Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Phase: 1
- Type: ACCESS-LIST
- Subtype:
- Result: ALLOW
- Config:
- Implicit Rule
- Additional Information:
- Forward Flow based lookup yields rule:
- in id=0x7eff5f6e3390, priority=1, domain=permit, deny=false
- hits=490830227, user_data=0x0, cs_id=0x0, l3_type=0x8
- src mac=0000.0000.0000, mask=0000.0000.0000
- dst mac=0000.0000.0000, mask=0100.0000.0000
- input_ifc=LAN, output_ifc=any
- Phase: 2
- Type: ROUTE-LOOKUP
- Subtype: Resolve Egress Interface
- Result: ALLOW
- Config:
- Additional Information:
- found next-hop 192.168.130.58 using egress ifc v130
- Phase: 3
- Type: ACCESS-LIST
- Subtype: log
- Result: ALLOW
- Config:
- access-group LAN_IN in interface LAN
- access-list LAN_IN extended permit tcp any4 any4 eq ssh
- Additional Information:
- Forward Flow based lookup yields rule:
- in id=0x7eff60af8900, priority=13, domain=permit, deny=false
- hits=671, user_data=0x7eff55265980, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=22, tag=any, dscp=0x0
- input_ifc=LAN, output_ifc=any
- Phase: 4
- Type: NAT
- Subtype: per-session
- Result: ALLOW
- Config:
- Additional Information:
- Forward Flow based lookup yields rule:
- in id=0x7eff50a75d40, priority=1, domain=nat-per-session, deny=true
- hits=2082080, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=any, output_ifc=any
- Phase: 5
- Type: IP-OPTIONS
- Subtype:
- Result: ALLOW
- Config:
- Additional Information:
- Forward Flow based lookup yields rule:
- in id=0x7eff5f6ec530, priority=0, domain=inspect-ip-options, deny=true
- hits=1589653, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=LAN, output_ifc=any
- Phase: 6
- Type:
- Subtype:
- Result: ALLOW
- Config:
- Additional Information:
- Forward Flow based lookup yields rule:
- in id=0x7eff61409560, priority=13, domain=dynamic-filter, deny=false
- hits=732111, user_data=0x7eff614093e0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=LAN, output_ifc=any
- Phase: 7
- Type:
- Subtype:
- Result: ALLOW
- Config:
- Additional Information:
- Forward Flow based lookup yields rule:
- in id=0x7eff61417240, priority=12, domain=UNKNOWN:65, deny=false
- hits=732111, user_data=0x7eff614171e0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=LAN, output_ifc=any
- Phase: 8
- Type:
- Subtype:
- Result: ALLOW
- Config:
- Additional Information:
- Forward Flow based lookup yields rule:
- out id=0x7eff6140b710, priority=13, domain=dynamic-filter, deny=false
- hits=1256, user_data=0x7eff6140b1b0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=any, output_ifc=v130
- Phase: 9
- Type:
- Subtype:
- Result: ALLOW
- Config:
- Additional Information:
- Forward Flow based lookup yields rule:
- out id=0x7eff61419030, priority=12, domain=UNKNOWN:65, deny=false
- hits=1256, user_data=0x7eff61418bf0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=any, output_ifc=v130
- Phase: 10
- Type: NAT
- Subtype: per-session
- Result: ALLOW
- Config:
- Additional Information:
- Reverse Flow based lookup yields rule:
- in id=0x7eff50a75d40, priority=1, domain=nat-per-session, deny=true
- hits=2082082, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=any, output_ifc=any
- Phase: 11
- Type: IP-OPTIONS
- Subtype:
- Result: ALLOW
- Config:
- Additional Information:
- Reverse Flow based lookup yields rule:
- in id=0x7eff5f860740, priority=0, domain=inspect-ip-options, deny=true
- hits=883448, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
- src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=v130, output_ifc=any
- Phase: 12
- Type: FLOW-CREATION
- Subtype:
- Result: ALLOW
- Config:
- Additional Information:
- New flow created with id 35135195, packet dispatched to next module
- Module information for forward flow ...
- snp_fp_tracer_drop
- snp_fp_inspect_ip_options
- snp_fp_tcp_normalizer
- snp_fp_translate
- snp_fp_adjacency
- snp_fp_fragment
- snp_ifc_stat
- Module information for reverse flow ...
- snp_fp_tracer_drop
- snp_fp_inspect_ip_options
- snp_fp_translate
- snp_fp_tcp_normalizer
- snp_fp_adjacency
- snp_fp_fragment
- snp_ifc_stat
- Result:
- input-interface: LAN
- input-status: up
- input-line-status: up
- output-interface: v130
- output-status: up
- output-line-status: up
- Action: allow
Add Comment
Please, Sign In to add comment