# rules6-save generated by awall
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT DROP [0:0]
:awall-FORWARD - [0:0]
:awall-INPUT - [0:0]
:awall-OUTPUT - [0:0]
:awall-icmp-routing - [0:0]
:awall-logaccept-0 - [0:0]
:awall-logaccept-1 - [0:0]
:awall-logaccept-2 - [0:0]
:awall-logaccept-3 - [0:0]
:awall-logdrop-0 - [0:0]
:awall-logdrop-1 - [0:0]
:awall-logdrop-2 - [0:0]
:awall-logdrop-3 - [0:0]
:awall-logdrop-4 - [0:0]
:awall-logpass-0 - [0:0]
:awall-logpass-1 - [0:0]
:awall-logpass-2 - [0:0]
-A FORWARD -j awall-FORWARD
-A INPUT -j awall-INPUT
-A OUTPUT -j awall-OUTPUT
-A awall-FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A awall-FORWARD -j ACCEPT
-A awall-FORWARD -j awall-logdrop-0
-A awall-FORWARD 
-A awall-FORWARD -j ACCEPT
-A awall-FORWARD -j DROP
-A awall-FORWARD 
-A awall-FORWARD -j awall-logaccept-0
-A awall-FORWARD -j awall-logdrop-1
-A awall-FORWARD -j awall-logpass-0
-A awall-FORWARD -j awall-logaccept-1
-A awall-FORWARD -j awall-logdrop-2
-A awall-FORWARD -j awall-logpass-1
-A awall-FORWARD -j awall-logaccept-2
-A awall-FORWARD -j awall-logdrop-3
-A awall-FORWARD -j awall-logpass-2
-A awall-FORWARD -j ACCEPT
-A awall-FORWARD -j DROP
-A awall-FORWARD 
-A awall-FORWARD -j awall-logaccept-3
-A awall-FORWARD -j awall-logdrop-4
-A awall-FORWARD -i eth0 -j ACCEPT
-A awall-FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A awall-FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
-A awall-FORWARD -i eth0 -o eth4 -j ACCEPT
-A awall-FORWARD -i eth0 -o eth5 -j ACCEPT
-A awall-FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
-A awall-FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
-A awall-FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
-A awall-FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
-A awall-FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
-A awall-FORWARD -i eth4 -o eth0 -j ACCEPT
-A awall-FORWARD -i eth5 -o eth0 -j ACCEPT
-A awall-FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
-A awall-FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
-A awall-FORWARD -i eth4 -o eth4 -j ACCEPT
-A awall-FORWARD -i eth4 -o eth5 -j ACCEPT
-A awall-FORWARD -i eth5 -o eth4 -j ACCEPT
-A awall-FORWARD -i eth5 -o eth5 -j ACCEPT
-A awall-FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
-A awall-FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
-A awall-FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
-A awall-FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
-A awall-FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
-A awall-FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A awall-FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A awall-FORWARD -p icmpv6 -j awall-icmp-routing
-A awall-INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A awall-INPUT -j TEE --gateway fc00::2
-A awall-INPUT -m limit --limit 1/second -j LOG
-A awall-INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A awall-INPUT -i lo -j ACCEPT
-A awall-INPUT -j ACCEPT
-A awall-INPUT -j awall-logdrop-0
-A awall-INPUT 
-A awall-INPUT -j ACCEPT
-A awall-INPUT -j DROP
-A awall-INPUT 
-A awall-INPUT -j awall-logaccept-0
-A awall-INPUT -j awall-logdrop-1
