API tools faq
paste
Advertisement
Guest User

SuSEfirewall2 status output for config of masquerading

a guest
Apr 24th, 2013
117
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.05 KB | None | 0 0
raw download clone embed print report
  1. ### iptables filter ###
  2. Chain INPUT (policy DROP 0 packets, 0 bytes)
  3. pkts bytes target prot opt in out source destination
  4. 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
  5. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED
  6. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
  7. 0 0 input_int all -- eth1 * 0.0.0.0/0 0.0.0.0/0
  8. 1 28 input_ext all -- * * 0.0.0.0/0 0.0.0.0/0
  9. 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET "
  10. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
  11.  
  12. Chain FORWARD (policy DROP 0 packets, 0 bytes)
  13. pkts bytes target prot opt in out source destination
  14. 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
  15. 3 252 forward_int all -- eth1 * 0.0.0.0/0 0.0.0.0/0
  16. 3 252 forward_ext all -- eth0 * 0.0.0.0/0 0.0.0.0/0
  17. 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWD-ILL-ROUTING "
  18. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
  19.  
  20. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  21. pkts bytes target prot opt in out source destination
  22. 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
  23.  
  24. Chain forward_ext (1 references)
  25. pkts bytes target prot opt in out source destination
  26. 3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 0
  27. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 3
  28. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 11
  29. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 12
  30. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 14
  31. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 18
  32. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 3 code 2
  33. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 5
  34. 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
  35. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
  36. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
  37. 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-FWDext-DROP-DEFLT "
  38. 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWDext-DROP-DEFLT "
  39. 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-FWDext-DROP-DEFLT "
  40. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
  41.  
  42. Chain forward_int (1 references)
  43. pkts bytes target prot opt in out source destination
  44. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 0
  45. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 3
  46. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 11
  47. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 12
  48. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 14
  49. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 18
  50. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 3 code 2
  51. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED icmptype 5
  52. 3 252 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 ctstate NEW,RELATED,ESTABLISHED
  53. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
  54. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
  55. 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-FWDint-DROP-DEFLT "
  56. 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWDint-DROP-DEFLT "
  57. 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-FWDint-DROP-DEFLT "
  58. 0 0 reject_func all -- * * 0.0.0.0/0 0.0.0.0/0
  59.  
  60. Chain input_ext (1 references)
  61. pkts bytes target prot opt in out source destination
  62. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
  63. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
  64. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
  65. 0 0 reject_func tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 ctstate NEW
  66. 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:443 flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP "
  67. 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
  68. 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:80 flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP "
  69. 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
  70. 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP "
  71. 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
  72. 1 28 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
  73. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
  74. 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
  75. 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
  76. 0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
  77. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
  78.  
  79. Chain input_int (1 references)
  80. pkts bytes target prot opt in out source destination
  81. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
  82.  
  83. Chain reject_func (2 references)
  84. pkts bytes target prot opt in out source destination
  85. 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
  86. 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
  87. 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
  88.  
  89. ### iptables nat ###
  90. Chain PREROUTING (policy ACCEPT 2 packets, 112 bytes)
  91. pkts bytes target prot opt in out source destination
  92.  
  93. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  94. pkts bytes target prot opt in out source destination
  95.  
  96. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  97. pkts bytes target prot opt in out source destination
  98.  
  99. Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
  100. pkts bytes target prot opt in out source destination
  101. 1 84 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
  102.  
  103. ### iptables raw ###
  104. Chain PREROUTING (policy ACCEPT 7 packets, 532 bytes)
  105. pkts bytes target prot opt in out source destination
  106. 0 0 CT all -- lo * 0.0.0.0/0 0.0.0.0/0 CT notrack
  107.  
  108. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  109. pkts bytes target prot opt in out source destination
  110. 0 0 CT all -- * lo 0.0.0.0/0 0.0.0.0/0 CT notrack
  111.  
