limit-30 - inet6/filter/INPUT -j limit-30 - inet/filter/OUTPUT -j limit-30 - inet6/filter/OUTPUT -j limit-30 - inet/filter/limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 - inet6/filter/limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 - inet/filter/logdrop-7 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-7 -m limit --limit 1/second -j LOG - inet/filter/logdrop-7 -j DROP - inet6/filter/logdrop-7 -j DROP - inet/filter/limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-30 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-30 + inet/filter/limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-30 -j logaccept-1 + inet6/filter/limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-30 -j logaccept-1 + inet/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-1 -j ACCEPT + inet6/filter/logaccept-1 -j ACCEPT + inet/filter/limit-30 -m limit --limit 1/second -j LOG + inet6/filter/limit-30 -m limit --limit 1/second -j LOG + inet/filter/limit-30 -j DROP + inet6/filter/limit-30 -j DROP -Filter 38 {"action":"pass","flow-limit":1} +Filter 38 {"conn-limit":{"count":30},"log":"none","out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-31 - inet6/filter/FORWARD -j limit-31 - inet/filter/INPUT -j limit-31 - inet6/filter/INPUT -j limit-31 - inet/filter/OUTPUT -j limit-31 - inet6/filter/OUTPUT -j limit-31 - inet/filter/limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 - inet6/filter/limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 - inet/filter/logdrop-8 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-8 -m limit --limit 1/second -j LOG - inet/filter/logdrop-8 -j DROP - inet6/filter/logdrop-8 -j DROP - inet/filter/limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 39 {"flow-limit":1,"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-32 - inet6/filter/FORWARD -j limit-32 - inet/filter/INPUT -j limit-32 - inet6/filter/INPUT -j limit-32 - inet/filter/OUTPUT -j limit-32 - inet6/filter/OUTPUT -j limit-32 - inet/filter/limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 - inet6/filter/limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 - inet/filter/logdrop-9 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-9 -m limit --limit 1/second -j LOG - inet/filter/logdrop-9 -j DROP - inet6/filter/logdrop-9 -j DROP - inet/filter/limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-0 - inet6/filter/FORWARD -j logaccept-final-0 - inet/filter/INPUT -j logaccept-final-0 - inet6/filter/INPUT -j logaccept-final-0 - inet/filter/OUTPUT -j logaccept-final-0 - inet6/filter/OUTPUT -j logaccept-final-0 - inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-0 -j ACCEPT - inet6/filter/logaccept-final-0 -j ACCEPT - -Filter 40 {"action":"pass","flow-limit":1,"log":true} + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-31 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-31 + inet/filter/limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-31 -j ACCEPT + inet6/filter/limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-31 -j ACCEPT + inet/filter/limit-31 -m limit --limit 1/second -j LOG + inet6/filter/limit-31 -m limit --limit 1/second -j LOG + inet/filter/limit-31 -j DROP + inet6/filter/limit-31 -j DROP + +Filter 39 {"conn-limit":{"count":30,"log":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-33 - inet6/filter/FORWARD -j limit-33 - inet/filter/INPUT -j limit-33 - inet6/filter/INPUT -j limit-33 - inet/filter/OUTPUT -j limit-33 - inet6/filter/OUTPUT -j limit-33 - inet/filter/limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 - inet6/filter/limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 - inet/filter/logdrop-10 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-10 -m limit --limit 1/second -j LOG - inet/filter/logdrop-10 -j DROP - inet6/filter/logdrop-10 -j DROP - inet/filter/limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG - -Filter 41 {"flow-limit":1,"log":"none"} -(filter-limit) - inet/filter/FORWARD -j limit-34 - inet6/filter/FORWARD -j limit-34 - inet/filter/INPUT -j limit-34 - inet6/filter/INPUT -j limit-34 - inet/filter/OUTPUT -j limit-34 - inet6/filter/OUTPUT -j limit-34 - inet/filter/limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 - inet6/filter/limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 - inet/filter/logdrop-11 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-11 -m limit --limit 1/second -j LOG - inet/filter/logdrop-11 -j DROP - inet6/filter/logdrop-11 -j DROP - inet/filter/limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 42 {"action":"pass","flow-limit":1,"log":"none"} + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-32 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-32 + inet/filter/limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-32 -j ACCEPT + inet6/filter/limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-32 -j ACCEPT + inet/filter/limit-32 -j DROP + inet6/filter/limit-32 -j DROP + +Filter 40 {"action":"pass","conn-limit":{"count":30,"log":false},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-35 - inet6/filter/FORWARD -j limit-35 - inet/filter/INPUT -j limit-35 - inet6/filter/INPUT -j limit-35 - inet/filter/OUTPUT -j limit-35 - inet6/filter/OUTPUT -j limit-35 - inet/filter/limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 - inet6/filter/limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 - inet/filter/logdrop-12 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-12 -m limit --limit 1/second -j LOG - inet/filter/logdrop-12 -j DROP - inet6/filter/logdrop-12 -j DROP - inet/filter/limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 43 {"flow-limit":{"count":1,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-36 - inet6/filter/FORWARD -j limit-36 - inet/filter/INPUT -j limit-36 - inet6/filter/INPUT -j limit-36 - inet/filter/OUTPUT -j limit-36 - inet6/filter/OUTPUT -j limit-36 - inet/filter/limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 44 {"action":"pass","flow-limit":{"count":1,"log":false}} -(filter-limit) - inet/filter/FORWARD -j limit-37 - inet6/filter/FORWARD -j limit-37 - inet/filter/INPUT -j limit-37 - inet6/filter/INPUT -j limit-37 - inet/filter/OUTPUT -j limit-37 - inet6/filter/OUTPUT -j limit-37 - inet/filter/limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - -Filter 45 {"flow-limit":{"count":1,"log":false},"log":true} -(filter-limit) - inet/filter/FORWARD -j limit-38 - inet6/filter/FORWARD -j limit-38 - inet/filter/INPUT -j limit-38 - inet6/filter/INPUT -j limit-38 - inet/filter/OUTPUT -j limit-38 - inet6/filter/OUTPUT -j limit-38 - inet/filter/limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-1 - inet6/filter/FORWARD -j logaccept-final-1 - inet/filter/INPUT -j logaccept-final-1 - inet6/filter/INPUT -j logaccept-final-1 - inet/filter/OUTPUT -j logaccept-final-1 - inet6/filter/OUTPUT -j logaccept-final-1 - inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-1 -j ACCEPT - inet6/filter/logaccept-final-1 -j ACCEPT + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-33 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-33 + inet/filter/limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-33 -j RETURN + inet6/filter/limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-33 -j RETURN + inet/filter/limit-33 -j DROP + inet6/filter/limit-33 -j DROP + +Filter 41 {"conn-limit":{"count":30,"log":false},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-34 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-34 + inet/filter/limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-34 -j logaccept-2 + inet6/filter/limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-34 -j logaccept-2 + inet/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-2 -j ACCEPT + inet6/filter/logaccept-2 -j ACCEPT + inet/filter/limit-34 -j DROP + inet6/filter/limit-34 -j DROP -Filter 46 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} +Filter 42 {"conn-limit":{"count":30,"log":false},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-35 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-35 + inet/filter/limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-35 -j ACCEPT + inet6/filter/limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-35 -j ACCEPT + inet/filter/limit-35 -j DROP + inet6/filter/limit-35 -j DROP + +Filter 43 {"conn-limit":{"count":30,"log":"none"},"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-36 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-36 + inet/filter/limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-36 -j ACCEPT + inet6/filter/limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-36 -j ACCEPT + inet/filter/limit-36 -j DROP + inet6/filter/limit-36 -j DROP + +Filter 44 {"action":"pass","conn-limit":{"count":30,"log":"none"},"out":"B"} (filter-limit) - inet/filter/FORWARD -j limit-39 - inet6/filter/FORWARD -j limit-39 - inet/filter/INPUT -j limit-39 - inet6/filter/INPUT -j limit-39 - inet/filter/OUTPUT -j limit-39 - inet6/filter/OUTPUT -j limit-39 - inet/filter/limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-37 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-37 + inet/filter/limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-37 -j RETURN + inet6/filter/limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-37 -j RETURN + inet/filter/limit-37 -j DROP + inet6/filter/limit-37 -j DROP + +Filter 45 {"conn-limit":{"count":30,"log":"none"},"log":true,"out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-38 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-38 + inet/filter/limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-38 -j logaccept-3 + inet6/filter/limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-38 -j logaccept-3 + inet/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-3 -j ACCEPT + inet6/filter/logaccept-3 -j ACCEPT + inet/filter/limit-38 -j DROP + inet6/filter/limit-38 -j DROP -Filter 47 {"flow-limit":{"count":1,"log":false},"log":"none"} +Filter 46 {"conn-limit":{"count":30,"log":"none"},"log":"none","out":"B"} +(filter-limit) + inet/filter/FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 + inet/filter/OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 + inet6/filter/FORWARD -o eth1 -d fc00::/7 -j limit-39 + inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j limit-39 + inet/filter/limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-39 -j ACCEPT + inet6/filter/limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-39 -j ACCEPT + inet/filter/limit-39 -j DROP + inet6/filter/limit-39 -j DROP + +Filter 47 {"flow-limit":1} (filter-limit) inet/filter/FORWARD -j limit-40 inet6/filter/FORWARD -j limit-40 @@ -658,8 +614,12 @@ Filter 47 {"flow-limit":{"count":1,"log":false},"log":"n inet6/filter/INPUT -j limit-40 inet/filter/OUTPUT -j limit-40 inet6/filter/OUTPUT -j limit-40 - inet/filter/limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 + inet6/filter/limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 + inet/filter/logdrop-13 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-13 -m limit --limit 1/second -j LOG + inet/filter/logdrop-13 -j DROP + inet6/filter/logdrop-13 -j DROP inet/filter/limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set inet6/filter/limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT @@ -669,7 +629,7 @@ Filter 47 {"flow-limit":{"count":1,"log":false},"log":"n inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 48 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} +Filter 48 {"action":"pass","flow-limit":1} (filter-limit) inet/filter/FORWARD -j limit-41 inet6/filter/FORWARD -j limit-41 @@ -677,12 +637,16 @@ Filter 48 {"action":"pass","flow-limit":{"count":1,"log" inet6/filter/INPUT -j limit-41 inet/filter/OUTPUT -j limit-41 inet6/filter/OUTPUT -j limit-41 - inet/filter/limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 + inet6/filter/limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 + inet/filter/logdrop-14 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-14 -m limit --limit 1/second -j LOG + inet/filter/logdrop-14 -j DROP + inet6/filter/logdrop-14 -j DROP inet/filter/limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set inet6/filter/limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 49 {"flow-limit":{"count":1,"log":"none"}} +Filter 49 {"flow-limit":1,"log":true} (filter-limit) inet/filter/FORWARD -j limit-42 inet6/filter/FORWARD -j limit-42 @@ -690,18 +654,26 @@ Filter 49 {"flow-limit":{"count":1,"log":"none"}} inet6/filter/INPUT -j limit-42 inet/filter/OUTPUT -j limit-42 inet6/filter/OUTPUT -j limit-42 - inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 + inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 + inet/filter/logdrop-15 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-15 -m limit --limit 1/second -j LOG + inet/filter/logdrop-15 -j DROP + inet6/filter/logdrop-15 -j DROP inet/filter/limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set inet6/filter/limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/FORWARD -j logaccept-final-0 + inet6/filter/FORWARD -j logaccept-final-0 + inet/filter/INPUT -j logaccept-final-0 + inet6/filter/INPUT -j logaccept-final-0 + inet/filter/OUTPUT -j logaccept-final-0 + inet6/filter/OUTPUT -j logaccept-final-0 + inet/filter/logaccept-final-0 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-0 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-0 -j ACCEPT + inet6/filter/logaccept-final-0 -j ACCEPT -Filter 50 {"action":"pass","flow-limit":{"count":1,"log":"none"}} +Filter 50 {"action":"pass","flow-limit":1,"log":true} (filter-limit) inet/filter/FORWARD -j limit-43 inet6/filter/FORWARD -j limit-43 @@ -709,12 +681,16 @@ Filter 50 {"action":"pass","flow-limit":{"count":1,"log" inet6/filter/INPUT -j limit-43 inet/filter/OUTPUT -j limit-43 inet6/filter/OUTPUT -j limit-43 - inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 + inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 + inet/filter/logdrop-16 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-16 -m limit --limit 1/second -j LOG + inet/filter/logdrop-16 -j DROP + inet6/filter/logdrop-16 -j DROP + inet/filter/limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 51 {"flow-limit":{"count":1,"log":"none"},"log":true} +Filter 51 {"flow-limit":1,"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-44 inet6/filter/FORWARD -j limit-44 @@ -722,22 +698,22 @@ Filter 51 {"flow-limit":{"count":1,"log":"none"},"log":t inet6/filter/INPUT -j limit-44 inet/filter/OUTPUT -j limit-44 inet6/filter/OUTPUT -j limit-44 - inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 + inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 + inet/filter/logdrop-17 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-17 -m limit --limit 1/second -j LOG + inet/filter/logdrop-17 -j DROP + inet6/filter/logdrop-17 -j DROP inet/filter/limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set inet6/filter/limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set - inet/filter/FORWARD -j logaccept-final-2 - inet6/filter/FORWARD -j logaccept-final-2 - inet/filter/INPUT -j logaccept-final-2 - inet6/filter/INPUT -j logaccept-final-2 - inet/filter/OUTPUT -j logaccept-final-2 - inet6/filter/OUTPUT -j logaccept-final-2 - inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-2 -j ACCEPT - inet6/filter/logaccept-final-2 -j ACCEPT + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT -Filter 52 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} +Filter 52 {"action":"pass","flow-limit":1,"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-45 inet6/filter/FORWARD -j limit-45 @@ -745,12 +721,16 @@ Filter 52 {"action":"pass","flow-limit":{"count":1,"log" inet6/filter/INPUT -j limit-45 inet/filter/OUTPUT -j limit-45 inet6/filter/OUTPUT -j limit-45 - inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 + inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 + inet/filter/logdrop-18 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-18 -m limit --limit 1/second -j LOG + inet/filter/logdrop-18 -j DROP + inet6/filter/logdrop-18 -j DROP + inet/filter/limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 53 {"flow-limit":{"count":1,"log":"none"},"log":"none"} +Filter 53 {"flow-limit":{"count":1}} (filter-limit) inet/filter/FORWARD -j limit-46 inet6/filter/FORWARD -j limit-46 @@ -758,8 +738,12 @@ Filter 53 {"flow-limit":{"count":1,"log":"none"},"log":" inet6/filter/INPUT -j limit-46 inet/filter/OUTPUT -j limit-46 inet6/filter/OUTPUT -j limit-46 - inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 + inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 + inet/filter/logdrop-19 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-19 -m limit --limit 1/second -j LOG + inet/filter/logdrop-19 -j DROP + inet6/filter/logdrop-19 -j DROP inet/filter/limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set inet6/filter/limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT @@ -769,7 +753,7 @@ Filter 53 {"flow-limit":{"count":1,"log":"none"},"log":" inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 54 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} +Filter 54 {"action":"pass","flow-limit":{"count":1}} (filter-limit) inet/filter/FORWARD -j limit-47 inet6/filter/FORWARD -j limit-47 @@ -777,12 +761,16 @@ Filter 54 {"action":"pass","flow-limit":{"count":1,"log" inet6/filter/INPUT -j limit-47 inet/filter/OUTPUT -j limit-47 inet6/filter/OUTPUT -j limit-47 - inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 + inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 + inet/filter/logdrop-20 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-20 -m limit --limit 1/second -j LOG + inet/filter/logdrop-20 -j DROP + inet6/filter/logdrop-20 -j DROP inet/filter/limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set inet6/filter/limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 55 {"flow-limit":30} +Filter 55 {"flow-limit":{"count":1},"log":true} (filter-limit) inet/filter/FORWARD -j limit-48 inet6/filter/FORWARD -j limit-48 @@ -790,20 +778,26 @@ Filter 55 {"flow-limit":30} inet6/filter/INPUT -j limit-48 inet/filter/OUTPUT -j limit-48 inet6/filter/OUTPUT -j limit-48 - inet/filter/limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j RETURN - inet6/filter/limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j RETURN - inet/filter/limit-48 -m limit --limit 1/second -j LOG - inet6/filter/limit-48 -m limit --limit 1/second -j LOG - inet/filter/limit-48 -j DROP - inet6/filter/limit-48 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 + inet6/filter/limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 + inet/filter/logdrop-21 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-21 -m limit --limit 1/second -j LOG + inet/filter/logdrop-21 -j DROP + inet6/filter/logdrop-21 -j DROP + inet/filter/limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-1 + inet6/filter/FORWARD -j logaccept-final-1 + inet/filter/INPUT -j logaccept-final-1 + inet6/filter/INPUT -j logaccept-final-1 + inet/filter/OUTPUT -j logaccept-final-1 + inet6/filter/OUTPUT -j logaccept-final-1 + inet/filter/logaccept-final-1 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-1 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-1 -j ACCEPT + inet6/filter/logaccept-final-1 -j ACCEPT -Filter 56 {"action":"pass","flow-limit":30} +Filter 56 {"action":"pass","flow-limit":{"count":1},"log":true} (filter-limit) inet/filter/FORWARD -j limit-49 inet6/filter/FORWARD -j limit-49 @@ -811,14 +805,16 @@ Filter 56 {"action":"pass","flow-limit":30} inet6/filter/INPUT -j limit-49 inet/filter/OUTPUT -j limit-49 inet6/filter/OUTPUT -j limit-49 - inet/filter/limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j RETURN - inet6/filter/limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j RETURN - inet/filter/limit-49 -m limit --limit 1/second -j LOG - inet6/filter/limit-49 -m limit --limit 1/second -j LOG - inet/filter/limit-49 -j DROP - inet6/filter/limit-49 -j DROP - -Filter 57 {"flow-limit":30,"log":true} + inet/filter/limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 + inet6/filter/limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 + inet/filter/logdrop-22 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-22 -m limit --limit 1/second -j LOG + inet/filter/logdrop-22 -j DROP + inet6/filter/logdrop-22 -j DROP + inet/filter/limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 57 {"flow-limit":{"count":1},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-50 inet6/filter/FORWARD -j limit-50 @@ -826,24 +822,22 @@ Filter 57 {"flow-limit":30,"log":true} inet6/filter/INPUT -j limit-50 inet/filter/OUTPUT -j limit-50 inet6/filter/OUTPUT -j limit-50 - inet/filter/limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j RETURN - inet6/filter/limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j RETURN - inet/filter/limit-50 -m limit --limit 1/second -j LOG - inet6/filter/limit-50 -m limit --limit 1/second -j LOG - inet/filter/limit-50 -j DROP - inet6/filter/limit-50 -j DROP - inet/filter/FORWARD -j logaccept-final-3 - inet6/filter/FORWARD -j logaccept-final-3 - inet/filter/INPUT -j logaccept-final-3 - inet6/filter/INPUT -j logaccept-final-3 - inet/filter/OUTPUT -j logaccept-final-3 - inet6/filter/OUTPUT -j logaccept-final-3 - inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-3 -j ACCEPT - inet6/filter/logaccept-final-3 -j ACCEPT + inet/filter/limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 + inet6/filter/limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 + inet/filter/logdrop-23 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-23 -m limit --limit 1/second -j LOG + inet/filter/logdrop-23 -j DROP + inet6/filter/logdrop-23 -j DROP + inet/filter/limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT -Filter 58 {"flow-limit":30,"log":"none"} +Filter 58 {"action":"pass","flow-limit":{"count":1},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-51 inet6/filter/FORWARD -j limit-51 @@ -851,20 +845,16 @@ Filter 58 {"flow-limit":30,"log":"none"} inet6/filter/INPUT -j limit-51 inet/filter/OUTPUT -j limit-51 inet6/filter/OUTPUT -j limit-51 - inet/filter/limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN - inet6/filter/limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN - inet/filter/limit-51 -m limit --limit 1/second -j LOG - inet6/filter/limit-51 -m limit --limit 1/second -j LOG - inet/filter/limit-51 -j DROP - inet6/filter/limit-51 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT - -Filter 59 {"flow-limit":{"count":30,"log":false}} + inet/filter/limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 + inet6/filter/limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 + inet/filter/logdrop-24 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-24 -m limit --limit 1/second -j LOG + inet/filter/logdrop-24 -j DROP + inet6/filter/logdrop-24 -j DROP + inet/filter/limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 59 {"flow-limit":{"count":1,"log":false}} (filter-limit) inet/filter/FORWARD -j limit-52 inet6/filter/FORWARD -j limit-52 @@ -872,10 +862,10 @@ Filter 59 {"flow-limit":{"count":30,"log":false}} inet6/filter/INPUT -j limit-52 inet/filter/OUTPUT -j limit-52 inet6/filter/OUTPUT -j limit-52 - inet/filter/limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j RETURN - inet6/filter/limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j RETURN - inet/filter/limit-52 -j DROP - inet6/filter/limit-52 -j DROP + inet/filter/limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -883,7 +873,7 @@ Filter 59 {"flow-limit":{"count":30,"log":false}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 60 {"action":"pass","flow-limit":{"count":30,"log":false}} +Filter 60 {"action":"pass","flow-limit":{"count":1,"log":false}} (filter-limit) inet/filter/FORWARD -j limit-53 inet6/filter/FORWARD -j limit-53 @@ -891,12 +881,12 @@ Filter 60 {"action":"pass","flow-limit":{"count":30,"log inet6/filter/INPUT -j limit-53 inet/filter/OUTPUT -j limit-53 inet6/filter/OUTPUT -j limit-53 - inet/filter/limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j RETURN - inet6/filter/limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j RETURN - inet/filter/limit-53 -j DROP - inet6/filter/limit-53 -j DROP + inet/filter/limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 61 {"flow-limit":{"count":30,"log":false},"log":true} +Filter 61 {"flow-limit":{"count":1,"log":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-54 inet6/filter/FORWARD -j limit-54 @@ -904,22 +894,22 @@ Filter 61 {"flow-limit":{"count":30,"log":false},"log":t inet6/filter/INPUT -j limit-54 inet/filter/OUTPUT -j limit-54 