-A awall-INPUT -j awall-logpass-0
-A awall-INPUT -j awall-logaccept-1
-A awall-INPUT -j awall-logdrop-2
-A awall-INPUT -j awall-logpass-1
-A awall-INPUT -j awall-logaccept-2
-A awall-INPUT -j awall-logdrop-3
-A awall-INPUT -j awall-logpass-2
-A awall-INPUT -j ACCEPT
-A awall-INPUT -j DROP
-A awall-INPUT 
-A awall-INPUT -j awall-logaccept-3
-A awall-INPUT -j awall-logdrop-4
-A awall-INPUT -i eth0 -j ACCEPT
-A awall-INPUT -j ACCEPT
-A awall-INPUT -p icmpv6 -j ACCEPT
-A awall-OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A awall-OUTPUT -o lo -j ACCEPT
-A awall-OUTPUT -j ACCEPT
-A awall-OUTPUT -j awall-logdrop-0
-A awall-OUTPUT 
-A awall-OUTPUT -j ACCEPT
-A awall-OUTPUT -j DROP
-A awall-OUTPUT 
-A awall-OUTPUT -j awall-logaccept-0
-A awall-OUTPUT -j awall-logdrop-1
-A awall-OUTPUT -j awall-logpass-0
-A awall-OUTPUT -j awall-logaccept-1
-A awall-OUTPUT -j awall-logdrop-2
-A awall-OUTPUT -j awall-logpass-1
-A awall-OUTPUT -j awall-logaccept-2
-A awall-OUTPUT -j awall-logdrop-3
-A awall-OUTPUT -j awall-logpass-2
-A awall-OUTPUT -j ACCEPT
-A awall-OUTPUT -j DROP
-A awall-OUTPUT 
-A awall-OUTPUT -j awall-logaccept-3
-A awall-OUTPUT -j awall-logdrop-4
-A awall-OUTPUT -j ACCEPT
-A awall-OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
-A awall-OUTPUT -p icmpv6 -j ACCEPT
-A awall-icmp-routing -p icmpv6 --icmpv6-type 1 -j ACCEPT
-A awall-icmp-routing -p icmpv6 --icmpv6-type 2 -j ACCEPT
-A awall-icmp-routing -p icmpv6 --icmpv6-type 3 -j ACCEPT
-A awall-icmp-routing -p icmpv6 --icmpv6-type 4 -j ACCEPT
-A awall-logaccept-0 -m limit --limit 1/second -j LOG
-A awall-logaccept-0 -j ACCEPT
-A awall-logaccept-1 -j LOG
-A awall-logaccept-1 -j TEE --gateway fc00::1
-A awall-logaccept-1 -j ACCEPT
-A awall-logaccept-2 -j TEE --gateway fc00::2
-A awall-logaccept-2 -j ACCEPT
-A awall-logaccept-3 -j ACCEPT
-A awall-logdrop-0 -m limit --limit 1/second -j LOG
-A awall-logdrop-0 -j DROP
-A awall-logdrop-1 -m limit --limit 1/second -j LOG
-A awall-logdrop-1 -j DROP
-A awall-logdrop-2 -j LOG
-A awall-logdrop-2 -j TEE --gateway fc00::1
-A awall-logdrop-2 -j DROP
-A awall-logdrop-3 -j TEE --gateway fc00::2
-A awall-logdrop-3 -j DROP
-A awall-logdrop-4 -j DROP
-A awall-logpass-0 -m limit --limit 1/second -j LOG
-A awall-logpass-1 -j LOG
-A awall-logpass-1 -j TEE --gateway fc00::1
-A awall-logpass-2 -j TEE --gateway fc00::2
COMMIT
*mangle
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:awall-INPUT - [0:0]
:awall-OUTPUT - [0:0]
:awall-POSTROUTING - [0:0]
:awall-PREROUTING - [0:0]
-A INPUT -j awall-INPUT
-A OUTPUT -j awall-OUTPUT
-A POSTROUTING -j awall-POSTROUTING
-A PREROUTING -j awall-PREROUTING
-A awall-INPUT -j MARK --set-mark 3
-A awall-OUTPUT -j MARK --set-mark 1
-A awall-POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 3
-A awall-PREROUTING -i eth0 -j MARK --set-mark 1
COMMIT
*raw
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:awall-OUTPUT - [0:0]
:awall-PREROUTING - [0:0]
-A OUTPUT -j awall-OUTPUT
-A PREROUTING -j awall-PREROUTING
-A awall-OUTPUT -j CT --notrack
-A awall-PREROUTING -i eth0 -j CT --notrack
-A awall-PREROUTING -i eth1 -s fc00::/7 -j CT --notrack
-A awall-PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
COMMIT