  112. ### ip6tables filter ###
  113. Chain INPUT (policy DROP 0 packets, 0 bytes)
  114. pkts bytes target prot opt in out source destination
  115. 0 0 ACCEPT all lo * ::/0 ::/0
  116. 0 0 ACCEPT all * * ::/0 ::/0 ctstate ESTABLISHED
  117. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED
  118. 0 0 input_int all eth1 * ::/0 ::/0
  119. 0 0 input_ext all * * ::/0 ::/0
  120. 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET "
  121. 0 0 DROP all * * ::/0 ::/0
  122.  
  123. Chain FORWARD (policy DROP 0 packets, 0 bytes)
  124. pkts bytes target prot opt in out source destination
  125. 0 0 forward_int all eth1 * ::/0 ::/0
  126. 0 0 forward_ext all eth0 * ::/0 ::/0
  127. 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWD-ILL-ROUTING "
  128. 0 0 DROP all * * ::/0 ::/0
  129.  
  130. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  131. pkts bytes target prot opt in out source destination
  132. 0 0 ACCEPT all * lo ::/0 ::/0
  133. 0 0 ACCEPT icmpv6 * * ::/0 ::/0
  134.  
  135. Chain forward_ext (1 references)
  136. pkts bytes target prot opt in out source destination
  137. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 129
  138. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 1
  139. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 2
  140. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 3
  141. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 4
  142. 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-FWDext-DROP-DEFLT "
  143. 0 0 LOG icmpv6 * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWDext-DROP-DEFLT "
  144. 0 0 LOG udp * * ::/0 ::/0 limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-FWDext-DROP-DEFLT "
  145. 0 0 DROP all * * ::/0 ::/0
  146.  
  147. Chain forward_int (1 references)
  148. pkts bytes target prot opt in out source destination
  149. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 129
  150. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 1
  151. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 2
  152. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 3
  153. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED,ESTABLISHED ipv6-icmptype 4
  154. 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-FWDint-DROP-DEFLT "
  155. 0 0 LOG icmpv6 * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWDint-DROP-DEFLT "
  156. 0 0 LOG udp * * ::/0 ::/0 limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-FWDint-DROP-DEFLT "
  157. 0 0 reject_func all * * ::/0 ::/0
  158.  
  159. Chain input_ext (1 references)
  160. pkts bytes target prot opt in out source destination
  161. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128
  162. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133
  163. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134
  164. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135
  165. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136
  166. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137
  167. 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 130
  168. 0 0 reject_func tcp * * ::/0 ::/0 tcp dpt:113 ctstate NEW
  169. 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:443 flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP "
  170. 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:443
  171. 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:80 flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP "
  172. 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:80
  173. 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP "
  174. 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:22
  175. 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
  176. 0 0 LOG icmpv6 * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
  177. 0 0 LOG udp * * ::/0 ::/0 limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
  178. 0 0 DROP all * * ::/0 ::/0
  179.  
  180. Chain input_int (1 references)
  181. pkts bytes target prot opt in out source destination
  182. 0 0 ACCEPT all * * ::/0 ::/0
  183.  
  184. Chain reject_func (2 references)
  185. pkts bytes target prot opt in out source destination
  186. 0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset
  187. 0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable
  188. 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-addr-unreachable
  189. 0 0 DROP all * * ::/0 ::/0
  190.  
  191. ### ip6tables mangle ###
  192. Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
  193. pkts bytes target prot opt in out source destination
  194.  
  195. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  196. pkts bytes target prot opt in out source destination
  197.  
  198. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  199. pkts bytes target prot opt in out source destination
  200.  
  201. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  202. pkts bytes target prot opt in out source destination
  203.  
  204. Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
  205. pkts bytes target prot opt in out source destination
  206.  
  207. ### ip6tables raw ###
  208. Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
  209. pkts bytes target prot opt in out source destination
  210. 0 0 CT all lo * ::/0 ::/0 CT notrack
  211.  
  212. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  213. pkts bytes target prot opt in out source destination
  214. 0 0 CT all * lo ::/0 ::/0 CT notrack
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!