inet6/filter/OUTPUT -j limit-54 - inet/filter/limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j RETURN - inet6/filter/limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j RETURN - inet/filter/limit-54 -j DROP - inet6/filter/limit-54 -j DROP - inet/filter/FORWARD -j logaccept-final-4 - inet6/filter/FORWARD -j logaccept-final-4 - inet/filter/INPUT -j logaccept-final-4 - inet6/filter/INPUT -j logaccept-final-4 - inet/filter/OUTPUT -j logaccept-final-4 - inet6/filter/OUTPUT -j logaccept-final-4 - inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG - inet/filter/logaccept-final-4 -j ACCEPT - inet6/filter/logaccept-final-4 -j ACCEPT + inet/filter/limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-2 + inet6/filter/FORWARD -j logaccept-final-2 + inet/filter/INPUT -j logaccept-final-2 + inet6/filter/INPUT -j logaccept-final-2 + inet/filter/OUTPUT -j logaccept-final-2 + inet6/filter/OUTPUT -j logaccept-final-2 + inet/filter/logaccept-final-2 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-2 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-2 -j ACCEPT + inet6/filter/logaccept-final-2 -j ACCEPT -Filter 62 {"flow-limit":{"count":30,"log":false},"log":"none"} +Filter 62 {"action":"pass","flow-limit":{"count":1,"log":false},"log":true} (filter-limit) inet/filter/FORWARD -j limit-55 inet6/filter/FORWARD -j limit-55 @@ -927,18 +917,12 @@ Filter 62 {"flow-limit":{"count":30,"log":false},"log":" inet6/filter/INPUT -j limit-55 inet/filter/OUTPUT -j limit-55 inet6/filter/OUTPUT -j limit-55 - inet/filter/limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN - inet6/filter/limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN - inet/filter/limit-55 -j DROP - inet6/filter/limit-55 -j DROP - inet/filter/FORWARD -j ACCEPT - inet6/filter/FORWARD -j ACCEPT - inet/filter/INPUT -j ACCEPT - inet6/filter/INPUT -j ACCEPT - inet/filter/OUTPUT -j ACCEPT - inet6/filter/OUTPUT -j ACCEPT + inet/filter/limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -Filter 63 {"flow-limit":{"count":30,"log":"none"}} +Filter 63 {"flow-limit":{"count":1,"log":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-56 inet6/filter/FORWARD -j limit-56 @@ -946,10 +930,10 @@ Filter 63 {"flow-limit":{"count":30,"log":"none"}} inet6/filter/INPUT -j limit-56 inet/filter/OUTPUT -j limit-56 inet6/filter/OUTPUT -j limit-56 - inet/filter/limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j RETURN - inet6/filter/limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j RETURN - inet/filter/limit-56 -j DROP - inet6/filter/limit-56 -j DROP + inet/filter/limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -957,7 +941,7 @@ Filter 63 {"flow-limit":{"count":30,"log":"none"}} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 64 {"action":"pass","flow-limit":{"count":30,"log":"none"}} +Filter 64 {"action":"pass","flow-limit":{"count":1,"log":false},"log":"none"} (filter-limit) inet/filter/FORWARD -j limit-57 inet6/filter/FORWARD -j limit-57 @@ -965,12 +949,12 @@ Filter 64 {"action":"pass","flow-limit":{"count":30,"log inet6/filter/INPUT -j limit-57 inet/filter/OUTPUT -j limit-57 inet6/filter/OUTPUT -j limit-57 - inet/filter/limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j RETURN - inet6/filter/limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j RETURN - inet/filter/limit-57 -j DROP - inet6/filter/limit-57 -j DROP + inet/filter/limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 65 {"flow-limit":{"count":30,"log":"none"},"log":true} +Filter 65 {"flow-limit":{"count":1,"log":"none"}} (filter-limit) inet/filter/FORWARD -j limit-58 inet6/filter/FORWARD -j limit-58 @@ -978,10 +962,230 @@ Filter 65 {"flow-limit":{"count":30,"log":"none"},"log": inet6/filter/INPUT -j limit-58 inet/filter/OUTPUT -j limit-58 inet6/filter/OUTPUT -j limit-58 - inet/filter/limit-58 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-58 -j RETURN - inet6/filter/limit-58 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-58 -j RETURN - inet/filter/limit-58 -j DROP - inet6/filter/limit-58 -j DROP + inet/filter/limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 66 {"action":"pass","flow-limit":{"count":1,"log":"none"}} +(filter-limit) + inet/filter/FORWARD -j limit-59 + inet6/filter/FORWARD -j limit-59 + inet/filter/INPUT -j limit-59 + inet6/filter/INPUT -j limit-59 + inet/filter/OUTPUT -j limit-59 + inet6/filter/OUTPUT -j limit-59 + inet/filter/limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 67 {"flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-60 + inet6/filter/FORWARD -j limit-60 + inet/filter/INPUT -j limit-60 + inet6/filter/INPUT -j limit-60 + inet/filter/OUTPUT -j limit-60 + inet6/filter/OUTPUT -j limit-60 + inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j logaccept-final-3 + inet6/filter/FORWARD -j logaccept-final-3 + inet/filter/INPUT -j logaccept-final-3 + inet6/filter/INPUT -j logaccept-final-3 + inet/filter/OUTPUT -j logaccept-final-3 + inet6/filter/OUTPUT -j logaccept-final-3 + inet/filter/logaccept-final-3 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-3 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-3 -j ACCEPT + inet6/filter/logaccept-final-3 -j ACCEPT + +Filter 68 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-61 + inet6/filter/FORWARD -j limit-61 + inet/filter/INPUT -j limit-61 + inet6/filter/INPUT -j limit-61 + inet/filter/OUTPUT -j limit-61 + inet6/filter/OUTPUT -j limit-61 + inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + +Filter 69 {"flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-62 + inet6/filter/FORWARD -j limit-62 + inet/filter/INPUT -j limit-62 + inet6/filter/INPUT -j limit-62 + inet/filter/OUTPUT -j limit-62 + inet6/filter/OUTPUT -j limit-62 + inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 70 {"action":"pass","flow-limit":{"count":1,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-63 + inet6/filter/FORWARD -j limit-63 + inet/filter/INPUT -j limit-63 + inet6/filter/INPUT -j limit-63 + inet/filter/OUTPUT -j limit-63 + inet6/filter/OUTPUT -j limit-63 + inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + +Filter 71 {"flow-limit":30} +(filter-limit) + inet/filter/FORWARD -j limit-64 + inet6/filter/FORWARD -j limit-64 + inet/filter/INPUT -j limit-64 + inet6/filter/INPUT -j limit-64 + inet/filter/OUTPUT -j limit-64 + inet6/filter/OUTPUT -j limit-64 + inet/filter/limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j RETURN + inet6/filter/limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j RETURN + inet/filter/limit-64 -m limit --limit 1/second -j LOG + inet6/filter/limit-64 -m limit --limit 1/second -j LOG + inet/filter/limit-64 -j DROP + inet6/filter/limit-64 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 72 {"action":"pass","flow-limit":30} +(filter-limit) + inet/filter/FORWARD -j limit-65 + inet6/filter/FORWARD -j limit-65 + inet/filter/INPUT -j limit-65 + inet6/filter/INPUT -j limit-65 + inet/filter/OUTPUT -j limit-65 + inet6/filter/OUTPUT -j limit-65 + inet/filter/limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN + inet6/filter/limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN + inet/filter/limit-65 -m limit --limit 1/second -j LOG + inet6/filter/limit-65 -m limit --limit 1/second -j LOG + inet/filter/limit-65 -j DROP + inet6/filter/limit-65 -j DROP + +Filter 73 {"flow-limit":30,"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-66 + inet6/filter/FORWARD -j limit-66 + inet/filter/INPUT -j limit-66 + inet6/filter/INPUT -j limit-66 + inet/filter/OUTPUT -j limit-66 + inet6/filter/OUTPUT -j limit-66 + inet/filter/limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j RETURN + inet6/filter/limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j RETURN + inet/filter/limit-66 -m limit --limit 1/second -j LOG + inet6/filter/limit-66 -m limit --limit 1/second -j LOG + inet/filter/limit-66 -j DROP + inet6/filter/limit-66 -j DROP + inet/filter/FORWARD -j logaccept-final-4 + inet6/filter/FORWARD -j logaccept-final-4 + inet/filter/INPUT -j logaccept-final-4 + inet6/filter/INPUT -j logaccept-final-4 + inet/filter/OUTPUT -j logaccept-final-4 + inet6/filter/OUTPUT -j logaccept-final-4 + inet/filter/logaccept-final-4 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-4 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-4 -j ACCEPT + inet6/filter/logaccept-final-4 -j ACCEPT + +Filter 74 {"flow-limit":30,"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-67 + inet6/filter/FORWARD -j limit-67 + inet/filter/INPUT -j limit-67 + inet6/filter/INPUT -j limit-67 + inet/filter/OUTPUT -j limit-67 + inet6/filter/OUTPUT -j limit-67 + inet/filter/limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j RETURN + inet6/filter/limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j RETURN + inet/filter/limit-67 -m limit --limit 1/second -j LOG + inet6/filter/limit-67 -m limit --limit 1/second -j LOG + inet/filter/limit-67 -j DROP + inet6/filter/limit-67 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 75 {"flow-limit":{"count":30}} +(filter-limit) + inet/filter/FORWARD -j limit-68 + inet6/filter/FORWARD -j limit-68 + inet/filter/INPUT -j limit-68 + inet6/filter/INPUT -j limit-68 + inet/filter/OUTPUT -j limit-68 + inet6/filter/OUTPUT -j limit-68 + inet/filter/limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j RETURN + inet6/filter/limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j RETURN + inet/filter/limit-68 -m limit --limit 1/second -j LOG + inet6/filter/limit-68 -m limit --limit 1/second -j LOG + inet/filter/limit-68 -j DROP + inet6/filter/limit-68 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 76 {"action":"pass","flow-limit":{"count":30}} +(filter-limit) + inet/filter/FORWARD -j limit-69 + inet6/filter/FORWARD -j limit-69 + inet/filter/INPUT -j limit-69 + inet6/filter/INPUT -j limit-69 + inet/filter/OUTPUT -j limit-69 + inet6/filter/OUTPUT -j limit-69 + inet/filter/limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN + inet6/filter/limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN + inet/filter/limit-69 -m limit --limit 1/second -j LOG + inet6/filter/limit-69 -m limit --limit 1/second -j LOG + inet/filter/limit-69 -j DROP + inet6/filter/limit-69 -j DROP + +Filter 77 {"flow-limit":{"count":30},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-70 + inet6/filter/FORWARD -j limit-70 + inet/filter/INPUT -j limit-70 + inet6/filter/INPUT -j limit-70 + inet/filter/OUTPUT -j limit-70 + inet6/filter/OUTPUT -j limit-70 + inet/filter/limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j RETURN + inet6/filter/limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j RETURN + inet/filter/limit-70 -m limit --limit 1/second -j LOG + inet6/filter/limit-70 -m limit --limit 1/second -j LOG + inet/filter/limit-70 -j DROP + inet6/filter/limit-70 -j DROP inet/filter/FORWARD -j logaccept-final-5 inet6/filter/FORWARD -j logaccept-final-5 inet/filter/INPUT -j logaccept-final-5 @@ -993,18 +1197,113 @@ Filter 65 {"flow-limit":{"count":30,"log":"none"},"log": inet/filter/logaccept-final-5 -j ACCEPT inet6/filter/logaccept-final-5 -j ACCEPT -Filter 66 {"flow-limit":{"count":30,"log":"none"},"log":"none"} +Filter 78 {"flow-limit":{"count":30},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-71 + inet6/filter/FORWARD -j limit-71 + inet/filter/INPUT -j limit-71 + inet6/filter/INPUT -j limit-71 + inet/filter/OUTPUT -j limit-71 + inet6/filter/OUTPUT -j limit-71 + inet/filter/limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j RETURN + inet6/filter/limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j RETURN + inet/filter/limit-71 -m limit --limit 1/second -j LOG + inet6/filter/limit-71 -m limit --limit 1/second -j LOG + inet/filter/limit-71 -j DROP + inet6/filter/limit-71 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 79 {"flow-limit":{"count":30,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-72 + inet6/filter/FORWARD -j limit-72 + inet/filter/INPUT -j limit-72 + inet6/filter/INPUT -j limit-72 + inet/filter/OUTPUT -j limit-72 + inet6/filter/OUTPUT -j limit-72 + inet/filter/limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j RETURN + inet6/filter/limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j RETURN + inet/filter/limit-72 -j DROP + inet6/filter/limit-72 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 80 {"action":"pass","flow-limit":{"count":30,"log":false}} +(filter-limit) + inet/filter/FORWARD -j limit-73 + inet6/filter/FORWARD -j limit-73 + inet/filter/INPUT -j limit-73 + inet6/filter/INPUT -j limit-73 + inet/filter/OUTPUT -j limit-73 + inet6/filter/OUTPUT -j limit-73 + inet/filter/limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN + inet6/filter/limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN + inet/filter/limit-73 -j DROP + inet6/filter/limit-73 -j DROP + +Filter 81 {"flow-limit":{"count":30,"log":false},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-74 + inet6/filter/FORWARD -j limit-74 + inet/filter/INPUT -j limit-74 + inet6/filter/INPUT -j limit-74 + inet/filter/OUTPUT -j limit-74 + inet6/filter/OUTPUT -j limit-74 + inet/filter/limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j RETURN + inet6/filter/limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j RETURN + inet/filter/limit-74 -j DROP + inet6/filter/limit-74 -j DROP + inet/filter/FORWARD -j logaccept-final-6 + inet6/filter/FORWARD -j logaccept-final-6 + inet/filter/INPUT -j logaccept-final-6 + inet6/filter/INPUT -j logaccept-final-6 + inet/filter/OUTPUT -j logaccept-final-6 + inet6/filter/OUTPUT -j logaccept-final-6 + inet/filter/logaccept-final-6 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-6 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-6 -j ACCEPT + inet6/filter/logaccept-final-6 -j ACCEPT + +Filter 82 {"flow-limit":{"count":30,"log":false},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-75 + inet6/filter/FORWARD -j limit-75 + inet/filter/INPUT -j limit-75 + inet6/filter/INPUT -j limit-75 + inet/filter/OUTPUT -j limit-75 + inet6/filter/OUTPUT -j limit-75 + inet/filter/limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j RETURN + inet6/filter/limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j RETURN + inet/filter/limit-75 -j DROP + inet6/filter/limit-75 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 83 {"flow-limit":{"count":30,"log":"none"}} (filter-limit) - inet/filter/FORWARD -j limit-59 - inet6/filter/FORWARD -j limit-59 - inet/filter/INPUT -j limit-59 - inet6/filter/INPUT -j limit-59 - inet/filter/OUTPUT -j limit-59 - inet6/filter/OUTPUT -j limit-59 - inet/filter/limit-59 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-59 -j RETURN - inet6/filter/limit-59 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-59 -j RETURN - inet/filter/limit-59 -j DROP - inet6/filter/limit-59 -j DROP + inet/filter/FORWARD -j limit-76 + inet6/filter/FORWARD -j limit-76 + inet/filter/INPUT -j limit-76 + inet6/filter/INPUT -j limit-76 + inet/filter/OUTPUT -j limit-76 + inet6/filter/OUTPUT -j limit-76 + inet/filter/limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-76 -j RETURN + inet6/filter/limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-76 -j RETURN + inet/filter/limit-76 -j DROP + inet6/filter/limit-76 -j DROP inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT inet/filter/INPUT -j ACCEPT @@ -1012,18 +1311,73 @@ Filter 66 {"flow-limit":{"count":30,"log":"none"},"log": inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 67 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +Filter 84 {"action":"pass","flow-limit":{"count":30,"log":"none"}} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-60 - inet6/filter/INPUT -i eth0 -j limit-60 - inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 - inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 - inet/filter/logdrop-13 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-13 -m limit --limit 1/second -j LOG - inet/filter/logdrop-13 -j DROP - inet6/filter/logdrop-13 -j DROP - inet/filter/limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/FORWARD -j limit-77 + inet6/filter/FORWARD -j limit-77 + inet/filter/INPUT -j limit-77 + inet6/filter/INPUT -j limit-77 + inet/filter/OUTPUT -j limit-77 + inet6/filter/OUTPUT -j limit-77 + inet/filter/limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-77 -j RETURN + inet6/filter/limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-77 -j RETURN + inet/filter/limit-77 -j DROP + inet6/filter/limit-77 -j DROP + +Filter 85 {"flow-limit":{"count":30,"log":"none"},"log":true} +(filter-limit) + inet/filter/FORWARD -j limit-78 + inet6/filter/FORWARD -j limit-78 + inet/filter/INPUT -j limit-78 + inet6/filter/INPUT -j limit-78 + inet/filter/OUTPUT -j limit-78 + inet6/filter/OUTPUT -j limit-78 + inet/filter/limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j RETURN + inet6/filter/limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j RETURN + inet/filter/limit-78 -j DROP + inet6/filter/limit-78 -j DROP + inet/filter/FORWARD -j logaccept-final-7 + inet6/filter/FORWARD -j logaccept-final-7 + inet/filter/INPUT -j logaccept-final-7 + inet6/filter/INPUT -j logaccept-final-7 + inet/filter/OUTPUT -j logaccept-final-7 + inet6/filter/OUTPUT -j logaccept-final-7 + inet/filter/logaccept-final-7 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-final-7 -m limit --limit 1/second -j LOG + inet/filter/logaccept-final-7 -j ACCEPT + inet6/filter/logaccept-final-7 -j ACCEPT + +Filter 86 {"flow-limit":{"count":30,"log":"none"},"log":"none"} +(filter-limit) + inet/filter/FORWARD -j limit-79 + inet6/filter/FORWARD -j limit-79 + inet/filter/INPUT -j limit-79 + inet6/filter/INPUT -j limit-79 + inet/filter/OUTPUT -j limit-79 + inet6/filter/OUTPUT -j limit-79 + inet/filter/limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-79 -j RETURN + inet6/filter/limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-79 -j RETURN + inet/filter/limit-79 -j DROP + inet6/filter/limit-79 -j DROP + inet/filter/FORWARD -j ACCEPT + inet6/filter/FORWARD -j ACCEPT + inet/filter/INPUT -j ACCEPT + inet6/filter/INPUT -j ACCEPT + inet/filter/OUTPUT -j ACCEPT + inet6/filter/OUTPUT -j ACCEPT + +Filter 87 {"flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-80 + inet6/filter/INPUT -i eth0 -j limit-80 + inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 + inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 + inet/filter/logdrop-25 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-25 -m limit --limit 1/second -j LOG + inet/filter/logdrop-25 -j DROP + inet6/filter/logdrop-25 -j DROP + inet/filter/limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1031,35 +1385,35 @@ Filter 67 {"flow-limit":1,"in":"A","no-track":true,"out" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 68 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} +Filter 88 {"action":"pass","flow-limit":1,"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-61 - inet6/filter/INPUT -i eth0 -j limit-61 - inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 - inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 - inet/filter/logdrop-14 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-14 -m limit --limit 1/second -j LOG - inet/filter/logdrop-14 -j DROP - inet6/filter/logdrop-14 -j DROP - inet/filter/limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-81 + inet6/filter/INPUT -i eth0 -j limit-81 + inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 + inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 + inet/filter/logdrop-26 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-26 -m limit --limit 1/second -j LOG + inet/filter/logdrop-26 -j DROP + inet6/filter/logdrop-26 -j DROP + inet/filter/limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 69 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 89 {"flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-62 - inet6/filter/INPUT -i eth0 -j limit-62 - inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 - inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 - inet/filter/logdrop-15 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-15 -m limit --limit 1/second -j LOG - inet/filter/logdrop-15 -j DROP - inet6/filter/logdrop-15 -j DROP - inet/filter/limit-62 -m limit --limit 1/second -j LOG - inet6/filter/limit-62 -m limit --limit 1/second -j LOG - inet/filter/limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-82 + inet6/filter/INPUT -i eth0 -j limit-82 + inet/filter/limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 + inet6/filter/limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 + inet/filter/logdrop-27 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-27 -m limit --limit 1/second -j LOG + inet/filter/logdrop-27 -j DROP + inet6/filter/logdrop-27 -j DROP + inet/filter/limit-82 -m limit --limit 1/second -j LOG + inet6/filter/limit-82 -m limit --limit 1/second -j LOG + inet/filter/limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1067,33 +1421,33 @@ Filter 69 {"flow-limit":1,"in":"A","log":true,"no-track" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 70 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 90 {"action":"pass","flow-limit":1,"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-63 - inet6/filter/INPUT -i eth0 -j limit-63 - inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 - inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 - inet/filter/logdrop-16 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-16 -m limit --limit 1/second -j LOG - inet/filter/logdrop-16 -j DROP - inet6/filter/logdrop-16 -j DROP - inet/filter/limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-83 + inet6/filter/INPUT -i eth0 -j limit-83 + inet/filter/limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 + inet6/filter/limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 + inet/filter/logdrop-28 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-28 -m limit --limit 1/second -j LOG + inet/filter/logdrop-28 -j DROP + inet6/filter/logdrop-28 -j DROP + inet/filter/limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 71 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 91 {"flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-64 - inet6/filter/INPUT -i eth0 -j limit-64 - inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 - inet6/filter/limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 - inet/filter/logdrop-17 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-17 -m limit --limit 1/second -j LOG - inet/filter/logdrop-17 -j DROP - inet6/filter/logdrop-17 -j DROP - inet/filter/limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-84 + inet6/filter/INPUT -i eth0 -j limit-84 + inet/filter/limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 + inet6/filter/limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 + inet/filter/logdrop-29 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-29 -m limit --limit 1/second -j LOG + inet/filter/logdrop-29 -j DROP + inet6/filter/logdrop-29 -j DROP + inet/filter/limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1101,29 +1455,33 @@ Filter 71 {"flow-limit":1,"in":"A","log":"none","no-trac inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 72 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 92 {"action":"pass","flow-limit":1,"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-65 - inet6/filter/INPUT -i eth0 -j limit-65 - inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 - inet6/filter/limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 - inet/filter/logdrop-18 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-18 -m limit --limit 1/second -j LOG - inet/filter/logdrop-18 -j DROP - inet6/filter/logdrop-18 -j DROP - inet/filter/limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-85 + inet6/filter/INPUT -i eth0 -j limit-85 + inet/filter/limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 + inet6/filter/limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 + inet/filter/logdrop-30 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-30 -m limit --limit 1/second -j LOG + inet/filter/logdrop-30 -j DROP + inet6/filter/logdrop-30 -j DROP + inet/filter/limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 73 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 93 {"flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-66 - inet6/filter/INPUT -i eth0 -j limit-66 - inet/filter/limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-86 + inet6/filter/INPUT -i eth0 -j limit-86 + inet/filter/limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 + inet6/filter/limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 + inet/filter/logdrop-31 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-31 -m limit --limit 1/second -j LOG + inet/filter/logdrop-31 -j DROP + inet6/filter/logdrop-31 -j DROP + inet/filter/limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1131,27 +1489,35 @@ Filter 73 {"flow-limit":{"count":1,"log":false},"in":"A" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 74 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 94 {"action":"pass","flow-limit":{"count":1},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-67 - inet6/filter/INPUT -i eth0 -j limit-67 - inet/filter/limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-87 + inet6/filter/INPUT -i eth0 -j limit-87 + inet/filter/limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 + inet6/filter/limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 + inet/filter/logdrop-32 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-32 -m limit --limit 1/second -j LOG + inet/filter/logdrop-32 -j DROP + inet6/filter/logdrop-32 -j DROP + inet/filter/limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 75 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 95 {"flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-68 - inet6/filter/INPUT -i eth0 -j limit-68 - inet/filter/limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-68 -m limit --limit 1/second -j LOG - inet6/filter/limit-68 -m limit --limit 1/second -j LOG - inet/filter/limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-88 + inet6/filter/INPUT -i eth0 -j limit-88 + inet/filter/limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 + inet6/filter/limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 + inet/filter/logdrop-33 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-33 -m limit --limit 1/second -j LOG + inet/filter/logdrop-33 -j DROP + inet6/filter/logdrop-33 -j DROP + inet/filter/limit-88 -m limit --limit 1/second -j LOG + inet6/filter/limit-88 -m limit --limit 1/second -j LOG + inet/filter/limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1159,25 +1525,33 @@ Filter 75 {"flow-limit":{"count":1,"log":false},"in":"A" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 76 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 96 {"action":"pass","flow-limit":{"count":1},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-69 - inet6/filter/INPUT -i eth0 -j limit-69 - inet/filter/limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-89 + inet6/filter/INPUT -i eth0 -j limit-89 + inet/filter/limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 + inet6/filter/limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 + inet/filter/logdrop-34 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-34 -m limit --limit 1/second -j LOG + inet/filter/logdrop-34 -j DROP + inet6/filter/logdrop-34 -j DROP + inet/filter/limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 77 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 97 {"flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-70 - inet6/filter/INPUT -i eth0 -j limit-70 - inet/filter/limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-90 + inet6/filter/INPUT -i eth0 -j limit-90 + inet/filter/limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 + inet6/filter/limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 + inet/filter/logdrop-35 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-35 -m limit --limit 1/second -j LOG + inet/filter/logdrop-35 -j DROP + inet6/filter/logdrop-35 -j DROP + inet/filter/limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1185,25 +1559,29 @@ Filter 77 {"flow-limit":{"count":1,"log":false},"in":"A" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 78 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 98 {"action":"pass","flow-limit":{"count":1},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-71 - inet6/filter/INPUT -i eth0 -j limit-71 - inet/filter/limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-91 + inet6/filter/INPUT -i eth0 -j limit-91 + inet/filter/limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 + inet6/filter/limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 + inet/filter/logdrop-36 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-36 -m limit --limit 1/second -j LOG + inet/filter/logdrop-36 -j DROP + inet6/filter/logdrop-36 -j DROP + inet/filter/limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 79 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 99 {"flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-72 - inet6/filter/INPUT -i eth0 -j limit-72 - inet/filter/limit-72 -m recent --name limit-72 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-72 -m recent --name limit-72 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-72 -m recent --name limit-72 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-72 -m recent --name limit-72 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-92 + inet6/filter/INPUT -i eth0 -j limit-92 + inet/filter/limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1211,27 +1589,27 @@ Filter 79 {"flow-limit":{"count":1,"log":"none"},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 80 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 100 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-73 - inet6/filter/INPUT -i eth0 -j limit-73 - inet/filter/limit-73 -m recent --name limit-73 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-73 -m recent --name limit-73 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-73 -m recent --name limit-73 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-73 -m recent --name limit-73 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-93 + inet6/filter/INPUT -i eth0 -j limit-93 + inet/filter/limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 81 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 101 {"flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-74 - inet6/filter/INPUT -i eth0 -j limit-74 - inet/filter/limit-74 -m recent --name limit-74 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-74 -m recent --name limit-74 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-74 -m limit --limit 1/second -j LOG - inet6/filter/limit-74 -m limit --limit 1/second -j LOG - inet/filter/limit-74 -m recent --name limit-74 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-74 -m recent --name limit-74 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-94 + inet6/filter/INPUT -i eth0 -j limit-94 + inet/filter/limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-94 -m limit --limit 1/second -j LOG + inet6/filter/limit-94 -m limit --limit 1/second -j LOG + inet/filter/limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1239,25 +1617,25 @@ Filter 81 {"flow-limit":{"count":1,"log":"none"},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 82 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 102 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-75 - inet6/filter/INPUT -i eth0 -j limit-75 - inet/filter/limit-75 -m recent --name limit-75 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-75 -m recent --name limit-75 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-75 -m recent --name limit-75 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG - inet6/filter/limit-75 -m recent --name limit-75 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/filter/INPUT -i eth0 -j limit-95 + inet6/filter/INPUT -i eth0 -j limit-95 + inet/filter/limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 83 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 103 {"flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-76 - inet6/filter/INPUT -i eth0 -j limit-76 - inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set -j ACCEPT - inet6/filter/limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT + inet/filter/INPUT -i eth0 -j limit-96 + inet6/filter/INPUT -i eth0 -j limit-96 + inet/filter/limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1265,27 +1643,25 @@ Filter 83 {"flow-limit":{"count":1,"log":"none"},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 84 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 104 {"action":"pass","flow-limit":{"count":1,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-77 - inet6/filter/INPUT -i eth0 -j limit-77 - inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP - inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP - inet/filter/limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set - inet6/filter/limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/filter/INPUT -i eth0 -j limit-97 + inet6/filter/INPUT -i eth0 -j limit-97 + inet/filter/limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 85 {"flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +Filter 105 {"flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-78 - inet6/filter/INPUT -i eth0 -j limit-78 - inet/filter/limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j ACCEPT - inet6/filter/limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j ACCEPT - inet/filter/limit-78 -m limit --limit 1/second -j LOG - inet6/filter/limit-78 -m limit --limit 1/second -j LOG - inet/filter/limit-78 -j DROP - inet6/filter/limit-78 -j DROP + inet/filter/INPUT -i eth0 -j limit-98 + inet6/filter/INPUT -i eth0 -j limit-98 + inet/filter/limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1293,33 +1669,27 @@ Filter 85 {"flow-limit":30,"in":"A","no-track":true,"out inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 86 {"action":"pass","flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +Filter 106 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-79 - inet6/filter/INPUT -i eth0 -j limit-79 - inet/filter/limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-79 -j RETURN - inet6/filter/limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-79 -j RETURN - inet/filter/limit-79 -m limit --limit 1/second -j LOG - inet6/filter/limit-79 -m limit --limit 1/second -j LOG - inet/filter/limit-79 -j DROP - inet6/filter/limit-79 -j DROP + inet/filter/INPUT -i eth0 -j limit-99 + inet6/filter/INPUT -i eth0 -j limit-99 + inet/filter/limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 87 {"flow-limit":30,"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 107 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-80 - inet6/filter/INPUT -i eth0 -j limit-80 - inet/filter/limit-80 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-80 -j logaccept-3 - inet6/filter/limit-80 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-80 -j logaccept-3 - inet/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-3 -m limit --limit 1/second -j LOG - inet/filter/logaccept-3 -j ACCEPT - inet6/filter/logaccept-3 -j ACCEPT - inet/filter/limit-80 -m limit --limit 1/second -j LOG - inet6/filter/limit-80 -m limit --limit 1/second -j LOG - inet/filter/limit-80 -j DROP - inet6/filter/limit-80 -j DROP + inet/filter/INPUT -i eth0 -j limit-100 + inet6/filter/INPUT -i eth0 -j limit-100 + inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-100 -m limit --limit 1/second -j LOG + inet6/filter/limit-100 -m limit --limit 1/second -j LOG + inet/filter/limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1327,16 +1697,25 @@ Filter 87 {"flow-limit":30,"in":"A","log":true,"no-track inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 88 {"flow-limit":30,"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 108 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-81 - inet6/filter/INPUT -i eth0 -j limit-81 - inet/filter/limit-81 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-81 -j ACCEPT - inet6/filter/limit-81 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-81 -j ACCEPT - inet/filter/limit-81 -m limit --limit 1/second -j LOG - inet6/filter/limit-81 -m limit --limit 1/second -j LOG - inet/filter/limit-81 -j DROP - inet6/filter/limit-81 -j DROP + inet/filter/INPUT -i eth0 -j limit-101 + inet6/filter/INPUT -i eth0 -j limit-101 + inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG + inet6/filter/limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 109 {"flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-102 + inet6/filter/INPUT -i eth0 -j limit-102 + inet/filter/limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set -j ACCEPT + inet6/filter/limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1344,14 +1723,27 @@ Filter 88 {"flow-limit":30,"in":"A","log":"none","no-tra inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 89 {"flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 110 {"action":"pass","flow-limit":{"count":1,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-82 - inet6/filter/INPUT -i eth0 -j limit-82 - inet/filter/limit-82 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-82 -j ACCEPT - inet6/filter/limit-82 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-82 -j ACCEPT - inet/filter/limit-82 -j DROP - inet6/filter/limit-82 -j DROP + inet/filter/INPUT -i eth0 -j limit-103 + inet6/filter/INPUT -i eth0 -j limit-103 + inet/filter/limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP + inet6/filter/limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP + inet/filter/limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set + inet6/filter/limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 111 {"flow-limit":30,"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-104 + inet6/filter/INPUT -i eth0 -j limit-104 + inet/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT + inet6/filter/limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT + inet/filter/limit-104 -m limit --limit 1/second -j LOG + inet6/filter/limit-104 -m limit --limit 1/second -j LOG + inet/filter/limit-104 -j DROP + inet6/filter/limit-104 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1359,29 +1751,33 @@ Filter 89 {"flow-limit":{"count":30,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 90 {"action":"pass","flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +Filter 112 {"action":"pass","flow-limit":30,"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-83 - inet6/filter/INPUT -i eth0 -j limit-83 - inet/filter/limit-83 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-83 -j RETURN - inet6/filter/limit-83 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-83 -j RETURN - inet/filter/limit-83 -j DROP - inet6/filter/limit-83 -j DROP + inet/filter/INPUT -i eth0 -j limit-105 + inet6/filter/INPUT -i eth0 -j limit-105 + inet/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN + inet6/filter/limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN + inet/filter/limit-105 -m limit --limit 1/second -j LOG + inet6/filter/limit-105 -m limit --limit 1/second -j LOG + inet/filter/limit-105 -j DROP + inet6/filter/limit-105 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 91 {"flow-limit":{"count":30,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 113 {"flow-limit":30,"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-84 - inet6/filter/INPUT -i eth0 -j limit-84 - inet/filter/limit-84 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-84 -j logaccept-4 - inet6/filter/limit-84 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-84 -j logaccept-4 + inet/filter/INPUT -i eth0 -j limit-106 + inet6/filter/INPUT -i eth0 -j limit-106 + inet/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-4 + inet6/filter/limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-4 inet/filter/logaccept-4 -m limit --limit 1/second -j LOG inet6/filter/logaccept-4 -m limit --limit 1/second -j LOG inet/filter/logaccept-4 -j ACCEPT inet6/filter/logaccept-4 -j ACCEPT - inet/filter/limit-84 -j DROP - inet6/filter/limit-84 -j DROP + inet/filter/limit-106 -m limit --limit 1/second -j LOG + inet6/filter/limit-106 -m limit --limit 1/second -j LOG + inet/filter/limit-106 -j DROP + inet6/filter/limit-106 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1389,14 +1785,16 @@ Filter 91 {"flow-limit":{"count":30,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 92 {"flow-limit":{"count":30,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 114 {"flow-limit":30,"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-85 - inet6/filter/INPUT -i eth0 -j limit-85 - inet/filter/limit-85 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-85 -j ACCEPT - inet6/filter/limit-85 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-85 -j ACCEPT - inet/filter/limit-85 -j DROP - inet6/filter/limit-85 -j DROP + inet/filter/INPUT -i eth0 -j limit-107 + inet6/filter/INPUT -i eth0 -j limit-107 + inet/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT + inet6/filter/limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT + inet/filter/limit-107 -m limit --limit 1/second -j LOG + inet6/filter/limit-107 -m limit --limit 1/second -j LOG + inet/filter/limit-107 -j DROP + inet6/filter/limit-107 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1404,14 +1802,16 @@ Filter 92 {"flow-limit":{"count":30,"log":false},"in":"A inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 93 {"flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 115 {"flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-86 - inet6/filter/INPUT -i eth0 -j limit-86 - inet/filter/limit-86 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-86 -j ACCEPT - inet6/filter/limit-86 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-86 -j ACCEPT - inet/filter/limit-86 -j DROP - inet6/filter/limit-86 -j DROP + inet/filter/INPUT -i eth0 -j limit-108 + inet6/filter/INPUT -i eth0 -j limit-108 + inet/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT + inet6/filter/limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT + inet/filter/limit-108 -m limit --limit 1/second -j LOG + inet6/filter/limit-108 -m limit --limit 1/second -j LOG + inet/filter/limit-108 -j DROP + inet6/filter/limit-108 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1419,29 +1819,33 @@ Filter 93 {"flow-limit":{"count":30,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 94 {"action":"pass","flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +Filter 116 {"action":"pass","flow-limit":{"count":30},"in":"A","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-87 - inet6/filter/INPUT -i eth0 -j limit-87 - inet/filter/limit-87 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-87 -j RETURN - inet6/filter/limit-87 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-87 -j RETURN - inet/filter/limit-87 -j DROP - inet6/filter/limit-87 -j DROP + inet/filter/INPUT -i eth0 -j limit-109 + inet6/filter/INPUT -i eth0 -j limit-109 + inet/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN + inet6/filter/limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN + inet/filter/limit-109 -m limit --limit 1/second -j LOG + inet6/filter/limit-109 -m limit --limit 1/second -j LOG + inet/filter/limit-109 -j DROP + inet6/filter/limit-109 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -Filter 95 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +Filter 117 {"flow-limit":{"count":30},"in":"A","log":true,"no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-88 - inet6/filter/INPUT -i eth0 -j limit-88 - inet/filter/limit-88 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-88 -j logaccept-5 - inet6/filter/limit-88 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-88 -j logaccept-5 + inet/filter/INPUT -i eth0 -j limit-110 + inet6/filter/INPUT -i eth0 -j limit-110 + inet/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-5 + inet6/filter/limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-5 inet/filter/logaccept-5 -m limit --limit 1/second -j LOG inet6/filter/logaccept-5 -m limit --limit 1/second -j LOG inet/filter/logaccept-5 -j ACCEPT inet6/filter/logaccept-5 -j ACCEPT - inet/filter/limit-88 -j DROP - inet6/filter/limit-88 -j DROP + inet/filter/limit-110 -m limit --limit 1/second -j LOG + inet6/filter/limit-110 -m limit --limit 1/second -j LOG + inet/filter/limit-110 -j DROP + inet6/filter/limit-110 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1449,14 +1853,136 @@ Filter 95 {"flow-limit":{"count":30,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 96 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +Filter 118 {"flow-limit":{"count":30},"in":"A","log":"none","no-track":true,"out":"_fw"} (filter-limit) - inet/filter/INPUT -i eth0 -j limit-89 - inet6/filter/INPUT -i eth0 -j limit-89 - inet/filter/limit-89 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-89 -j ACCEPT - inet6/filter/limit-89 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-89 -j ACCEPT - inet/filter/limit-89 -j DROP - inet6/filter/limit-89 -j DROP + inet/filter/INPUT -i eth0 -j limit-111 + inet6/filter/INPUT -i eth0 -j limit-111 + inet/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT + inet6/filter/limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT + inet/filter/limit-111 -m limit --limit 1/second -j LOG + inet6/filter/limit-111 -m limit --limit 1/second -j LOG + inet/filter/limit-111 -j DROP + inet6/filter/limit-111 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 119 {"flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-112 + inet6/filter/INPUT -i eth0 -j limit-112 + inet/filter/limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j ACCEPT + inet6/filter/limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j ACCEPT + inet/filter/limit-112 -j DROP + inet6/filter/limit-112 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 120 {"action":"pass","flow-limit":{"count":30,"log":false},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-113 + inet6/filter/INPUT -i eth0 -j limit-113 + inet/filter/limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN + inet6/filter/limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN + inet/filter/limit-113 -j DROP + inet6/filter/limit-113 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 121 {"flow-limit":{"count":30,"log":false},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-114 + inet6/filter/INPUT -i eth0 -j limit-114 + inet/filter/limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j logaccept-6 + inet6/filter/limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j logaccept-6 + inet/filter/logaccept-6 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG + inet/filter/logaccept-6 -j ACCEPT + inet6/filter/logaccept-6 -j ACCEPT + inet/filter/limit-114 -j DROP + inet6/filter/limit-114 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 122 {"flow-limit":{"count":30,"log":false},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-115 + inet6/filter/INPUT -i eth0 -j limit-115 + inet/filter/limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j ACCEPT + inet6/filter/limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j ACCEPT + inet/filter/limit-115 -j DROP + inet6/filter/limit-115 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 123 {"flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-116 + inet6/filter/INPUT -i eth0 -j limit-116 + inet/filter/limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-116 -j ACCEPT + inet6/filter/limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-116 -j ACCEPT + inet/filter/limit-116 -j DROP + inet6/filter/limit-116 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 124 {"action":"pass","flow-limit":{"count":30,"log":"none"},"in":"A","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-117 + inet6/filter/INPUT -i eth0 -j limit-117 + inet/filter/limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-117 -j RETURN + inet6/filter/limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-117 -j RETURN + inet/filter/limit-117 -j DROP + inet6/filter/limit-117 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + +Filter 125 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":true,"no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-118 + inet6/filter/INPUT -i eth0 -j limit-118 + inet/filter/limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-118 -j logaccept-7 + inet6/filter/limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-118 -j logaccept-7 + inet/filter/logaccept-7 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-7 -m limit --limit 1/second -j LOG + inet/filter/logaccept-7 -j ACCEPT + inet6/filter/logaccept-7 -j ACCEPT + inet/filter/limit-118 -j DROP + inet6/filter/limit-118 -j DROP + inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack + inet/raw/OUTPUT -o eth0 -j CT --notrack + inet6/raw/OUTPUT -o eth0 -j CT --notrack + inet/filter/OUTPUT -o eth0 -j ACCEPT + inet6/filter/OUTPUT -o eth0 -j ACCEPT + +Filter 126 {"flow-limit":{"count":30,"log":"none"},"in":"A","log":"none","no-track":true,"out":"_fw"} +(filter-limit) + inet/filter/INPUT -i eth0 -j limit-119 + inet6/filter/INPUT -i eth0 -j limit-119 + inet/filter/limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-119 -j ACCEPT + inet6/filter/limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-119 -j ACCEPT + inet/filter/limit-119 -j DROP + inet6/filter/limit-119 -j DROP inet/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack inet/raw/OUTPUT -o eth0 -j CT --notrack @@ -1464,7 +1990,7 @@ Filter 96 {"flow-limit":{"count":30,"log":"none"},"in":" inet/filter/OUTPUT -o eth0 -j ACCEPT inet6/filter/OUTPUT -o eth0 -j ACCEPT -Filter 97 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} +Filter 127 {"update-limit":{"addr":"src","measure":"conn","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -1473,7 +1999,7 @@ Filter 97 {"update-limit":{"addr":"src","measure":"conn" inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 98 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} +Filter 128 {"update-limit":{"addr":"dest","measure":"conn","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set @@ -1482,7 +2008,7 @@ Filter 98 {"update-limit":{"addr":"dest","measure":"conn inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 99 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} +Filter 129 {"update-limit":{"addr":"src","measure":"flow","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set @@ -1491,7 +2017,7 @@ Filter 99 {"update-limit":{"addr":"src","measure":"flow" inet/filter/OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 100 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} +Filter 130 {"update-limit":{"addr":"dest","measure":"flow","name":"foo"}} (filter-limit) inet/filter/FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet/filter/INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set @@ -1500,7 +2026,7 @@ Filter 100 {"update-limit":{"addr":"dest","measure":"flow inet/filter/OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set inet6/filter/OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -Filter 101 {} +Filter 131 {} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -1509,20 +2035,20 @@ Filter 101 {} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 102 {"action":"drop"} +Filter 132 {"action":"drop"} (log) - inet/filter/FORWARD -j logdrop-19 - inet6/filter/FORWARD -j logdrop-19 - inet/filter/INPUT -j logdrop-19 - inet6/filter/INPUT -j logdrop-19 - inet/filter/OUTPUT -j logdrop-19 - inet6/filter/OUTPUT -j logdrop-19 - inet/filter/logdrop-19 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-19 -m limit --limit 1/second -j LOG - inet/filter/logdrop-19 -j DROP - inet6/filter/logdrop-19 -j DROP - -Filter 103 {"action":"pass"} + inet/filter/FORWARD -j logdrop-37 + inet6/filter/FORWARD -j logdrop-37 + inet/filter/INPUT -j logdrop-37 + inet6/filter/INPUT -j logdrop-37 + inet/filter/OUTPUT -j logdrop-37 + inet6/filter/OUTPUT -j logdrop-37 + inet/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-37 -m limit --limit 1/second -j LOG + inet/filter/logdrop-37 -j DROP + inet6/filter/logdrop-37 -j DROP + +Filter 133 {"action":"pass"} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -1531,7 +2057,7 @@ Filter 103 {"action":"pass"} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 104 {"log":false} +Filter 134 {"log":false} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -1540,7 +2066,7 @@ Filter 104 {"log":false} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 105 {"action":"drop","log":false} +Filter 135 {"action":"drop","log":false} (log) inet/filter/FORWARD -j DROP inet6/filter/FORWARD -j DROP @@ -1549,7 +2075,7 @@ Filter 105 {"action":"drop","log":false} inet/filter/OUTPUT -j DROP inet6/filter/OUTPUT -j DROP -Filter 106 {"action":"pass","log":false} +Filter 136 {"action":"pass","log":false} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -1558,33 +2084,33 @@ Filter 106 {"action":"pass","log":false} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 107 {"log":true} +Filter 137 {"log":true} (log) - inet/filter/FORWARD -j logaccept-6 - inet6/filter/FORWARD -j logaccept-6 - inet/filter/INPUT -j logaccept-6 - inet6/filter/INPUT -j logaccept-6 - inet/filter/OUTPUT -j logaccept-6 - inet6/filter/OUTPUT -j logaccept-6 - inet/filter/logaccept-6 -m limit --limit 1/second -j LOG - inet6/filter/logaccept-6 -m limit --limit 1/second -j LOG - inet/filter/logaccept-6 -j ACCEPT - inet6/filter/logaccept-6 -j ACCEPT - -Filter 108 {"action":"drop","log":true} + inet/filter/FORWARD -j logaccept-8 + inet6/filter/FORWARD -j logaccept-8 + inet/filter/INPUT -j logaccept-8 + inet6/filter/INPUT -j logaccept-8 + inet/filter/OUTPUT -j logaccept-8 + inet6/filter/OUTPUT -j logaccept-8 + inet/filter/logaccept-8 -m limit --limit 1/second -j LOG + inet6/filter/logaccept-8 -m limit --limit 1/second -j LOG + inet/filter/logaccept-8 -j ACCEPT + inet6/filter/logaccept-8 -j ACCEPT + +Filter 138 {"action":"drop","log":true} (log) - inet/filter/FORWARD -j logdrop-20 - inet6/filter/FORWARD -j logdrop-20 - inet/filter/INPUT -j logdrop-20 - inet6/filter/INPUT -j logdrop-20 - inet/filter/OUTPUT -j logdrop-20 - inet6/filter/OUTPUT -j logdrop-20 - inet/filter/logdrop-20 -m limit --limit 1/second -j LOG - inet6/filter/logdrop-20 -m limit --limit 1/second -j LOG - inet/filter/logdrop-20 -j DROP - inet6/filter/logdrop-20 -j DROP - -Filter 109 {"action":"pass","log":true} + inet/filter/FORWARD -j logdrop-38 + inet6/filter/FORWARD -j logdrop-38 + inet/filter/INPUT -j logdrop-38 + inet6/filter/INPUT -j logdrop-38 + inet/filter/OUTPUT -j logdrop-38 + inet6/filter/OUTPUT -j logdrop-38 + inet/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet6/filter/logdrop-38 -m limit --limit 1/second -j LOG + inet/filter/logdrop-38 -j DROP + inet6/filter/logdrop-38 -j DROP + +Filter 139 {"action":"pass","log":true} (log) inet/filter/FORWARD -j logpass-0 inet6/filter/FORWARD -j logpass-0 @@ -1595,7 +2121,7 @@ Filter 109 {"action":"pass","log":true} inet/filter/logpass-0 -m limit --limit 1/second -j LOG inet6/filter/logpass-0 -m limit --limit 1/second -j LOG -Filter 110 {"log":"none"} +Filter 140 {"log":"none"} (log) inet/filter/FORWARD -j ACCEPT inet6/filter/FORWARD -j ACCEPT @@ -1604,7 +2130,7 @@ Filter 110 {"log":"none"} inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT -Filter 111 {"action":"drop","log":"none"} +Filter 141 {"action":"drop","log":"none"} (log) inet/filter/FORWARD -j DROP inet6/filter/FORWARD -j DROP @@ -1613,7 +2139,7 @@ Filter 111 {"action":"drop","log":"none"} inet/filter/OUTPUT -j DROP inet6/filter/OUTPUT -j DROP -Filter 112 {"action":"pass","log":"none"} +Filter 142 {"action":"pass","log":"none"} (log) inet/filter/FORWARD inet6/filter/FORWARD @@ -1622,7 +2148,7 @@ Filter 112 {"action":"pass","log":"none"} inet/filter/OUTPUT inet6/filter/OUTPUT -Filter 113 {"in":"_fw","no-track":true,"service":"http"} +Filter 143 {"in":"_fw","no-track":true,"service":"http"} (no-track) inet/filter/OUTPUT -p tcp --dport 80 -j ACCEPT inet6/filter/OUTPUT -p tcp --dport 80 -j ACCEPT @@ -1633,7 +2159,7 @@ Filter 113 {"in":"_fw","no-track":true,"service":"http"} inet/filter/INPUT -p tcp --sport 80 -j ACCEPT inet6/filter/INPUT -p tcp --sport 80 -j ACCEPT -Filter 114 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} +Filter 144 {"dest":"172.17.0.0\/16","no-track":true,"service":"radius","src":"172.16.0.0\/16"} (no-track) inet/filter/FORWARD -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT inet/filter/INPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j ACCEPT @@ -1656,7 +2182,7 @@ Filter 114 {"dest":"172.17.0.0\/16","no-track":true,"serv inet/filter/OUTPUT -p tcp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT inet/filter/OUTPUT -p udp --sport 1812 -d 172.16.0.0/16 -s 172.17.0.0/16 -j ACCEPT -Filter 115 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} +Filter 145 {"dest":"172.18.0.0\/16","no-track":true,"service":"ssh"} (no-track) inet/filter/FORWARD -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT inet/filter/INPUT -p tcp --dport 22 -d 172.18.0.0/16 -j ACCEPT @@ -1669,7 +2195,7 @@ Filter 115 {"dest":"172.18.0.0\/16","no-track":true,"serv inet/filter/INPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT inet/filter/OUTPUT -p tcp --sport 22 -s 172.18.0.0/16 -j ACCEPT -Filter 116 {"no-track":true,"out":"_fw","service":"ipsec"} +Filter 146 {"no-track":true,"out":"_fw","service":"ipsec"} (no-track) inet/filter/INPUT -p esp -j ACCEPT inet6/filter/INPUT -p esp -j ACCEPT @@ -1688,7 +2214,7 @@ Filter 116 {"no-track":true,"out":"_fw","service":"ipsec" inet/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT inet6/filter/OUTPUT -p udp -m multiport --sports 500,4500 -j ACCEPT -Filter 117 {"in":["_fw","A"]} +Filter 147 {"in":["_fw","A"]} (zone) inet/filter/OUTPUT -j ACCEPT inet6/filter/OUTPUT -j ACCEPT @@ -1697,12 +2223,12 @@ Filter 117 {"in":["_fw","A"]} inet/filter/INPUT -i eth0 -j ACCEPT inet6/filter/INPUT -i eth0 -j ACCEPT -Filter 118 {"in":"B","out":"C"} +Filter 148 {"in":"B","out":"C"} (zone) inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT inet/filter/FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT -Filter 119 {"out":["_fw","B"]} +Filter 149 {"out":["_fw","B"]} (zone) inet/filter/INPUT -j ACCEPT inet6/filter/INPUT -j ACCEPT @@ -1711,7 +2237,7 @@ Filter 119 {"out":["_fw","B"]} inet6/filter/FORWARD -o eth1 -d fc00::/7 -j ACCEPT inet6/filter/OUTPUT -o eth1 -d fc00::/7 -j ACCEPT -Filter 120 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} +Filter 150 {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]} (zone) inet/filter/FORWARD -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT inet6/filter/FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT @@ -2049,7 +2575,27 @@ hash:net family inet :limit-0 - [0:0] :limit-1 - [0:0] :limit-10 - [0:0] +:limit-100 - [0:0] +:limit-101 - [0:0] +:limit-102 - [0:0] +:limit-103 - [0:0] +:limit-104 - [0:0] +:limit-105 - [0:0] +:limit-106 - [0:0] +:limit-107 - [0:0] +:limit-108 - [0:0] +:limit-109 - [0:0] :limit-11 - [0:0] +:limit-110 - [0:0] +:limit-111 - [0:0] +:limit-112 - [0:0] +:limit-113 - [0:0] +:limit-114 - [0:0] +:limit-115 - [0:0] +:limit-116 - [0:0] +:limit-117 - [0:0] +:limit-118 - [0:0] +:limit-119 - [0:0] :limit-12 - [0:0] :limit-13 - [0:0] :limit-14 - [0:0] @@ -2136,6 +2682,16 @@ hash:net family inet :limit-88 - [0:0] :limit-89 - [0:0] :limit-9 - [0:0] +:limit-90 - [0:0] +:limit-91 - [0:0] +:limit-92 - [0:0] +:limit-93 - [0:0] +:limit-94 - [0:0] +:limit-95 - [0:0] +:limit-96 - [0:0] +:limit-97 - [0:0] +:limit-98 - [0:0] +:limit-99 - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] :logaccept-2 - [0:0] @@ -2143,12 +2699,16 @@ hash:net family inet :logaccept-4 - [0:0] :logaccept-5 - [0:0] :logaccept-6 - [0:0] +:logaccept-7 - [0:0] +:logaccept-8 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] +:logaccept-final-6 - [0:0] +:logaccept-final-7 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] @@ -2163,7 +2723,25 @@ hash:net family inet :logdrop-19 - [0:0] :logdrop-2 - [0:0] :logdrop-20 - [0:0] +:logdrop-21 - [0:0] +:logdrop-22 - [0:0] +:logdrop-23 - [0:0] +:logdrop-24 - [0:0] +:logdrop-25 - [0:0] +:logdrop-26 - [0:0] +:logdrop-27 - [0:0] +:logdrop-28 - [0:0] +:logdrop-29 - [0:0] :logdrop-3 - [0:0] +:logdrop-30 - [0:0] +:logdrop-31 - [0:0] +:logdrop-32 - [0:0] +:logdrop-33 - [0:0] +:logdrop-34 - [0:0] +:logdrop-35 - [0:0] +:logdrop-36 - [0:0] +:logdrop-37 - [0:0] +:logdrop-38 - [0:0] :logdrop-4 - [0:0] :logdrop-5 - [0:0] :logdrop-6 - [0:0] @@ -2176,6 +2754,26 @@ hash:net family inet :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-79 +-A FORWARD -j limit-78 +-A FORWARD -j limit-77 +-A FORWARD -j limit-76 +-A FORWARD -j limit-75 +-A FORWARD -j limit-74 +-A FORWARD -j limit-73 +-A FORWARD -j limit-72 +-A FORWARD -j limit-71 +-A FORWARD -j limit-70 +-A FORWARD -j limit-69 +-A FORWARD -j limit-68 +-A FORWARD -j limit-67 +-A FORWARD -j limit-66 +-A FORWARD -j limit-65 +-A FORWARD -j limit-64 +-A FORWARD -j limit-63 +-A FORWARD -j limit-62 +-A FORWARD -j limit-61 +-A FORWARD -j limit-60 -A FORWARD -j limit-59 -A FORWARD -j limit-58 -A FORWARD -j limit-57 @@ -2196,16 +2794,6 @@ hash:net family inet -A FORWARD -j limit-42 -A FORWARD -j limit-41 -A FORWARD -j limit-40 --A FORWARD -j limit-39 --A FORWARD -j limit-38 --A FORWARD -j limit-37 --A FORWARD -j limit-36 --A FORWARD -j limit-35 --A FORWARD -j limit-34 --A FORWARD -j limit-33 --A FORWARD -j limit-32 --A FORWARD -j limit-31 --A FORWARD -j limit-30 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -2243,6 +2831,16 @@ hash:net family inet -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -2261,16 +2859,22 @@ hash:net family inet -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-5 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-6 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-7 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-19 +-A FORWARD -j logdrop-37 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD --A FORWARD -j logaccept-6 --A FORWARD -j logdrop-20 +-A FORWARD -j logaccept-8 +-A FORWARD -j logdrop-38 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -2333,6 +2937,26 @@ hash:net family inet -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-79 +-A INPUT -j limit-78 +-A INPUT -j limit-77 +-A INPUT -j limit-76 +-A INPUT -j limit-75 +-A INPUT -j limit-74 +-A INPUT -j limit-73 +-A INPUT -j limit-72 +-A INPUT -j limit-71 +-A INPUT -j limit-70 +-A INPUT -j limit-69 +-A INPUT -j limit-68 +-A INPUT -j limit-67 +-A INPUT -j limit-66 +-A INPUT -j limit-65 +-A INPUT -j limit-64 +-A INPUT -j limit-63 +-A INPUT -j limit-62 +-A INPUT -j limit-61 +-A INPUT -j limit-60 -A INPUT -j limit-59 -A INPUT -j limit-58 -A INPUT -j limit-57 @@ -2353,16 +2977,6 @@ hash:net family inet -A INPUT -j limit-42 -A INPUT -j limit-41 -A INPUT -j limit-40 --A INPUT -j limit-39 --A INPUT -j limit-38 --A INPUT -j limit-37 --A INPUT -j limit-36 --A INPUT -j limit-35 --A INPUT -j limit-34 --A INPUT -j limit-33 --A INPUT -j limit-32 --A INPUT -j limit-31 --A INPUT -j limit-30 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -2389,26 +3003,12 @@ hash:net family inet -A INPUT -j ACCEPT -A INPUT -j logaccept-final-5 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-60 --A INPUT -i eth0 -j limit-61 --A INPUT -i eth0 -j limit-62 --A INPUT -i eth0 -j limit-63 --A INPUT -i eth0 -j limit-64 --A INPUT -i eth0 -j limit-65 --A INPUT -i eth0 -j limit-66 --A INPUT -i eth0 -j limit-67 --A INPUT -i eth0 -j limit-68 --A INPUT -i eth0 -j limit-69 --A INPUT -i eth0 -j limit-70 --A INPUT -i eth0 -j limit-71 --A INPUT -i eth0 -j limit-72 --A INPUT -i eth0 -j limit-73 --A INPUT -i eth0 -j limit-74 --A INPUT -i eth0 -j limit-75 --A INPUT -i eth0 -j limit-76 --A INPUT -i eth0 -j limit-77 --A INPUT -i eth0 -j limit-78 --A INPUT -i eth0 -j limit-79 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-6 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-7 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-80 -A INPUT -i eth0 -j limit-81 -A INPUT -i eth0 -j limit-82 @@ -2419,16 +3019,46 @@ hash:net family inet -A INPUT -i eth0 -j limit-87 -A INPUT -i eth0 -j limit-88 -A INPUT -i eth0 -j limit-89 +-A INPUT -i eth0 -j limit-90 +-A INPUT -i eth0 -j limit-91 +-A INPUT -i eth0 -j limit-92 +-A INPUT -i eth0 -j limit-93 +-A INPUT -i eth0 -j limit-94 +-A INPUT -i eth0 -j limit-95 +-A INPUT -i eth0 -j limit-96 +-A INPUT -i eth0 -j limit-97 +-A INPUT -i eth0 -j limit-98 +-A INPUT -i eth0 -j limit-99 +-A INPUT -i eth0 -j limit-100 +-A INPUT -i eth0 -j limit-101 +-A INPUT -i eth0 -j limit-102 +-A INPUT -i eth0 -j limit-103 +-A INPUT -i eth0 -j limit-104 +-A INPUT -i eth0 -j limit-105 +-A INPUT -i eth0 -j limit-106 +-A INPUT -i eth0 -j limit-107 +-A INPUT -i eth0 -j limit-108 +-A INPUT -i eth0 -j limit-109 +-A INPUT -i eth0 -j limit-110 +-A INPUT -i eth0 -j limit-111 +-A INPUT -i eth0 -j limit-112 +-A INPUT -i eth0 -j limit-113 +-A INPUT -i eth0 -j limit-114 +-A INPUT -i eth0 -j limit-115 +-A INPUT -i eth0 -j limit-116 +-A INPUT -i eth0 -j limit-117 +-A INPUT -i eth0 -j limit-118 +-A INPUT -i eth0 -j limit-119 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-19 +-A INPUT -j logdrop-37 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT --A INPUT -j logaccept-6 --A INPUT -j logdrop-20 +-A INPUT -j logaccept-8 +-A INPUT -j logdrop-38 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -2447,6 +3077,26 @@ hash:net family inet -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-79 +-A OUTPUT -j limit-78 +-A OUTPUT -j limit-77 +-A OUTPUT -j limit-76 +-A OUTPUT -j limit-75 +-A OUTPUT -j limit-74 +-A OUTPUT -j limit-73 +-A OUTPUT -j limit-72 +-A OUTPUT -j limit-71 +-A OUTPUT -j limit-70 +-A OUTPUT -j limit-69 +-A OUTPUT -j limit-68 +-A OUTPUT -j limit-67 +-A OUTPUT -j limit-66 +-A OUTPUT -j limit-65 +-A OUTPUT -j limit-64 +-A OUTPUT -j limit-63 +-A OUTPUT -j limit-62 +-A OUTPUT -j limit-61 +-A OUTPUT -j limit-60 -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 -A OUTPUT -j limit-57 @@ -2467,16 +3117,6 @@ hash:net family inet -A OUTPUT -j limit-42 -A OUTPUT -j limit-41 -A OUTPUT -j limit-40 --A OUTPUT -j limit-39 --A OUTPUT -j limit-38 --A OUTPUT -j limit-37 --A OUTPUT -j limit-36 --A OUTPUT -j limit-35 --A OUTPUT -j limit-34 --A OUTPUT -j limit-33 --A OUTPUT -j limit-32 --A OUTPUT -j limit-31 --A OUTPUT -j limit-30 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -2515,6 +3155,16 @@ hash:net family inet -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -2533,6 +3183,18 @@ hash:net family inet -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-5 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-6 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-7 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -2554,13 +3216,13 @@ hash:net family inet -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-19 +-A OUTPUT -j logdrop-37 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT --A OUTPUT -j logaccept-6 --A OUTPUT -j logdrop-20 +-A OUTPUT -j logaccept-8 +-A OUTPUT -j logdrop-38 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -2584,10 +3246,59 @@ hash:net family inet -A limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-2 -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set --A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m limit --limit 1/second -j LOG +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT +-A limit-104 -m limit --limit 1/second -j LOG +-A limit-104 -j DROP +-A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN +-A limit-105 -m limit --limit 1/second -j LOG +-A limit-105 -j DROP +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-4 +-A limit-106 -m limit --limit 1/second -j LOG +-A limit-106 -j DROP +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -m limit --limit 1/second -j LOG +-A limit-107 -j DROP +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT +-A limit-108 -m limit --limit 1/second -j LOG +-A limit-108 -j DROP +-A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN +-A limit-109 -m limit --limit 1/second -j LOG +-A limit-109 -j DROP +-A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-5 +-A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -j DROP +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT +-A limit-111 -m limit --limit 1/second -j LOG +-A limit-111 -j DROP +-A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j ACCEPT +-A limit-112 -j DROP +-A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN +-A limit-113 -j DROP +-A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j logaccept-6 +-A limit-114 -j DROP +-A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j ACCEPT +-A limit-115 -j DROP +-A limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-116 -j ACCEPT +-A limit-116 -j DROP +-A limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-117 -j RETURN +-A limit-117 -j DROP +-A limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-118 -j logaccept-7 +-A limit-118 -j DROP +-A limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-119 -j ACCEPT +-A limit-119 -j DROP -A limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP @@ -2601,183 +3312,208 @@ hash:net family inet -A limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --set --A limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-18 -j ACCEPT --A limit-18 -m limit --limit 1/second -j LOG --A limit-18 -j DROP --A limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-19 -j RETURN --A limit-19 -m limit --limit 1/second -j LOG --A limit-19 -j DROP +-A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --set -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-20 -j logaccept-0 +-A limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-20 -m limit --limit 1/second -j LOG --A limit-20 -j DROP --A limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-21 -j ACCEPT --A limit-21 -m limit --limit 1/second -j LOG --A limit-21 -j DROP --A limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-22 -j ACCEPT --A limit-22 -j DROP --A limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-23 -j RETURN --A limit-23 -j DROP --A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j logaccept-1 +-A limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set +-A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j ACCEPT +-A limit-24 -m limit --limit 1/second -j LOG -A limit-24 -j DROP --A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j ACCEPT +-A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j RETURN +-A limit-25 -m limit --limit 1/second -j LOG -A limit-25 -j DROP --A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j ACCEPT +-A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j logaccept-0 +-A limit-26 -m limit --limit 1/second -j LOG -A limit-26 -j DROP --A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j RETURN +-A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j ACCEPT +-A limit-27 -m limit --limit 1/second -j LOG -A limit-27 -j DROP --A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j logaccept-2 +-A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j ACCEPT +-A limit-28 -m limit --limit 1/second -j LOG -A limit-28 -j DROP --A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j ACCEPT +-A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j RETURN +-A limit-29 -m limit --limit 1/second -j LOG -A limit-29 -j DROP -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 --A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set --A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 --A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set --A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 --A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set --A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 --A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 --A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set --A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 --A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set --A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --set --A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --set --A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --set --A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-30 -j logaccept-1 +-A limit-30 -m limit --limit 1/second -j LOG +-A limit-30 -j DROP +-A limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-31 -j ACCEPT +-A limit-31 -m limit --limit 1/second -j LOG +-A limit-31 -j DROP +-A limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-32 -j ACCEPT +-A limit-32 -j DROP +-A limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-33 -j RETURN +-A limit-33 -j DROP +-A limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-34 -j logaccept-2 +-A limit-34 -j DROP +-A limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-35 -j ACCEPT +-A limit-35 -j DROP +-A limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-36 -j ACCEPT +-A limit-36 -j DROP +-A limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-37 -j RETURN +-A limit-37 -j DROP +-A limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-38 -j logaccept-3 +-A limit-38 -j DROP +-A limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-39 -j ACCEPT +-A limit-39 -j DROP -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set --A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 +-A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 +-A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set +-A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 -A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 -A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set --A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j RETURN --A limit-48 -m limit --limit 1/second -j LOG --A limit-48 -j DROP --A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j RETURN --A limit-49 -m limit --limit 1/second -j LOG --A limit-49 -j DROP +-A limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 +-A limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --set +-A limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 +-A limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set --A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j RETURN --A limit-50 -m limit --limit 1/second -j LOG --A limit-50 -j DROP --A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN --A limit-51 -m limit --limit 1/second -j LOG --A limit-51 -j DROP --A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j RETURN --A limit-52 -j DROP --A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j RETURN --A limit-53 -j DROP --A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j RETURN --A limit-54 -j DROP --A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN --A limit-55 -j DROP --A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j RETURN --A limit-56 -j DROP --A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j RETURN --A limit-57 -j DROP --A limit-58 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-58 -j RETURN --A limit-58 -j DROP --A limit-59 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-59 -j RETURN --A limit-59 -j DROP --A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 +-A limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --set +-A limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 +-A limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --set +-A limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --set +-A limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --set +-A limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --set +-A limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --set +-A limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --set +-A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set +-A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set +-A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 --A limit-62 -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 --A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 --A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set --A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set --A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set +-A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set +-A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set +-A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j RETURN +-A limit-64 -m limit --limit 1/second -j LOG +-A limit-64 -j DROP +-A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN +-A limit-65 -m limit --limit 1/second -j LOG +-A limit-65 -j DROP +-A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j RETURN +-A limit-66 -m limit --limit 1/second -j LOG +-A limit-66 -j DROP +-A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j RETURN +-A limit-67 -m limit --limit 1/second -j LOG +-A limit-67 -j DROP +-A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j RETURN -A limit-68 -m limit --limit 1/second -j LOG --A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-68 -j DROP +-A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN +-A limit-69 -m limit --limit 1/second -j LOG +-A limit-69 -j DROP +-A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set --A limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --set --A limit-72 -m recent --name limit-72 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-72 -m recent --name limit-72 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-73 -m recent --name limit-73 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-73 -m recent --name limit-73 --rsource --mask 255.255.255.255 --set --A limit-74 -m recent --name limit-74 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-74 -m limit --limit 1/second -j LOG --A limit-74 -m recent --name limit-74 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-75 -m recent --name limit-75 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-75 -m recent --name limit-75 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set --A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j ACCEPT --A limit-78 -m limit --limit 1/second -j LOG +-A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j RETURN +-A limit-70 -m limit --limit 1/second -j LOG +-A limit-70 -j DROP +-A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j RETURN +-A limit-71 -m limit --limit 1/second -j LOG +-A limit-71 -j DROP +-A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j RETURN +-A limit-72 -j DROP +-A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN +-A limit-73 -j DROP +-A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j RETURN +-A limit-74 -j DROP +-A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j RETURN +-A limit-75 -j DROP +-A limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-76 -j RETURN +-A limit-76 -j DROP +-A limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-77 -j RETURN +-A limit-77 -j DROP +-A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j RETURN -A limit-78 -j DROP -A limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-79 -j RETURN --A limit-79 -m limit --limit 1/second -j LOG -A limit-79 -j DROP --A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-80 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-80 -j logaccept-3 --A limit-80 -m limit --limit 1/second -j LOG --A limit-80 -j DROP --A limit-81 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-81 -j ACCEPT --A limit-81 -m limit --limit 1/second -j LOG --A limit-81 -j DROP --A limit-82 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-82 -j ACCEPT --A limit-82 -j DROP --A limit-83 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-83 -j RETURN --A limit-83 -j DROP --A limit-84 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-84 -j logaccept-4 --A limit-84 -j DROP --A limit-85 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-85 -j ACCEPT --A limit-85 -j DROP --A limit-86 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-86 -j ACCEPT --A limit-86 -j DROP --A limit-87 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-87 -j RETURN --A limit-87 -j DROP --A limit-88 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-88 -j logaccept-5 --A limit-88 -j DROP --A limit-89 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-89 -j ACCEPT --A limit-89 -j DROP --A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set +-A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 +-A limit-82 -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set +-A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set +-A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-88 -m limit --limit 1/second -j LOG +-A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set +-A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set +-A limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-94 -m limit --limit 1/second -j LOG +-A limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set +-A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -2792,6 +3528,10 @@ hash:net family inet -A logaccept-5 -j ACCEPT -A logaccept-6 -m limit --limit 1/second -j LOG -A logaccept-6 -j ACCEPT +-A logaccept-7 -m limit --limit 1/second -j LOG +-A logaccept-7 -j ACCEPT +-A logaccept-8 -m limit --limit 1/second -j LOG +-A logaccept-8 -j ACCEPT -A logaccept-final-0 -m limit --limit 1/second -j LOG -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG @@ -2804,6 +3544,10 @@ hash:net family inet -A logaccept-final-4 -j ACCEPT -A logaccept-final-5 -m limit --limit 1/second -j LOG -A logaccept-final-5 -j ACCEPT +-A logaccept-final-6 -m limit --limit 1/second -j LOG +-A logaccept-final-6 -j ACCEPT +-A logaccept-final-7 -m limit --limit 1/second -j LOG +-A logaccept-final-7 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG @@ -2832,8 +3576,44 @@ hash:net family inet -A logdrop-2 -j DROP -A logdrop-20 -m limit --limit 1/second -j LOG -A logdrop-20 -j DROP +-A logdrop-21 -m limit --limit 1/second -j LOG +-A logdrop-21 -j DROP +-A logdrop-22 -m limit --limit 1/second -j LOG +-A logdrop-22 -j DROP +-A logdrop-23 -m limit --limit 1/second -j LOG +-A logdrop-23 -j DROP +-A logdrop-24 -m limit --limit 1/second -j LOG +-A logdrop-24 -j DROP +-A logdrop-25 -m limit --limit 1/second -j LOG +-A logdrop-25 -j DROP +-A logdrop-26 -m limit --limit 1/second -j LOG +-A logdrop-26 -j DROP +-A logdrop-27 -m limit --limit 1/second -j LOG +-A logdrop-27 -j DROP +-A logdrop-28 -m limit --limit 1/second -j LOG +-A logdrop-28 -j DROP +-A logdrop-29 -m limit --limit 1/second -j LOG +-A logdrop-29 -j DROP -A logdrop-3 -m limit --limit 1/second -j LOG -A logdrop-3 -j DROP +-A logdrop-30 -m limit --limit 1/second -j LOG +-A logdrop-30 -j DROP +-A logdrop-31 -m limit --limit 1/second -j LOG +-A logdrop-31 -j DROP +-A logdrop-32 -m limit --limit 1/second -j LOG +-A logdrop-32 -j DROP +-A logdrop-33 -m limit --limit 1/second -j LOG +-A logdrop-33 -j DROP +-A logdrop-34 -m limit --limit 1/second -j LOG +-A logdrop-34 -j DROP +-A logdrop-35 -m limit --limit 1/second -j LOG +-A logdrop-35 -j DROP +-A logdrop-36 -m limit --limit 1/second -j LOG +-A logdrop-36 -j DROP +-A logdrop-37 -m limit --limit 1/second -j LOG +-A logdrop-37 -j DROP +-A logdrop-38 -m limit --limit 1/second -j LOG +-A logdrop-38 -j DROP -A logdrop-4 -m limit --limit 1/second -j LOG -A logdrop-4 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG @@ -2903,6 +3683,12 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -2944,6 +3730,16 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -2967,7 +3763,27 @@ COMMIT :limit-0 - [0:0] :limit-1 - [0:0] :limit-10 - [0:0] +:limit-100 - [0:0] +:limit-101 - [0:0] +:limit-102 - [0:0] +:limit-103 - [0:0] +:limit-104 - [0:0] +:limit-105 - [0:0] +:limit-106 - [0:0] +:limit-107 - [0:0] +:limit-108 - [0:0] +:limit-109 - [0:0] :limit-11 - [0:0] +:limit-110 - [0:0] +:limit-111 - [0:0] +:limit-112 - [0:0] +:limit-113 - [0:0] +:limit-114 - [0:0] +:limit-115 - [0:0] +:limit-116 - [0:0] +:limit-117 - [0:0] +:limit-118 - [0:0] +:limit-119 - [0:0] :limit-12 - [0:0] :limit-13 - [0:0] :limit-14 - [0:0] @@ -3054,6 +3870,16 @@ COMMIT :limit-88 - [0:0] :limit-89 - [0:0] :limit-9 - [0:0] +:limit-90 - [0:0] +:limit-91 - [0:0] +:limit-92 - [0:0] +:limit-93 - [0:0] +:limit-94 - [0:0] +:limit-95 - [0:0] +:limit-96 - [0:0] +:limit-97 - [0:0] +:limit-98 - [0:0] +:limit-99 - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] :logaccept-2 - [0:0] @@ -3061,12 +3887,16 @@ COMMIT :logaccept-4 - [0:0] :logaccept-5 - [0:0] :logaccept-6 - [0:0] +:logaccept-7 - [0:0] +:logaccept-8 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] +:logaccept-final-6 - [0:0] +:logaccept-final-7 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] @@ -3081,7 +3911,25 @@ COMMIT :logdrop-19 - [0:0] :logdrop-2 - [0:0] :logdrop-20 - [0:0] +:logdrop-21 - [0:0] +:logdrop-22 - [0:0] +:logdrop-23 - [0:0] +:logdrop-24 - [0:0] +:logdrop-25 - [0:0] +:logdrop-26 - [0:0] +:logdrop-27 - [0:0] +:logdrop-28 - [0:0] +:logdrop-29 - [0:0] :logdrop-3 - [0:0] +:logdrop-30 - [0:0] +:logdrop-31 - [0:0] +:logdrop-32 - [0:0] +:logdrop-33 - [0:0] +:logdrop-34 - [0:0] +:logdrop-35 - [0:0] +:logdrop-36 - [0:0] +:logdrop-37 - [0:0] +:logdrop-38 - [0:0] :logdrop-4 - [0:0] :logdrop-5 - [0:0] :logdrop-6 - [0:0] @@ -3094,6 +3942,26 @@ COMMIT :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-79 +-A FORWARD -j limit-78 +-A FORWARD -j limit-77 +-A FORWARD -j limit-76 +-A FORWARD -j limit-75 +-A FORWARD -j limit-74 +-A FORWARD -j limit-73 +-A FORWARD -j limit-72 +-A FORWARD -j limit-71 +-A FORWARD -j limit-70 +-A FORWARD -j limit-69 +-A FORWARD -j limit-68 +-A FORWARD -j limit-67 +-A FORWARD -j limit-66 +-A FORWARD -j limit-65 +-A FORWARD -j limit-64 +-A FORWARD -j limit-63 +-A FORWARD -j limit-62 +-A FORWARD -j limit-61 +-A FORWARD -j limit-60 -A FORWARD -j limit-59 -A FORWARD -j limit-58 -A FORWARD -j limit-57 @@ -3114,16 +3982,6 @@ COMMIT -A FORWARD -j limit-42 -A FORWARD -j limit-41 -A FORWARD -j limit-40 --A FORWARD -j limit-39 --A FORWARD -j limit-38 --A FORWARD -j limit-37 --A FORWARD -j limit-36 --A FORWARD -j limit-35 --A FORWARD -j limit-34 --A FORWARD -j limit-33 --A FORWARD -j limit-32 --A FORWARD -j limit-31 --A FORWARD -j limit-30 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -3161,6 +4019,16 @@ COMMIT -A FORWARD -o eth1 -d fc00::/7 -j limit-27 -A FORWARD -o eth1 -d fc00::/7 -j limit-28 -A FORWARD -o eth1 -d fc00::/7 -j limit-29 +-A FORWARD -o eth1 -d fc00::/7 -j limit-30 +-A FORWARD -o eth1 -d fc00::/7 -j limit-31 +-A FORWARD -o eth1 -d fc00::/7 -j limit-32 +-A FORWARD -o eth1 -d fc00::/7 -j limit-33 +-A FORWARD -o eth1 -d fc00::/7 -j limit-34 +-A FORWARD -o eth1 -d fc00::/7 -j limit-35 +-A FORWARD -o eth1 -d fc00::/7 -j limit-36 +-A FORWARD -o eth1 -d fc00::/7 -j limit-37 +-A FORWARD -o eth1 -d fc00::/7 -j limit-38 +-A FORWARD -o eth1 -d fc00::/7 -j limit-39 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -3179,16 +4047,22 @@ COMMIT -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-5 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-6 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-7 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-19 +-A FORWARD -j logdrop-37 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD --A FORWARD -j logaccept-6 --A FORWARD -j logdrop-20 +-A FORWARD -j logaccept-8 +-A FORWARD -j logdrop-38 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -3221,6 +4095,26 @@ COMMIT -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-79 +-A INPUT -j limit-78 +-A INPUT -j limit-77 +-A INPUT -j limit-76 +-A INPUT -j limit-75 +-A INPUT -j limit-74 +-A INPUT -j limit-73 +-A INPUT -j limit-72 +-A INPUT -j limit-71 +-A INPUT -j limit-70 +-A INPUT -j limit-69 +-A INPUT -j limit-68 +-A INPUT -j limit-67 +-A INPUT -j limit-66 +-A INPUT -j limit-65 +-A INPUT -j limit-64 +-A INPUT -j limit-63 +-A INPUT -j limit-62 +-A INPUT -j limit-61 +-A INPUT -j limit-60 -A INPUT -j limit-59 -A INPUT -j limit-58 -A INPUT -j limit-57 @@ -3241,16 +4135,6 @@ COMMIT -A INPUT -j limit-42 -A INPUT -j limit-41 -A INPUT -j limit-40 --A INPUT -j limit-39 --A INPUT -j limit-38 --A INPUT -j limit-37 --A INPUT -j limit-36 --A INPUT -j limit-35 --A INPUT -j limit-34 --A INPUT -j limit-33 --A INPUT -j limit-32 --A INPUT -j limit-31 --A INPUT -j limit-30 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -3277,26 +4161,12 @@ COMMIT -A INPUT -j ACCEPT -A INPUT -j logaccept-final-5 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-60 --A INPUT -i eth0 -j limit-61 --A INPUT -i eth0 -j limit-62 --A INPUT -i eth0 -j limit-63 --A INPUT -i eth0 -j limit-64 --A INPUT -i eth0 -j limit-65 --A INPUT -i eth0 -j limit-66 --A INPUT -i eth0 -j limit-67 --A INPUT -i eth0 -j limit-68 --A INPUT -i eth0 -j limit-69 --A INPUT -i eth0 -j limit-70 --A INPUT -i eth0 -j limit-71 --A INPUT -i eth0 -j limit-72 --A INPUT -i eth0 -j limit-73 --A INPUT -i eth0 -j limit-74 --A INPUT -i eth0 -j limit-75 --A INPUT -i eth0 -j limit-76 --A INPUT -i eth0 -j limit-77 --A INPUT -i eth0 -j limit-78 --A INPUT -i eth0 -j limit-79 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-6 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-7 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-80 -A INPUT -i eth0 -j limit-81 -A INPUT -i eth0 -j limit-82 @@ -3307,16 +4177,46 @@ COMMIT -A INPUT -i eth0 -j limit-87 -A INPUT -i eth0 -j limit-88 -A INPUT -i eth0 -j limit-89 +-A INPUT -i eth0 -j limit-90 +-A INPUT -i eth0 -j limit-91 +-A INPUT -i eth0 -j limit-92 +-A INPUT -i eth0 -j limit-93 +-A INPUT -i eth0 -j limit-94 +-A INPUT -i eth0 -j limit-95 +-A INPUT -i eth0 -j limit-96 +-A INPUT -i eth0 -j limit-97 +-A INPUT -i eth0 -j limit-98 +-A INPUT -i eth0 -j limit-99 +-A INPUT -i eth0 -j limit-100 +-A INPUT -i eth0 -j limit-101 +-A INPUT -i eth0 -j limit-102 +-A INPUT -i eth0 -j limit-103 +-A INPUT -i eth0 -j limit-104 +-A INPUT -i eth0 -j limit-105 +-A INPUT -i eth0 -j limit-106 +-A INPUT -i eth0 -j limit-107 +-A INPUT -i eth0 -j limit-108 +-A INPUT -i eth0 -j limit-109 +-A INPUT -i eth0 -j limit-110 +-A INPUT -i eth0 -j limit-111 +-A INPUT -i eth0 -j limit-112 +-A INPUT -i eth0 -j limit-113 +-A INPUT -i eth0 -j limit-114 +-A INPUT -i eth0 -j limit-115 +-A INPUT -i eth0 -j limit-116 +-A INPUT -i eth0 -j limit-117 +-A INPUT -i eth0 -j limit-118 +-A INPUT -i eth0 -j limit-119 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-19 +-A INPUT -j logdrop-37 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT --A INPUT -j logaccept-6 --A INPUT -j logdrop-20 +-A INPUT -j logaccept-8 +-A INPUT -j logdrop-38 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -3329,6 +4229,26 @@ COMMIT -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-79 +-A OUTPUT -j limit-78 +-A OUTPUT -j limit-77 +-A OUTPUT -j limit-76 +-A OUTPUT -j limit-75 +-A OUTPUT -j limit-74 +-A OUTPUT -j limit-73 +-A OUTPUT -j limit-72 +-A OUTPUT -j limit-71 +-A OUTPUT -j limit-70 +-A OUTPUT -j limit-69 +-A OUTPUT -j limit-68 +-A OUTPUT -j limit-67 +-A OUTPUT -j limit-66 +-A OUTPUT -j limit-65 +-A OUTPUT -j limit-64 +-A OUTPUT -j limit-63 +-A OUTPUT -j limit-62 +-A OUTPUT -j limit-61 +-A OUTPUT -j limit-60 -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 -A OUTPUT -j limit-57 @@ -3349,16 +4269,6 @@ COMMIT -A OUTPUT -j limit-42 -A OUTPUT -j limit-41 -A OUTPUT -j limit-40 --A OUTPUT -j limit-39 --A OUTPUT -j limit-38 --A OUTPUT -j limit-37 --A OUTPUT -j limit-36 --A OUTPUT -j limit-35 --A OUTPUT -j limit-34 --A OUTPUT -j limit-33 --A OUTPUT -j limit-32 --A OUTPUT -j limit-31 --A OUTPUT -j limit-30 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -3397,6 +4307,16 @@ COMMIT -A OUTPUT -o eth1 -d fc00::/7 -j limit-27 -A OUTPUT -o eth1 -d fc00::/7 -j limit-28 -A OUTPUT -o eth1 -d fc00::/7 -j limit-29 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-30 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-31 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-32 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-33 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-34 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-35 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-36 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-37 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-38 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-39 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -3415,6 +4335,18 @@ COMMIT -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-5 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-6 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-7 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -3436,13 +4368,13 @@ COMMIT -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-19 +-A OUTPUT -j logdrop-37 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT --A OUTPUT -j logaccept-6 --A OUTPUT -j logdrop-20 +-A OUTPUT -j logaccept-8 +-A OUTPUT -j logdrop-38 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -3461,10 +4393,59 @@ COMMIT -A limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2 -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m limit --limit 1/second -j LOG +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT +-A limit-104 -m limit --limit 1/second -j LOG +-A limit-104 -j DROP +-A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN +-A limit-105 -m limit --limit 1/second -j LOG +-A limit-105 -j DROP +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-4 +-A limit-106 -m limit --limit 1/second -j LOG +-A limit-106 -j DROP +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -m limit --limit 1/second -j LOG +-A limit-107 -j DROP +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT +-A limit-108 -m limit --limit 1/second -j LOG +-A limit-108 -j DROP +-A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN +-A limit-109 -m limit --limit 1/second -j LOG +-A limit-109 -j DROP +-A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-5 +-A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -j DROP +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT +-A limit-111 -m limit --limit 1/second -j LOG +-A limit-111 -j DROP +-A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j ACCEPT +-A limit-112 -j DROP +-A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN +-A limit-113 -j DROP +-A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j logaccept-6 +-A limit-114 -j DROP +-A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j ACCEPT +-A limit-115 -j DROP +-A limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-116 -j ACCEPT +-A limit-116 -j DROP +-A limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-117 -j RETURN +-A limit-117 -j DROP +-A limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-118 -j logaccept-7 +-A limit-118 -j DROP +-A limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-119 -j ACCEPT +-A limit-119 -j DROP -A limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP @@ -3478,183 +4459,208 @@ COMMIT -A limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-18 -j ACCEPT --A limit-18 -m limit --limit 1/second -j LOG --A limit-18 -j DROP --A limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-19 -j RETURN --A limit-19 -m limit --limit 1/second -j LOG --A limit-19 -j DROP +-A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-20 -j logaccept-0 +-A limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-20 -m limit --limit 1/second -j LOG --A limit-20 -j DROP --A limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-21 -j ACCEPT --A limit-21 -m limit --limit 1/second -j LOG --A limit-21 -j DROP --A limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-22 -j ACCEPT --A limit-22 -j DROP --A limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-23 -j RETURN --A limit-23 -j DROP --A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j logaccept-1 +-A limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j ACCEPT +-A limit-24 -m limit --limit 1/second -j LOG -A limit-24 -j DROP --A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j ACCEPT +-A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j RETURN +-A limit-25 -m limit --limit 1/second -j LOG -A limit-25 -j DROP --A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j ACCEPT +-A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j logaccept-0 +-A limit-26 -m limit --limit 1/second -j LOG -A limit-26 -j DROP --A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j RETURN +-A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j ACCEPT +-A limit-27 -m limit --limit 1/second -j LOG -A limit-27 -j DROP --A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j logaccept-2 +-A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j ACCEPT +-A limit-28 -m limit --limit 1/second -j LOG -A limit-28 -j DROP --A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j ACCEPT +-A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j RETURN +-A limit-29 -m limit --limit 1/second -j LOG -A limit-29 -j DROP -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 --A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 --A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 --A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 --A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 --A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 --A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-30 -j logaccept-1 +-A limit-30 -m limit --limit 1/second -j LOG +-A limit-30 -j DROP +-A limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-31 -j ACCEPT +-A limit-31 -m limit --limit 1/second -j LOG +-A limit-31 -j DROP +-A limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-32 -j ACCEPT +-A limit-32 -j DROP +-A limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-33 -j RETURN +-A limit-33 -j DROP +-A limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-34 -j logaccept-2 +-A limit-34 -j DROP +-A limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-35 -j ACCEPT +-A limit-35 -j DROP +-A limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-36 -j ACCEPT +-A limit-36 -j DROP +-A limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-37 -j RETURN +-A limit-37 -j DROP +-A limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-38 -j logaccept-3 +-A limit-38 -j DROP +-A limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-39 -j ACCEPT +-A limit-39 -j DROP -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 +-A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 +-A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 -A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 -A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j RETURN --A limit-48 -m limit --limit 1/second -j LOG --A limit-48 -j DROP --A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j RETURN --A limit-49 -m limit --limit 1/second -j LOG --A limit-49 -j DROP +-A limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 +-A limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 +-A limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j RETURN --A limit-50 -m limit --limit 1/second -j LOG --A limit-50 -j DROP --A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN --A limit-51 -m limit --limit 1/second -j LOG --A limit-51 -j DROP --A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j RETURN --A limit-52 -j DROP --A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j RETURN --A limit-53 -j DROP --A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j RETURN --A limit-54 -j DROP --A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN --A limit-55 -j DROP --A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j RETURN --A limit-56 -j DROP --A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j RETURN --A limit-57 -j DROP --A limit-58 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-58 -j RETURN --A limit-58 -j DROP --A limit-59 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-59 -j RETURN --A limit-59 -j DROP --A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 +-A limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 +-A limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 --A limit-62 -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 --A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 --A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j RETURN +-A limit-64 -m limit --limit 1/second -j LOG +-A limit-64 -j DROP +-A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN +-A limit-65 -m limit --limit 1/second -j LOG +-A limit-65 -j DROP +-A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j RETURN +-A limit-66 -m limit --limit 1/second -j LOG +-A limit-66 -j DROP +-A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j RETURN +-A limit-67 -m limit --limit 1/second -j LOG +-A limit-67 -j DROP +-A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j RETURN -A limit-68 -m limit --limit 1/second -j LOG --A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-68 -j DROP +-A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN +-A limit-69 -m limit --limit 1/second -j LOG +-A limit-69 -j DROP +-A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-72 -m recent --name limit-72 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-72 -m recent --name limit-72 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-73 -m recent --name limit-73 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-73 -m recent --name limit-73 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-74 -m recent --name limit-74 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-74 -m limit --limit 1/second -j LOG --A limit-74 -m recent --name limit-74 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-75 -m recent --name limit-75 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-75 -m recent --name limit-75 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j ACCEPT --A limit-78 -m limit --limit 1/second -j LOG +-A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j RETURN +-A limit-70 -m limit --limit 1/second -j LOG +-A limit-70 -j DROP +-A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j RETURN +-A limit-71 -m limit --limit 1/second -j LOG +-A limit-71 -j DROP +-A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j RETURN +-A limit-72 -j DROP +-A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN +-A limit-73 -j DROP +-A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j RETURN +-A limit-74 -j DROP +-A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j RETURN +-A limit-75 -j DROP +-A limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-76 -j RETURN +-A limit-76 -j DROP +-A limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-77 -j RETURN +-A limit-77 -j DROP +-A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j RETURN -A limit-78 -j DROP -A limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-79 -j RETURN --A limit-79 -m limit --limit 1/second -j LOG -A limit-79 -j DROP --A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-80 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-80 -j logaccept-3 --A limit-80 -m limit --limit 1/second -j LOG --A limit-80 -j DROP --A limit-81 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-81 -j ACCEPT --A limit-81 -m limit --limit 1/second -j LOG --A limit-81 -j DROP --A limit-82 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-82 -j ACCEPT --A limit-82 -j DROP --A limit-83 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-83 -j RETURN --A limit-83 -j DROP --A limit-84 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-84 -j logaccept-4 --A limit-84 -j DROP --A limit-85 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-85 -j ACCEPT --A limit-85 -j DROP --A limit-86 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-86 -j ACCEPT --A limit-86 -j DROP --A limit-87 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-87 -j RETURN --A limit-87 -j DROP --A limit-88 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-88 -j logaccept-5 --A limit-88 -j DROP --A limit-89 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-89 -j ACCEPT --A limit-89 -j DROP --A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 +-A limit-82 -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-88 -m limit --limit 1/second -j LOG +-A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-94 -m limit --limit 1/second -j LOG +-A limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -3669,6 +4675,10 @@ COMMIT -A logaccept-5 -j ACCEPT -A logaccept-6 -m limit --limit 1/second -j LOG -A logaccept-6 -j ACCEPT +-A logaccept-7 -m limit --limit 1/second -j LOG +-A logaccept-7 -j ACCEPT +-A logaccept-8 -m limit --limit 1/second -j LOG +-A logaccept-8 -j ACCEPT -A logaccept-final-0 -m limit --limit 1/second -j LOG -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG @@ -3681,6 +4691,10 @@ COMMIT -A logaccept-final-4 -j ACCEPT -A logaccept-final-5 -m limit --limit 1/second -j LOG -A logaccept-final-5 -j ACCEPT +-A logaccept-final-6 -m limit --limit 1/second -j LOG +-A logaccept-final-6 -j ACCEPT +-A logaccept-final-7 -m limit --limit 1/second -j LOG +-A logaccept-final-7 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG @@ -3709,8 +4723,44 @@ COMMIT -A logdrop-2 -j DROP -A logdrop-20 -m limit --limit 1/second -j LOG -A logdrop-20 -j DROP +-A logdrop-21 -m limit --limit 1/second -j LOG +-A logdrop-21 -j DROP +-A logdrop-22 -m limit --limit 1/second -j LOG +-A logdrop-22 -j DROP +-A logdrop-23 -m limit --limit 1/second -j LOG +-A logdrop-23 -j DROP +-A logdrop-24 -m limit --limit 1/second -j LOG +-A logdrop-24 -j DROP +-A logdrop-25 -m limit --limit 1/second -j LOG +-A logdrop-25 -j DROP +-A logdrop-26 -m limit --limit 1/second -j LOG +-A logdrop-26 -j DROP +-A logdrop-27 -m limit --limit 1/second -j LOG +-A logdrop-27 -j DROP +-A logdrop-28 -m limit --limit 1/second -j LOG +-A logdrop-28 -j DROP +-A logdrop-29 -m limit --limit 1/second -j LOG +-A logdrop-29 -j DROP -A logdrop-3 -m limit --limit 1/second -j LOG -A logdrop-3 -j DROP +-A logdrop-30 -m limit --limit 1/second -j LOG +-A logdrop-30 -j DROP +-A logdrop-31 -m limit --limit 1/second -j LOG +-A logdrop-31 -j DROP +-A logdrop-32 -m limit --limit 1/second -j LOG +-A logdrop-32 -j DROP +-A logdrop-33 -m limit --limit 1/second -j LOG +-A logdrop-33 -j DROP +-A logdrop-34 -m limit --limit 1/second -j LOG +-A logdrop-34 -j DROP +-A logdrop-35 -m limit --limit 1/second -j LOG +-A logdrop-35 -j DROP +-A logdrop-36 -m limit --limit 1/second -j LOG +-A logdrop-36 -j DROP +-A logdrop-37 -m limit --limit 1/second -j LOG +-A logdrop-37 -j DROP +-A logdrop-38 -m limit --limit 1/second -j LOG +-A logdrop-38 -j DROP -A logdrop-4 -m limit --limit 1/second -j LOG -A logdrop-4 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG @@ -3763,6 +4813,12 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -3798,6 +4854,16 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack diff --git a/test/output/rules-save b/test/output/rules-save index f5531e4..791540e 100644 --- a/test/output/rules-save +++ b/test/output/rules-save @@ -7,7 +7,27 @@ :limit-0 - [0:0] :limit-1 - [0:0] :limit-10 - [0:0] +:limit-100 - [0:0] +:limit-101 - [0:0] +:limit-102 - [0:0] +:limit-103 - [0:0] +:limit-104 - [0:0] +:limit-105 - [0:0] +:limit-106 - [0:0] +:limit-107 - [0:0] +:limit-108 - [0:0] +:limit-109 - [0:0] :limit-11 - [0:0] +:limit-110 - [0:0] +:limit-111 - [0:0] +:limit-112 - [0:0] +:limit-113 - [0:0] +:limit-114 - [0:0] +:limit-115 - [0:0] +:limit-116 - [0:0] +:limit-117 - [0:0] +:limit-118 - [0:0] +:limit-119 - [0:0] :limit-12 - [0:0] :limit-13 - [0:0] :limit-14 - [0:0] @@ -94,6 +114,16 @@ :limit-88 - [0:0] :limit-89 - [0:0] :limit-9 - [0:0] +:limit-90 - [0:0] +:limit-91 - [0:0] +:limit-92 - [0:0] +:limit-93 - [0:0] +:limit-94 - [0:0] +:limit-95 - [0:0] +:limit-96 - [0:0] +:limit-97 - [0:0] +:limit-98 - [0:0] +:limit-99 - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] :logaccept-2 - [0:0] @@ -101,12 +131,16 @@ :logaccept-4 - [0:0] :logaccept-5 - [0:0] :logaccept-6 - [0:0] +:logaccept-7 - [0:0] +:logaccept-8 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] +:logaccept-final-6 - [0:0] +:logaccept-final-7 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] @@ -121,7 +155,25 @@ :logdrop-19 - [0:0] :logdrop-2 - [0:0] :logdrop-20 - [0:0] +:logdrop-21 - [0:0] +:logdrop-22 - [0:0] +:logdrop-23 - [0:0] +:logdrop-24 - [0:0] +:logdrop-25 - [0:0] +:logdrop-26 - [0:0] +:logdrop-27 - [0:0] +:logdrop-28 - [0:0] +:logdrop-29 - [0:0] :logdrop-3 - [0:0] +:logdrop-30 - [0:0] +:logdrop-31 - [0:0] +:logdrop-32 - [0:0] +:logdrop-33 - [0:0] +:logdrop-34 - [0:0] +:logdrop-35 - [0:0] +:logdrop-36 - [0:0] +:logdrop-37 - [0:0] +:logdrop-38 - [0:0] :logdrop-4 - [0:0] :logdrop-5 - [0:0] :logdrop-6 - [0:0] @@ -134,6 +186,26 @@ :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A FORWARD -j limit-79 +-A FORWARD -j limit-78 +-A FORWARD -j limit-77 +-A FORWARD -j limit-76 +-A FORWARD -j limit-75 +-A FORWARD -j limit-74 +-A FORWARD -j limit-73 +-A FORWARD -j limit-72 +-A FORWARD -j limit-71 +-A FORWARD -j limit-70 +-A FORWARD -j limit-69 +-A FORWARD -j limit-68 +-A FORWARD -j limit-67 +-A FORWARD -j limit-66 +-A FORWARD -j limit-65 +-A FORWARD -j limit-64 +-A FORWARD -j limit-63 +-A FORWARD -j limit-62 +-A FORWARD -j limit-61 +-A FORWARD -j limit-60 -A FORWARD -j limit-59 -A FORWARD -j limit-58 -A FORWARD -j limit-57 @@ -154,16 +226,6 @@ -A FORWARD -j limit-42 -A FORWARD -j limit-41 -A FORWARD -j limit-40 --A FORWARD -j limit-39 --A FORWARD -j limit-38 --A FORWARD -j limit-37 --A FORWARD -j limit-36 --A FORWARD -j limit-35 --A FORWARD -j limit-34 --A FORWARD -j limit-33 --A FORWARD -j limit-32 --A FORWARD -j limit-31 --A FORWARD -j limit-30 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -201,6 +263,16 @@ -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-27 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-28 -A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-29 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-30 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-31 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-32 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-33 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-34 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-35 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-36 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-37 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-38 +-A FORWARD -o eth1 -d 10.0.0.0/12 -j limit-39 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -219,16 +291,22 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-5 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-6 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-7 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-19 +-A FORWARD -j logdrop-37 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD --A FORWARD -j logaccept-6 --A FORWARD -j logdrop-20 +-A FORWARD -j logaccept-8 +-A FORWARD -j logdrop-38 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -291,6 +369,26 @@ -A FORWARD -p icmp -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A INPUT -j limit-79 +-A INPUT -j limit-78 +-A INPUT -j limit-77 +-A INPUT -j limit-76 +-A INPUT -j limit-75 +-A INPUT -j limit-74 +-A INPUT -j limit-73 +-A INPUT -j limit-72 +-A INPUT -j limit-71 +-A INPUT -j limit-70 +-A INPUT -j limit-69 +-A INPUT -j limit-68 +-A INPUT -j limit-67 +-A INPUT -j limit-66 +-A INPUT -j limit-65 +-A INPUT -j limit-64 +-A INPUT -j limit-63 +-A INPUT -j limit-62 +-A INPUT -j limit-61 +-A INPUT -j limit-60 -A INPUT -j limit-59 -A INPUT -j limit-58 -A INPUT -j limit-57 @@ -311,16 +409,6 @@ -A INPUT -j limit-42 -A INPUT -j limit-41 -A INPUT -j limit-40 --A INPUT -j limit-39 --A INPUT -j limit-38 --A INPUT -j limit-37 --A INPUT -j limit-36 --A INPUT -j limit-35 --A INPUT -j limit-34 --A INPUT -j limit-33 --A INPUT -j limit-32 --A INPUT -j limit-31 --A INPUT -j limit-30 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -347,26 +435,12 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-5 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-60 --A INPUT -i eth0 -j limit-61 --A INPUT -i eth0 -j limit-62 --A INPUT -i eth0 -j limit-63 --A INPUT -i eth0 -j limit-64 --A INPUT -i eth0 -j limit-65 --A INPUT -i eth0 -j limit-66 --A INPUT -i eth0 -j limit-67 --A INPUT -i eth0 -j limit-68 --A INPUT -i eth0 -j limit-69 --A INPUT -i eth0 -j limit-70 --A INPUT -i eth0 -j limit-71 --A INPUT -i eth0 -j limit-72 --A INPUT -i eth0 -j limit-73 --A INPUT -i eth0 -j limit-74 --A INPUT -i eth0 -j limit-75 --A INPUT -i eth0 -j limit-76 --A INPUT -i eth0 -j limit-77 --A INPUT -i eth0 -j limit-78 --A INPUT -i eth0 -j limit-79 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-6 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-7 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-80 -A INPUT -i eth0 -j limit-81 -A INPUT -i eth0 -j limit-82 @@ -377,16 +451,46 @@ -A INPUT -i eth0 -j limit-87 -A INPUT -i eth0 -j limit-88 -A INPUT -i eth0 -j limit-89 +-A INPUT -i eth0 -j limit-90 +-A INPUT -i eth0 -j limit-91 +-A INPUT -i eth0 -j limit-92 +-A INPUT -i eth0 -j limit-93 +-A INPUT -i eth0 -j limit-94 +-A INPUT -i eth0 -j limit-95 +-A INPUT -i eth0 -j limit-96 +-A INPUT -i eth0 -j limit-97 +-A INPUT -i eth0 -j limit-98 +-A INPUT -i eth0 -j limit-99 +-A INPUT -i eth0 -j limit-100 +-A INPUT -i eth0 -j limit-101 +-A INPUT -i eth0 -j limit-102 +-A INPUT -i eth0 -j limit-103 +-A INPUT -i eth0 -j limit-104 +-A INPUT -i eth0 -j limit-105 +-A INPUT -i eth0 -j limit-106 +-A INPUT -i eth0 -j limit-107 +-A INPUT -i eth0 -j limit-108 +-A INPUT -i eth0 -j limit-109 +-A INPUT -i eth0 -j limit-110 +-A INPUT -i eth0 -j limit-111 +-A INPUT -i eth0 -j limit-112 +-A INPUT -i eth0 -j limit-113 +-A INPUT -i eth0 -j limit-114 +-A INPUT -i eth0 -j limit-115 +-A INPUT -i eth0 -j limit-116 +-A INPUT -i eth0 -j limit-117 +-A INPUT -i eth0 -j limit-118 +-A INPUT -i eth0 -j limit-119 -A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A INPUT -j ACCEPT --A INPUT -j logdrop-19 +-A INPUT -j logdrop-37 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT --A INPUT -j logaccept-6 --A INPUT -j logdrop-20 +-A INPUT -j logaccept-8 +-A INPUT -j logdrop-38 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -405,6 +509,26 @@ -A INPUT -p icmp -j icmp-routing -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set +-A OUTPUT -j limit-79 +-A OUTPUT -j limit-78 +-A OUTPUT -j limit-77 +-A OUTPUT -j limit-76 +-A OUTPUT -j limit-75 +-A OUTPUT -j limit-74 +-A OUTPUT -j limit-73 +-A OUTPUT -j limit-72 +-A OUTPUT -j limit-71 +-A OUTPUT -j limit-70 +-A OUTPUT -j limit-69 +-A OUTPUT -j limit-68 +-A OUTPUT -j limit-67 +-A OUTPUT -j limit-66 +-A OUTPUT -j limit-65 +-A OUTPUT -j limit-64 +-A OUTPUT -j limit-63 +-A OUTPUT -j limit-62 +-A OUTPUT -j limit-61 +-A OUTPUT -j limit-60 -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 -A OUTPUT -j limit-57 @@ -425,16 +549,6 @@ -A OUTPUT -j limit-42 -A OUTPUT -j limit-41 -A OUTPUT -j limit-40 --A OUTPUT -j limit-39 --A OUTPUT -j limit-38 --A OUTPUT -j limit-37 --A OUTPUT -j limit-36 --A OUTPUT -j limit-35 --A OUTPUT -j limit-34 --A OUTPUT -j limit-33 --A OUTPUT -j limit-32 --A OUTPUT -j limit-31 --A OUTPUT -j limit-30 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -473,6 +587,16 @@ -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-27 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-28 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-29 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-30 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-31 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-32 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-33 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-34 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-35 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-36 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-37 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-38 +-A OUTPUT -o eth1 -d 10.0.0.0/12 -j limit-39 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -491,6 +615,18 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-5 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-6 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-7 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -512,13 +648,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set -A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-19 +-A OUTPUT -j logdrop-37 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT --A OUTPUT -j logaccept-6 --A OUTPUT -j logdrop-20 +-A OUTPUT -j logaccept-8 +-A OUTPUT -j logdrop-38 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -542,10 +678,59 @@ -A limit-0 -m recent --name limit-0 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-2 -A limit-1 -m recent --name limit-1 --rsource --mask 255.255.255.255 --set --A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m limit --limit 1/second -j LOG +-A limit-100 -m recent --name limit-100 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-101 -m recent --name limit-101 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-102 -m recent --name limit-102 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-103 -m recent --name limit-103 --rsource --mask 255.255.255.255 --set +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-104 -j ACCEPT +-A limit-104 -m limit --limit 1/second -j LOG +-A limit-104 -j DROP +-A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-105 -j RETURN +-A limit-105 -m limit --limit 1/second -j LOG +-A limit-105 -j DROP +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-106 -j logaccept-4 +-A limit-106 -m limit --limit 1/second -j LOG +-A limit-106 -j DROP +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -m limit --limit 1/second -j LOG +-A limit-107 -j DROP +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-108 -j ACCEPT +-A limit-108 -m limit --limit 1/second -j LOG +-A limit-108 -j DROP +-A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-109 -j RETURN +-A limit-109 -m limit --limit 1/second -j LOG +-A limit-109 -j DROP +-A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask 255.255.255.255 --set +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-110 -j logaccept-5 +-A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -j DROP +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-111 -j ACCEPT +-A limit-111 -m limit --limit 1/second -j LOG +-A limit-111 -j DROP +-A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-112 -j ACCEPT +-A limit-112 -j DROP +-A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-113 -j RETURN +-A limit-113 -j DROP +-A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-114 -j logaccept-6 +-A limit-114 -j DROP +-A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-115 -j ACCEPT +-A limit-115 -j DROP +-A limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-116 -j ACCEPT +-A limit-116 -j DROP +-A limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-117 -j RETURN +-A limit-117 -j DROP +-A limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-118 -j logaccept-7 +-A limit-118 -j DROP +-A limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-119 -j ACCEPT +-A limit-119 -j DROP -A limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-12 -m recent --name limit-12 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-13 -m recent --name limit-13 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP @@ -559,183 +744,208 @@ -A limit-16 -m recent --name limit-16 --rsource --mask 255.255.255.255 --set -j ACCEPT -A limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-17 -m recent --name limit-17 --rsource --mask 255.255.255.255 --set --A limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-18 -j ACCEPT --A limit-18 -m limit --limit 1/second -j LOG --A limit-18 -j DROP --A limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-19 -j RETURN --A limit-19 -m limit --limit 1/second -j LOG --A limit-19 -j DROP +-A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-18 -m recent --name limit-18 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-19 -m recent --name limit-19 --rsource --mask 255.255.255.255 --set -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-20 -j logaccept-0 +-A limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP -A limit-20 -m limit --limit 1/second -j LOG --A limit-20 -j DROP --A limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-21 -j ACCEPT --A limit-21 -m limit --limit 1/second -j LOG --A limit-21 -j DROP --A limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-22 -j ACCEPT --A limit-22 -j DROP --A limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-23 -j RETURN --A limit-23 -j DROP --A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j logaccept-1 +-A limit-20 -m recent --name limit-20 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-21 -m recent --name limit-21 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-22 -m recent --name limit-22 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-23 -m recent --name limit-23 --rsource --mask 255.255.255.255 --set +-A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-24 -j ACCEPT +-A limit-24 -m limit --limit 1/second -j LOG -A limit-24 -j DROP --A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j ACCEPT +-A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-25 -j RETURN +-A limit-25 -m limit --limit 1/second -j LOG -A limit-25 -j DROP --A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j ACCEPT +-A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-26 -j logaccept-0 +-A limit-26 -m limit --limit 1/second -j LOG -A limit-26 -j DROP --A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j RETURN +-A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-27 -j ACCEPT +-A limit-27 -m limit --limit 1/second -j LOG -A limit-27 -j DROP --A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j logaccept-2 +-A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-28 -j ACCEPT +-A limit-28 -m limit --limit 1/second -j LOG -A limit-28 -j DROP --A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j ACCEPT +-A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-29 -j RETURN +-A limit-29 -m limit --limit 1/second -j LOG -A limit-29 -j DROP -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 --A limit-30 -m recent --name limit-30 --rsource --mask 255.255.255.255 --set --A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 --A limit-31 -m recent --name limit-31 --rsource --mask 255.255.255.255 --set --A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 --A limit-32 -m recent --name limit-32 --rsource --mask 255.255.255.255 --set --A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 --A limit-33 -m recent --name limit-33 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-11 --A limit-34 -m recent --name limit-34 --rsource --mask 255.255.255.255 --set --A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-12 --A limit-35 -m recent --name limit-35 --rsource --mask 255.255.255.255 --set --A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-36 -m recent --name limit-36 --rsource --mask 255.255.255.255 --set --A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-37 -m recent --name limit-37 --rsource --mask 255.255.255.255 --set --A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-38 -m recent --name limit-38 --rsource --mask 255.255.255.255 --set --A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-39 -m recent --name limit-39 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-30 -j logaccept-1 +-A limit-30 -m limit --limit 1/second -j LOG +-A limit-30 -j DROP +-A limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-31 -j ACCEPT +-A limit-31 -m limit --limit 1/second -j LOG +-A limit-31 -j DROP +-A limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-32 -j ACCEPT +-A limit-32 -j DROP +-A limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-33 -j RETURN +-A limit-33 -j DROP +-A limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-34 -j logaccept-2 +-A limit-34 -j DROP +-A limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-35 -j ACCEPT +-A limit-35 -j DROP +-A limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-36 -j ACCEPT +-A limit-36 -j DROP +-A limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-37 -j RETURN +-A limit-37 -j DROP +-A limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-38 -j logaccept-3 +-A limit-38 -j DROP +-A limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-39 -j ACCEPT +-A limit-39 -j DROP -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-40 -m recent --name limit-40 --rsource --mask 255.255.255.255 --set --A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-41 -m recent --name limit-41 --rsource --mask 255.255.255.255 --set --A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-42 -m recent --name limit-42 --rsource --mask 255.255.255.255 --set --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set --A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 +-A limit-43 -m recent --name limit-43 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-44 -m recent --name limit-44 --rsource --mask 255.255.255.255 --set --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 +-A limit-45 -m recent --name limit-45 --rsource --mask 255.255.255.255 --set +-A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-19 -A limit-46 -m recent --name limit-46 --rsource --mask 255.255.255.255 --set --A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-20 -A limit-47 -m recent --name limit-47 --rsource --mask 255.255.255.255 --set --A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-48 -j RETURN --A limit-48 -m limit --limit 1/second -j LOG --A limit-48 -j DROP --A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-49 -j RETURN --A limit-49 -m limit --limit 1/second -j LOG --A limit-49 -j DROP +-A limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-21 +-A limit-48 -m recent --name limit-48 --rsource --mask 255.255.255.255 --set +-A limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-22 +-A limit-49 -m recent --name limit-49 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask 255.255.255.255 --set --A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-50 -j RETURN --A limit-50 -m limit --limit 1/second -j LOG --A limit-50 -j DROP --A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-51 -j RETURN --A limit-51 -m limit --limit 1/second -j LOG --A limit-51 -j DROP --A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-52 -j RETURN --A limit-52 -j DROP --A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-53 -j RETURN --A limit-53 -j DROP --A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-54 -j RETURN --A limit-54 -j DROP --A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-55 -j RETURN --A limit-55 -j DROP --A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-56 -j RETURN --A limit-56 -j DROP --A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-57 -j RETURN --A limit-57 -j DROP --A limit-58 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-58 -j RETURN --A limit-58 -j DROP --A limit-59 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-59 -j RETURN --A limit-59 -j DROP --A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-23 +-A limit-50 -m recent --name limit-50 --rsource --mask 255.255.255.255 --set +-A limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-24 +-A limit-51 -m recent --name limit-51 --rsource --mask 255.255.255.255 --set +-A limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-52 -m recent --name limit-52 --rsource --mask 255.255.255.255 --set +-A limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-53 -m recent --name limit-53 --rsource --mask 255.255.255.255 --set +-A limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-54 -m recent --name limit-54 --rsource --mask 255.255.255.255 --set +-A limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-55 -m recent --name limit-55 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-56 -m recent --name limit-56 --rsource --mask 255.255.255.255 --set +-A limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m recent --name limit-57 --rsource --mask 255.255.255.255 --set +-A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-58 -m recent --name limit-58 --rsource --mask 255.255.255.255 --set +-A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name limit-59 --rsource --mask 255.255.255.255 --set +-A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-13 --A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-14 --A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-15 --A limit-62 -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-16 --A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-17 --A limit-64 -m recent --name limit-64 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-18 --A limit-65 -m recent --name limit-65 --rsource --mask 255.255.255.255 --set --A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-66 -m recent --name limit-66 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-67 -m recent --name limit-67 --rsource --mask 255.255.255.255 --set --A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask 255.255.255.255 --set +-A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-61 -m recent --name limit-61 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-62 -m recent --name limit-62 --rsource --mask 255.255.255.255 --set +-A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-63 -m recent --name limit-63 --rsource --mask 255.255.255.255 --set +-A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-64 -j RETURN +-A limit-64 -m limit --limit 1/second -j LOG +-A limit-64 -j DROP +-A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-65 -j RETURN +-A limit-65 -m limit --limit 1/second -j LOG +-A limit-65 -j DROP +-A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-66 -j RETURN +-A limit-66 -m limit --limit 1/second -j LOG +-A limit-66 -j DROP +-A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-67 -j RETURN +-A limit-67 -m limit --limit 1/second -j LOG +-A limit-67 -j DROP +-A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-68 -j RETURN -A limit-68 -m limit --limit 1/second -j LOG --A limit-68 -m recent --name limit-68 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-69 -m recent --name limit-69 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-68 -j DROP +-A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-69 -j RETURN +-A limit-69 -m limit --limit 1/second -j LOG +-A limit-69 -j DROP +-A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask 255.255.255.255 --set --A limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-70 -m recent --name limit-70 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-71 -m recent --name limit-71 --rsource --mask 255.255.255.255 --set --A limit-72 -m recent --name limit-72 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-72 -m recent --name limit-72 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-73 -m recent --name limit-73 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-73 -m recent --name limit-73 --rsource --mask 255.255.255.255 --set --A limit-74 -m recent --name limit-74 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-74 -m limit --limit 1/second -j LOG --A limit-74 -m recent --name limit-74 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-75 -m recent --name limit-75 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-75 -m recent --name limit-75 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-76 -m recent --name limit-76 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP --A limit-77 -m recent --name limit-77 --rsource --mask 255.255.255.255 --set --A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j ACCEPT --A limit-78 -m limit --limit 1/second -j LOG +-A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-70 -j RETURN +-A limit-70 -m limit --limit 1/second -j LOG +-A limit-70 -j DROP +-A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-71 -j RETURN +-A limit-71 -m limit --limit 1/second -j LOG +-A limit-71 -j DROP +-A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-72 -j RETURN +-A limit-72 -j DROP +-A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-73 -j RETURN +-A limit-73 -j DROP +-A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-74 -j RETURN +-A limit-74 -j DROP +-A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-75 -j RETURN +-A limit-75 -j DROP +-A limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-76 -j RETURN +-A limit-76 -j DROP +-A limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-77 -j RETURN +-A limit-77 -j DROP +-A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-78 -j RETURN -A limit-78 -j DROP -A limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-79 -j RETURN --A limit-79 -m limit --limit 1/second -j LOG -A limit-79 -j DROP --A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask 255.255.255.255 --set -j ACCEPT --A limit-80 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-80 -j logaccept-3 --A limit-80 -m limit --limit 1/second -j LOG --A limit-80 -j DROP --A limit-81 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-81 -j ACCEPT --A limit-81 -m limit --limit 1/second -j LOG --A limit-81 -j DROP --A limit-82 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-82 -j ACCEPT --A limit-82 -j DROP --A limit-83 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-83 -j RETURN --A limit-83 -j DROP --A limit-84 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-84 -j logaccept-4 --A limit-84 -j DROP --A limit-85 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-85 -j ACCEPT --A limit-85 -j DROP --A limit-86 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-86 -j ACCEPT --A limit-86 -j DROP --A limit-87 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-87 -j RETURN --A limit-87 -j DROP --A limit-88 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-88 -j logaccept-5 --A limit-88 -j DROP --A limit-89 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name limit-89 -j ACCEPT --A limit-89 -j DROP --A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-80 -m recent --name limit-80 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-81 -m recent --name limit-81 --rsource --mask 255.255.255.255 --set +-A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-27 +-A limit-82 -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name limit-82 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-83 -m recent --name limit-83 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-84 -m recent --name limit-84 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-85 -m recent --name limit-85 --rsource --mask 255.255.255.255 --set +-A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-86 -m recent --name limit-86 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-87 -m recent --name limit-87 --rsource --mask 255.255.255.255 --set +-A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-88 -m limit --limit 1/second -j LOG +-A limit-88 -m recent --name limit-88 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-89 -m recent --name limit-89 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-90 -m recent --name limit-90 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-91 -m recent --name limit-91 --rsource --mask 255.255.255.255 --set +-A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-92 -m recent --name limit-92 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-93 -m recent --name limit-93 --rsource --mask 255.255.255.255 --set +-A limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-94 -m limit --limit 1/second -j LOG +-A limit-94 -m recent --name limit-94 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-95 -m recent --name limit-95 --rsource --mask 255.255.255.255 --set -m limit --limit 1/second -j LOG +-A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-96 -m recent --name limit-96 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-97 -m recent --name limit-97 --rsource --mask 255.255.255.255 --set +-A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-98 -m recent --name limit-98 --rsource --mask 255.255.255.255 --set -j ACCEPT +-A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --update --hitcount 1 --seconds 1 -j DROP +-A limit-99 -m recent --name limit-99 --rsource --mask 255.255.255.255 --set -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -750,6 +960,10 @@ -A logaccept-5 -j ACCEPT -A logaccept-6 -m limit --limit 1/second -j LOG -A logaccept-6 -j ACCEPT +-A logaccept-7 -m limit --limit 1/second -j LOG +-A logaccept-7 -j ACCEPT +-A logaccept-8 -m limit --limit 1/second -j LOG +-A logaccept-8 -j ACCEPT -A logaccept-final-0 -m limit --limit 1/second -j LOG -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG @@ -762,6 +976,10 @@ -A logaccept-final-4 -j ACCEPT -A logaccept-final-5 -m limit --limit 1/second -j LOG -A logaccept-final-5 -j ACCEPT +-A logaccept-final-6 -m limit --limit 1/second -j LOG +-A logaccept-final-6 -j ACCEPT +-A logaccept-final-7 -m limit --limit 1/second -j LOG +-A logaccept-final-7 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG @@ -790,8 +1008,44 @@ -A logdrop-2 -j DROP -A logdrop-20 -m limit --limit 1/second -j LOG -A logdrop-20 -j DROP +-A logdrop-21 -m limit --limit 1/second -j LOG +-A logdrop-21 -j DROP +-A logdrop-22 -m limit --limit 1/second -j LOG +-A logdrop-22 -j DROP +-A logdrop-23 -m limit --limit 1/second -j LOG +-A logdrop-23 -j DROP +-A logdrop-24 -m limit --limit 1/second -j LOG +-A logdrop-24 -j DROP +-A logdrop-25 -m limit --limit 1/second -j LOG +-A logdrop-25 -j DROP +-A logdrop-26 -m limit --limit 1/second -j LOG +-A logdrop-26 -j DROP +-A logdrop-27 -m limit --limit 1/second -j LOG +-A logdrop-27 -j DROP +-A logdrop-28 -m limit --limit 1/second -j LOG +-A logdrop-28 -j DROP +-A logdrop-29 -m limit --limit 1/second -j LOG +-A logdrop-29 -j DROP -A logdrop-3 -m limit --limit 1/second -j LOG -A logdrop-3 -j DROP +-A logdrop-30 -m limit --limit 1/second -j LOG +-A logdrop-30 -j DROP +-A logdrop-31 -m limit --limit 1/second -j LOG +-A logdrop-31 -j DROP +-A logdrop-32 -m limit --limit 1/second -j LOG +-A logdrop-32 -j DROP +-A logdrop-33 -m limit --limit 1/second -j LOG +-A logdrop-33 -j DROP +-A logdrop-34 -m limit --limit 1/second -j LOG +-A logdrop-34 -j DROP +-A logdrop-35 -m limit --limit 1/second -j LOG +-A logdrop-35 -j DROP +-A logdrop-36 -m limit --limit 1/second -j LOG +-A logdrop-36 -j DROP +-A logdrop-37 -m limit --limit 1/second -j LOG +-A logdrop-37 -j DROP +-A logdrop-38 -m limit --limit 1/second -j LOG +-A logdrop-38 -j DROP -A logdrop-4 -m limit --limit 1/second -j LOG -A logdrop-4 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG @@ -861,6 +1115,12 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A OUTPUT -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack @@ -902,6 +1162,16 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -p tcp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack -A PREROUTING -p udp --dport 1812 -s 172.16.0.0/16 -d 172.17.0.0/16 -j CT --notrack diff --git a/test/output/rules6-save b/test/output/rules6-save index f4cfd9f..4843615 100644 --- a/test/output/rules6-save +++ b/test/output/rules6-save @@ -7,7 +7,27 @@ :limit-0 - [0:0] :limit-1 - [0:0] :limit-10 - [0:0] +:limit-100 - [0:0] +:limit-101 - [0:0] +:limit-102 - [0:0] +:limit-103 - [0:0] +:limit-104 - [0:0] +:limit-105 - [0:0] +:limit-106 - [0:0] +:limit-107 - [0:0] +:limit-108 - [0:0] +:limit-109 - [0:0] :limit-11 - [0:0] +:limit-110 - [0:0] +:limit-111 - [0:0] +:limit-112 - [0:0] +:limit-113 - [0:0] +:limit-114 - [0:0] +:limit-115 - [0:0] +:limit-116 - [0:0] +:limit-117 - [0:0] +:limit-118 - [0:0] +:limit-119 - [0:0] :limit-12 - [0:0] :limit-13 - [0:0] :limit-14 - [0:0] @@ -94,6 +114,16 @@ :limit-88 - [0:0] :limit-89 - [0:0] :limit-9 - [0:0] +:limit-90 - [0:0] +:limit-91 - [0:0] +:limit-92 - [0:0] +:limit-93 - [0:0] +:limit-94 - [0:0] +:limit-95 - [0:0] +:limit-96 - [0:0] +:limit-97 - [0:0] +:limit-98 - [0:0] +:limit-99 - [0:0] :logaccept-0 - [0:0] :logaccept-1 - [0:0] :logaccept-2 - [0:0] @@ -101,12 +131,16 @@ :logaccept-4 - [0:0] :logaccept-5 - [0:0] :logaccept-6 - [0:0] +:logaccept-7 - [0:0] +:logaccept-8 - [0:0] :logaccept-final-0 - [0:0] :logaccept-final-1 - [0:0] :logaccept-final-2 - [0:0] :logaccept-final-3 - [0:0] :logaccept-final-4 - [0:0] :logaccept-final-5 - [0:0] +:logaccept-final-6 - [0:0] +:logaccept-final-7 - [0:0] :logdrop-0 - [0:0] :logdrop-1 - [0:0] :logdrop-10 - [0:0] @@ -121,7 +155,25 @@ :logdrop-19 - [0:0] :logdrop-2 - [0:0] :logdrop-20 - [0:0] +:logdrop-21 - [0:0] +:logdrop-22 - [0:0] +:logdrop-23 - [0:0] +:logdrop-24 - [0:0] +:logdrop-25 - [0:0] +:logdrop-26 - [0:0] +:logdrop-27 - [0:0] +:logdrop-28 - [0:0] +:logdrop-29 - [0:0] :logdrop-3 - [0:0] +:logdrop-30 - [0:0] +:logdrop-31 - [0:0] +:logdrop-32 - [0:0] +:logdrop-33 - [0:0] +:logdrop-34 - [0:0] +:logdrop-35 - [0:0] +:logdrop-36 - [0:0] +:logdrop-37 - [0:0] +:logdrop-38 - [0:0] :logdrop-4 - [0:0] :logdrop-5 - [0:0] :logdrop-6 - [0:0] @@ -134,6 +186,26 @@ :tarpit - [0:0] -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A FORWARD -j limit-79 +-A FORWARD -j limit-78 +-A FORWARD -j limit-77 +-A FORWARD -j limit-76 +-A FORWARD -j limit-75 +-A FORWARD -j limit-74 +-A FORWARD -j limit-73 +-A FORWARD -j limit-72 +-A FORWARD -j limit-71 +-A FORWARD -j limit-70 +-A FORWARD -j limit-69 +-A FORWARD -j limit-68 +-A FORWARD -j limit-67 +-A FORWARD -j limit-66 +-A FORWARD -j limit-65 +-A FORWARD -j limit-64 +-A FORWARD -j limit-63 +-A FORWARD -j limit-62 +-A FORWARD -j limit-61 +-A FORWARD -j limit-60 -A FORWARD -j limit-59 -A FORWARD -j limit-58 -A FORWARD -j limit-57 @@ -154,16 +226,6 @@ -A FORWARD -j limit-42 -A FORWARD -j limit-41 -A FORWARD -j limit-40 --A FORWARD -j limit-39 --A FORWARD -j limit-38 --A FORWARD -j limit-37 --A FORWARD -j limit-36 --A FORWARD -j limit-35 --A FORWARD -j limit-34 --A FORWARD -j limit-33 --A FORWARD -j limit-32 --A FORWARD -j limit-31 --A FORWARD -j limit-30 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT -A FORWARD -j ACCEPT -A FORWARD -j ACCEPT @@ -201,6 +263,16 @@ -A FORWARD -o eth1 -d fc00::/7 -j limit-27 -A FORWARD -o eth1 -d fc00::/7 -j limit-28 -A FORWARD -o eth1 -d fc00::/7 -j limit-29 +-A FORWARD -o eth1 -d fc00::/7 -j limit-30 +-A FORWARD -o eth1 -d fc00::/7 -j limit-31 +-A FORWARD -o eth1 -d fc00::/7 -j limit-32 +-A FORWARD -o eth1 -d fc00::/7 -j limit-33 +-A FORWARD -o eth1 -d fc00::/7 -j limit-34 +-A FORWARD -o eth1 -d fc00::/7 -j limit-35 +-A FORWARD -o eth1 -d fc00::/7 -j limit-36 +-A FORWARD -o eth1 -d fc00::/7 -j limit-37 +-A FORWARD -o eth1 -d fc00::/7 -j limit-38 +-A FORWARD -o eth1 -d fc00::/7 -j limit-39 -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-0 -A FORWARD -j ACCEPT @@ -219,16 +291,22 @@ -A FORWARD -j ACCEPT -A FORWARD -j logaccept-final-5 -A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-6 +-A FORWARD -j ACCEPT +-A FORWARD -j ACCEPT +-A FORWARD -j logaccept-final-7 +-A FORWARD -j ACCEPT -A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A FORWARD -j ACCEPT --A FORWARD -j logdrop-19 +-A FORWARD -j logdrop-37 -A FORWARD -A FORWARD -j ACCEPT -A FORWARD -j DROP -A FORWARD --A FORWARD -j logaccept-6 --A FORWARD -j logdrop-20 +-A FORWARD -j logaccept-8 +-A FORWARD -j logdrop-38 -A FORWARD -j logpass-0 -A FORWARD -j ACCEPT -A FORWARD -j DROP @@ -261,6 +339,26 @@ -A FORWARD -p icmpv6 -j icmp-routing -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A INPUT -j limit-79 +-A INPUT -j limit-78 +-A INPUT -j limit-77 +-A INPUT -j limit-76 +-A INPUT -j limit-75 +-A INPUT -j limit-74 +-A INPUT -j limit-73 +-A INPUT -j limit-72 +-A INPUT -j limit-71 +-A INPUT -j limit-70 +-A INPUT -j limit-69 +-A INPUT -j limit-68 +-A INPUT -j limit-67 +-A INPUT -j limit-66 +-A INPUT -j limit-65 +-A INPUT -j limit-64 +-A INPUT -j limit-63 +-A INPUT -j limit-62 +-A INPUT -j limit-61 +-A INPUT -j limit-60 -A INPUT -j limit-59 -A INPUT -j limit-58 -A INPUT -j limit-57 @@ -281,16 +379,6 @@ -A INPUT -j limit-42 -A INPUT -j limit-41 -A INPUT -j limit-40 --A INPUT -j limit-39 --A INPUT -j limit-38 --A INPUT -j limit-37 --A INPUT -j limit-36 --A INPUT -j limit-35 --A INPUT -j limit-34 --A INPUT -j limit-33 --A INPUT -j limit-32 --A INPUT -j limit-31 --A INPUT -j limit-30 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -317,26 +405,12 @@ -A INPUT -j ACCEPT -A INPUT -j logaccept-final-5 -A INPUT -j ACCEPT --A INPUT -i eth0 -j limit-60 --A INPUT -i eth0 -j limit-61 --A INPUT -i eth0 -j limit-62 --A INPUT -i eth0 -j limit-63 --A INPUT -i eth0 -j limit-64 --A INPUT -i eth0 -j limit-65 --A INPUT -i eth0 -j limit-66 --A INPUT -i eth0 -j limit-67 --A INPUT -i eth0 -j limit-68 --A INPUT -i eth0 -j limit-69 --A INPUT -i eth0 -j limit-70 --A INPUT -i eth0 -j limit-71 --A INPUT -i eth0 -j limit-72 --A INPUT -i eth0 -j limit-73 --A INPUT -i eth0 -j limit-74 --A INPUT -i eth0 -j limit-75 --A INPUT -i eth0 -j limit-76 --A INPUT -i eth0 -j limit-77 --A INPUT -i eth0 -j limit-78 --A INPUT -i eth0 -j limit-79 +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-6 +-A INPUT -j ACCEPT +-A INPUT -j ACCEPT +-A INPUT -j logaccept-final-7 +-A INPUT -j ACCEPT -A INPUT -i eth0 -j limit-80 -A INPUT -i eth0 -j limit-81 -A INPUT -i eth0 -j limit-82 @@ -347,16 +421,46 @@ -A INPUT -i eth0 -j limit-87 -A INPUT -i eth0 -j limit-88 -A INPUT -i eth0 -j limit-89 +-A INPUT -i eth0 -j limit-90 +-A INPUT -i eth0 -j limit-91 +-A INPUT -i eth0 -j limit-92 +-A INPUT -i eth0 -j limit-93 +-A INPUT -i eth0 -j limit-94 +-A INPUT -i eth0 -j limit-95 +-A INPUT -i eth0 -j limit-96 +-A INPUT -i eth0 -j limit-97 +-A INPUT -i eth0 -j limit-98 +-A INPUT -i eth0 -j limit-99 +-A INPUT -i eth0 -j limit-100 +-A INPUT -i eth0 -j limit-101 +-A INPUT -i eth0 -j limit-102 +-A INPUT -i eth0 -j limit-103 +-A INPUT -i eth0 -j limit-104 +-A INPUT -i eth0 -j limit-105 +-A INPUT -i eth0 -j limit-106 +-A INPUT -i eth0 -j limit-107 +-A INPUT -i eth0 -j limit-108 +-A INPUT -i eth0 -j limit-109 +-A INPUT -i eth0 -j limit-110 +-A INPUT -i eth0 -j limit-111 +-A INPUT -i eth0 -j limit-112 +-A INPUT -i eth0 -j limit-113 +-A INPUT -i eth0 -j limit-114 +-A INPUT -i eth0 -j limit-115 +-A INPUT -i eth0 -j limit-116 +-A INPUT -i eth0 -j limit-117 +-A INPUT -i eth0 -j limit-118 +-A INPUT -i eth0 -j limit-119 -A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j ACCEPT --A INPUT -j logdrop-19 +-A INPUT -j logdrop-37 -A INPUT -A INPUT -j ACCEPT -A INPUT -j DROP -A INPUT --A INPUT -j logaccept-6 --A INPUT -j logdrop-20 +-A INPUT -j logaccept-8 +-A INPUT -j logdrop-38 -A INPUT -j logpass-0 -A INPUT -j ACCEPT -A INPUT -j DROP @@ -369,6 +473,26 @@ -A INPUT -p icmpv6 -j ACCEPT -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A OUTPUT -j limit-79 +-A OUTPUT -j limit-78 +-A OUTPUT -j limit-77 +-A OUTPUT -j limit-76 +-A OUTPUT -j limit-75 +-A OUTPUT -j limit-74 +-A OUTPUT -j limit-73 +-A OUTPUT -j limit-72 +-A OUTPUT -j limit-71 +-A OUTPUT -j limit-70 +-A OUTPUT -j limit-69 +-A OUTPUT -j limit-68 +-A OUTPUT -j limit-67 +-A OUTPUT -j limit-66 +-A OUTPUT -j limit-65 +-A OUTPUT -j limit-64 +-A OUTPUT -j limit-63 +-A OUTPUT -j limit-62 +-A OUTPUT -j limit-61 +-A OUTPUT -j limit-60 -A OUTPUT -j limit-59 -A OUTPUT -j limit-58 -A OUTPUT -j limit-57 @@ -389,16 +513,6 @@ -A OUTPUT -j limit-42 -A OUTPUT -j limit-41 -A OUTPUT -j limit-40 --A OUTPUT -j limit-39 --A OUTPUT -j limit-38 --A OUTPUT -j limit-37 --A OUTPUT -j limit-36 --A OUTPUT -j limit-35 --A OUTPUT -j limit-34 --A OUTPUT -j limit-33 --A OUTPUT -j limit-32 --A OUTPUT -j limit-31 --A OUTPUT -j limit-30 -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j ACCEPT @@ -437,6 +551,16 @@ -A OUTPUT -o eth1 -d fc00::/7 -j limit-27 -A OUTPUT -o eth1 -d fc00::/7 -j limit-28 -A OUTPUT -o eth1 -d fc00::/7 -j limit-29 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-30 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-31 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-32 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-33 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-34 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-35 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-36 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-37 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-38 +-A OUTPUT -o eth1 -d fc00::/7 -j limit-39 -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-0 -A OUTPUT -j ACCEPT @@ -455,6 +579,18 @@ -A OUTPUT -j ACCEPT -A OUTPUT -j logaccept-final-5 -A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-6 +-A OUTPUT -j ACCEPT +-A OUTPUT -j ACCEPT +-A OUTPUT -j logaccept-final-7 +-A OUTPUT -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT +-A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT @@ -476,13 +612,13 @@ -A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A OUTPUT -j ACCEPT --A OUTPUT -j logdrop-19 +-A OUTPUT -j logdrop-37 -A OUTPUT -A OUTPUT -j ACCEPT -A OUTPUT -j DROP -A OUTPUT --A OUTPUT -j logaccept-6 --A OUTPUT -j logdrop-20 +-A OUTPUT -j logaccept-8 +-A OUTPUT -j logdrop-38 -A OUTPUT -j logpass-0 -A OUTPUT -j ACCEPT -A OUTPUT -j DROP @@ -501,10 +637,59 @@ -A limit-0 -m recent --name limit-0 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-2 -A limit-1 -m recent --name limit-1 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 -A limit-10 -m recent --name limit-10 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-100 -m limit --limit 1/second -j LOG +-A limit-100 -m recent --name limit-100 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-101 -m recent --name limit-101 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-102 -m recent --name limit-102 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-103 -m recent --name limit-103 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-104 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-104 -j ACCEPT +-A limit-104 -m limit --limit 1/second -j LOG +-A limit-104 -j DROP +-A limit-105 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-105 -j RETURN +-A limit-105 -m limit --limit 1/second -j LOG +-A limit-105 -j DROP +-A limit-106 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-106 -j logaccept-4 +-A limit-106 -m limit --limit 1/second -j LOG +-A limit-106 -j DROP +-A limit-107 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-107 -j ACCEPT +-A limit-107 -m limit --limit 1/second -j LOG +-A limit-107 -j DROP +-A limit-108 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-108 -j ACCEPT +-A limit-108 -m limit --limit 1/second -j LOG +-A limit-108 -j DROP +-A limit-109 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-109 -j RETURN +-A limit-109 -m limit --limit 1/second -j LOG +-A limit-109 -j DROP +-A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 -A limit-11 -m recent --name limit-11 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-110 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-110 -j logaccept-5 +-A limit-110 -m limit --limit 1/second -j LOG +-A limit-110 -j DROP +-A limit-111 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-111 -j ACCEPT +-A limit-111 -m limit --limit 1/second -j LOG +-A limit-111 -j DROP +-A limit-112 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-112 -j ACCEPT +-A limit-112 -j DROP +-A limit-113 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-113 -j RETURN +-A limit-113 -j DROP +-A limit-114 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-114 -j logaccept-6 +-A limit-114 -j DROP +-A limit-115 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-115 -j ACCEPT +-A limit-115 -j DROP +-A limit-116 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-116 -j ACCEPT +-A limit-116 -j DROP +-A limit-117 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-117 -j RETURN +-A limit-117 -j DROP +-A limit-118 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-118 -j logaccept-7 +-A limit-118 -j DROP +-A limit-119 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-119 -j ACCEPT +-A limit-119 -j DROP -A limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-12 -m recent --name limit-12 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-13 -m recent --name limit-13 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP @@ -518,183 +703,208 @@ -A limit-16 -m recent --name limit-16 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT -A limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-17 -m recent --name limit-17 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-18 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-18 -j ACCEPT --A limit-18 -m limit --limit 1/second -j LOG --A limit-18 -j DROP --A limit-19 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-19 -j RETURN --A limit-19 -m limit --limit 1/second -j LOG --A limit-19 -j DROP +-A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-18 -m recent --name limit-18 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-19 -m recent --name limit-19 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-3 -A limit-2 -m limit --limit 1/second -j LOG -A limit-2 -m recent --name limit-2 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-20 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-20 -j logaccept-0 +-A limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP -A limit-20 -m limit --limit 1/second -j LOG --A limit-20 -j DROP --A limit-21 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-21 -j ACCEPT --A limit-21 -m limit --limit 1/second -j LOG --A limit-21 -j DROP --A limit-22 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-22 -j ACCEPT --A limit-22 -j DROP --A limit-23 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-23 -j RETURN --A limit-23 -j DROP --A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j logaccept-1 +-A limit-20 -m recent --name limit-20 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-21 -m recent --name limit-21 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-22 -m recent --name limit-22 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-23 -m recent --name limit-23 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-24 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-24 -j ACCEPT +-A limit-24 -m limit --limit 1/second -j LOG -A limit-24 -j DROP --A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j ACCEPT +-A limit-25 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-25 -j RETURN +-A limit-25 -m limit --limit 1/second -j LOG -A limit-25 -j DROP --A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j ACCEPT +-A limit-26 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-26 -j logaccept-0 +-A limit-26 -m limit --limit 1/second -j LOG -A limit-26 -j DROP --A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j RETURN +-A limit-27 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-27 -j ACCEPT +-A limit-27 -m limit --limit 1/second -j LOG -A limit-27 -j DROP --A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j logaccept-2 +-A limit-28 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-28 -j ACCEPT +-A limit-28 -m limit --limit 1/second -j LOG -A limit-28 -j DROP --A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j ACCEPT +-A limit-29 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-29 -j RETURN +-A limit-29 -m limit --limit 1/second -j LOG -A limit-29 -j DROP -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-4 -A limit-3 -m recent --name limit-3 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 --A limit-30 -m recent --name limit-30 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 --A limit-31 -m recent --name limit-31 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 --A limit-32 -m recent --name limit-32 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 --A limit-33 -m recent --name limit-33 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-11 --A limit-34 -m recent --name limit-34 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-12 --A limit-35 -m recent --name limit-35 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-36 -m recent --name limit-36 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-37 -m recent --name limit-37 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-38 -m recent --name limit-38 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-39 -m recent --name limit-39 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-30 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-30 -j logaccept-1 +-A limit-30 -m limit --limit 1/second -j LOG +-A limit-30 -j DROP +-A limit-31 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-31 -j ACCEPT +-A limit-31 -m limit --limit 1/second -j LOG +-A limit-31 -j DROP +-A limit-32 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-32 -j ACCEPT +-A limit-32 -j DROP +-A limit-33 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-33 -j RETURN +-A limit-33 -j DROP +-A limit-34 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-34 -j logaccept-2 +-A limit-34 -j DROP +-A limit-35 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-35 -j ACCEPT +-A limit-35 -j DROP +-A limit-36 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-36 -j ACCEPT +-A limit-36 -j DROP +-A limit-37 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-37 -j RETURN +-A limit-37 -j DROP +-A limit-38 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-38 -j logaccept-3 +-A limit-38 -j DROP +-A limit-39 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-39 -j ACCEPT +-A limit-39 -j DROP -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-5 -A limit-4 -m recent --name limit-4 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 -A limit-40 -m recent --name limit-40 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 -A limit-41 -m recent --name limit-41 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 -A limit-42 -m recent --name limit-42 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 +-A limit-43 -m recent --name limit-43 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 -A limit-44 -m recent --name limit-44 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 +-A limit-45 -m recent --name limit-45 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-19 -A limit-46 -m recent --name limit-46 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-20 -A limit-47 -m recent --name limit-47 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-48 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-48 -j RETURN --A limit-48 -m limit --limit 1/second -j LOG --A limit-48 -j DROP --A limit-49 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-49 -j RETURN --A limit-49 -m limit --limit 1/second -j LOG --A limit-49 -j DROP +-A limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-21 +-A limit-48 -m recent --name limit-48 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-22 +-A limit-49 -m recent --name limit-49 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-6 -A limit-5 -m recent --name limit-5 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-50 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-50 -j RETURN --A limit-50 -m limit --limit 1/second -j LOG --A limit-50 -j DROP --A limit-51 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-51 -j RETURN --A limit-51 -m limit --limit 1/second -j LOG --A limit-51 -j DROP --A limit-52 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-52 -j RETURN --A limit-52 -j DROP --A limit-53 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-53 -j RETURN --A limit-53 -j DROP --A limit-54 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-54 -j RETURN --A limit-54 -j DROP --A limit-55 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-55 -j RETURN --A limit-55 -j DROP --A limit-56 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-56 -j RETURN --A limit-56 -j DROP --A limit-57 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-57 -j RETURN --A limit-57 -j DROP --A limit-58 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-58 -j RETURN --A limit-58 -j DROP --A limit-59 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-59 -j RETURN --A limit-59 -j DROP --A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-23 +-A limit-50 -m recent --name limit-50 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-24 +-A limit-51 -m recent --name limit-51 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-52 -m recent --name limit-52 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-53 -m recent --name limit-53 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-54 -m recent --name limit-54 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-55 -m recent --name limit-55 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-56 -m recent --name limit-56 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-57 -m recent --name limit-57 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-58 -m recent --name limit-58 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-59 -m recent --name limit-59 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-7 -A limit-6 -m recent --name limit-6 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-13 --A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-14 --A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-15 --A limit-62 -m limit --limit 1/second -j LOG --A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-16 --A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-17 --A limit-64 -m recent --name limit-64 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-18 --A limit-65 -m recent --name limit-65 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-66 -m recent --name limit-66 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-67 -m recent --name limit-67 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-60 -m recent --name limit-60 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-61 -m recent --name limit-61 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-62 -m recent --name limit-62 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-63 -m recent --name limit-63 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-64 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-64 -j RETURN +-A limit-64 -m limit --limit 1/second -j LOG +-A limit-64 -j DROP +-A limit-65 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-65 -j RETURN +-A limit-65 -m limit --limit 1/second -j LOG +-A limit-65 -j DROP +-A limit-66 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-66 -j RETURN +-A limit-66 -m limit --limit 1/second -j LOG +-A limit-66 -j DROP +-A limit-67 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-67 -j RETURN +-A limit-67 -m limit --limit 1/second -j LOG +-A limit-67 -j DROP +-A limit-68 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-68 -j RETURN -A limit-68 -m limit --limit 1/second -j LOG --A limit-68 -m recent --name limit-68 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-69 -m recent --name limit-69 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-68 -j DROP +-A limit-69 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-69 -j RETURN +-A limit-69 -m limit --limit 1/second -j LOG +-A limit-69 -j DROP +-A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-8 -A limit-7 -m recent --name limit-7 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-70 -m recent --name limit-70 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-71 -m recent --name limit-71 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-72 -m recent --name limit-72 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-72 -m recent --name limit-72 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-73 -m recent --name limit-73 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-73 -m recent --name limit-73 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-74 -m recent --name limit-74 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-74 -m limit --limit 1/second -j LOG --A limit-74 -m recent --name limit-74 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-75 -m recent --name limit-75 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-75 -m recent --name limit-75 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-76 -m recent --name limit-76 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP --A limit-77 -m recent --name limit-77 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set --A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j ACCEPT --A limit-78 -m limit --limit 1/second -j LOG +-A limit-70 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-70 -j RETURN +-A limit-70 -m limit --limit 1/second -j LOG +-A limit-70 -j DROP +-A limit-71 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-71 -j RETURN +-A limit-71 -m limit --limit 1/second -j LOG +-A limit-71 -j DROP +-A limit-72 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-72 -j RETURN +-A limit-72 -j DROP +-A limit-73 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-73 -j RETURN +-A limit-73 -j DROP +-A limit-74 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-74 -j RETURN +-A limit-74 -j DROP +-A limit-75 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-75 -j RETURN +-A limit-75 -j DROP +-A limit-76 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-76 -j RETURN +-A limit-76 -j DROP +-A limit-77 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-77 -j RETURN +-A limit-77 -j DROP +-A limit-78 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-78 -j RETURN -A limit-78 -j DROP -A limit-79 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-79 -j RETURN --A limit-79 -m limit --limit 1/second -j LOG -A limit-79 -j DROP --A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-9 -A limit-8 -m limit --limit 1/second -j LOG -A limit-8 -m recent --name limit-8 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT --A limit-80 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-80 -j logaccept-3 --A limit-80 -m limit --limit 1/second -j LOG --A limit-80 -j DROP --A limit-81 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-81 -j ACCEPT --A limit-81 -m limit --limit 1/second -j LOG --A limit-81 -j DROP --A limit-82 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-82 -j ACCEPT --A limit-82 -j DROP --A limit-83 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-83 -j RETURN --A limit-83 -j DROP --A limit-84 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-84 -j logaccept-4 --A limit-84 -j DROP --A limit-85 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-85 -j ACCEPT --A limit-85 -j DROP --A limit-86 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-86 -j ACCEPT --A limit-86 -j DROP --A limit-87 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-87 -j RETURN --A limit-87 -j DROP --A limit-88 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-88 -j logaccept-5 --A limit-88 -j DROP --A limit-89 -m hashlimit --hashlimit-upto 30/second --hashlimit-burst 30 --hashlimit-mode srcip --hashlimit-srcmask 128 --hashlimit-name limit-89 -j ACCEPT --A limit-89 -j DROP --A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-25 +-A limit-80 -m recent --name limit-80 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-26 +-A limit-81 -m recent --name limit-81 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-27 +-A limit-82 -m limit --limit 1/second -j LOG +-A limit-82 -m recent --name limit-82 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-28 +-A limit-83 -m recent --name limit-83 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-29 +-A limit-84 -m recent --name limit-84 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-30 +-A limit-85 -m recent --name limit-85 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-31 +-A limit-86 -m recent --name limit-86 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-32 +-A limit-87 -m recent --name limit-87 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-33 +-A limit-88 -m limit --limit 1/second -j LOG +-A limit-88 -m recent --name limit-88 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-34 +-A limit-89 -m recent --name limit-89 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-10 -A limit-9 -m recent --name limit-9 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-35 +-A limit-90 -m recent --name limit-90 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j logdrop-36 +-A limit-91 -m recent --name limit-91 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-92 -m recent --name limit-92 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-93 -m recent --name limit-93 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-94 -m limit --limit 1/second -j LOG +-A limit-94 -m recent --name limit-94 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-95 -m recent --name limit-95 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -m limit --limit 1/second -j LOG +-A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-96 -m recent --name limit-96 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-97 -m recent --name limit-97 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set +-A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-98 -m recent --name limit-98 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -j ACCEPT +-A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --update --hitcount 1 --seconds 1 -j DROP +-A limit-99 -m recent --name limit-99 --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A logaccept-0 -m limit --limit 1/second -j LOG -A logaccept-0 -j ACCEPT -A logaccept-1 -m limit --limit 1/second -j LOG @@ -709,6 +919,10 @@ -A logaccept-5 -j ACCEPT -A logaccept-6 -m limit --limit 1/second -j LOG -A logaccept-6 -j ACCEPT +-A logaccept-7 -m limit --limit 1/second -j LOG +-A logaccept-7 -j ACCEPT +-A logaccept-8 -m limit --limit 1/second -j LOG +-A logaccept-8 -j ACCEPT -A logaccept-final-0 -m limit --limit 1/second -j LOG -A logaccept-final-0 -j ACCEPT -A logaccept-final-1 -m limit --limit 1/second -j LOG @@ -721,6 +935,10 @@ -A logaccept-final-4 -j ACCEPT -A logaccept-final-5 -m limit --limit 1/second -j LOG -A logaccept-final-5 -j ACCEPT +-A logaccept-final-6 -m limit --limit 1/second -j LOG +-A logaccept-final-6 -j ACCEPT +-A logaccept-final-7 -m limit --limit 1/second -j LOG +-A logaccept-final-7 -j ACCEPT -A logdrop-0 -m limit --limit 1/second -j LOG -A logdrop-0 -j DROP -A logdrop-1 -m limit --limit 1/second -j LOG @@ -749,8 +967,44 @@ -A logdrop-2 -j DROP -A logdrop-20 -m limit --limit 1/second -j LOG -A logdrop-20 -j DROP +-A logdrop-21 -m limit --limit 1/second -j LOG +-A logdrop-21 -j DROP +-A logdrop-22 -m limit --limit 1/second -j LOG +-A logdrop-22 -j DROP +-A logdrop-23 -m limit --limit 1/second -j LOG +-A logdrop-23 -j DROP +-A logdrop-24 -m limit --limit 1/second -j LOG +-A logdrop-24 -j DROP +-A logdrop-25 -m limit --limit 1/second -j LOG +-A logdrop-25 -j DROP +-A logdrop-26 -m limit --limit 1/second -j LOG +-A logdrop-26 -j DROP +-A logdrop-27 -m limit --limit 1/second -j LOG +-A logdrop-27 -j DROP +-A logdrop-28 -m limit --limit 1/second -j LOG +-A logdrop-28 -j DROP +-A logdrop-29 -m limit --limit 1/second -j LOG +-A logdrop-29 -j DROP -A logdrop-3 -m limit --limit 1/second -j LOG -A logdrop-3 -j DROP +-A logdrop-30 -m limit --limit 1/second -j LOG +-A logdrop-30 -j DROP +-A logdrop-31 -m limit --limit 1/second -j LOG +-A logdrop-31 -j DROP +-A logdrop-32 -m limit --limit 1/second -j LOG +-A logdrop-32 -j DROP +-A logdrop-33 -m limit --limit 1/second -j LOG +-A logdrop-33 -j DROP +-A logdrop-34 -m limit --limit 1/second -j LOG +-A logdrop-34 -j DROP +-A logdrop-35 -m limit --limit 1/second -j LOG +-A logdrop-35 -j DROP +-A logdrop-36 -m limit --limit 1/second -j LOG +-A logdrop-36 -j DROP +-A logdrop-37 -m limit --limit 1/second -j LOG +-A logdrop-37 -j DROP +-A logdrop-38 -m limit --limit 1/second -j LOG +-A logdrop-38 -j DROP -A logdrop-4 -m limit --limit 1/second -j LOG -A logdrop-4 -j DROP -A logdrop-5 -m limit --limit 1/second -j LOG @@ -803,6 +1057,12 @@ COMMIT -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack +-A OUTPUT -o eth0 -j CT --notrack -A OUTPUT -p tcp --dport 80 -j CT --notrack -A OUTPUT -p esp -j CT --notrack -A OUTPUT -p udp -m multiport --sports 500,4500 -j CT --notrack @@ -838,6 +1098,16 @@ COMMIT -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack +-A PREROUTING -m addrtype --dst-type LOCAL -i eth0 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p tcp --sport 80 -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p esp -j CT --notrack -A PREROUTING -m addrtype --dst-type LOCAL -p udp -m multiport --dports 500,4500 -j CT --notrack -- cgit v1.2.3