localhost dem # iptables --listChain INPUT (policy DROP)target prot opt

1. localhost dem # iptables --list
2. Chain INPUT (policy DROP)
3. target prot opt source destination
4. dynamic all -- anywhere anywhere ctstate INVALID,NEW
5. net2fw all -- anywhere anywhere
6. loc2fw all -- anywhere anywhere
7. ACCEPT all -- anywhere anywhere
8. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
9. Reject all -- anywhere anywhere
10. LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
11. reject all -- anywhere anywhere [goto]
12.  
13. Chain FORWARD (policy DROP)
14. target prot opt source destination
15. dynamic all -- anywhere anywhere ctstate INVALID,NEW
16. net2loc all -- anywhere anywhere
17. loc2net all -- anywhere anywhere
18. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
19. Reject all -- anywhere anywhere
20. LOG all -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
21. reject all -- anywhere anywhere [goto]
22.  
23. Chain OUTPUT (policy DROP)
24. target prot opt source destination
25. fw2net all -- anywhere anywhere
26. fw2loc all -- anywhere anywhere
27. ACCEPT all -- anywhere anywhere
28. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
29. Reject all -- anywhere anywhere
30. LOG all -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
31. reject all -- anywhere anywhere [goto]
32.  
33. Chain Drop (0 references)
34. target prot opt source destination
35. all -- anywhere anywhere
36. reject tcp -- anywhere anywhere tcp dpt:auth
37. dropBcast all -- anywhere anywhere
38. ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
39. ACCEPT icmp -- anywhere anywhere icmp time-exceeded
40. dropInvalid all -- anywhere anywhere
41. DROP udp -- anywhere anywhere multiport dports epmap,microsoft-ds
42. DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
43. DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
44. DROP tcp -- anywhere anywhere multiport dports epmap,netbios-ssn,microsoft-ds
45. DROP udp -- anywhere anywhere udp dpt:1900
46. dropNotSyn tcp -- anywhere anywhere
47. DROP udp -- anywhere anywhere udp spt:domain
48.  
49. Chain Reject (6 references)
50. target prot opt source destination
51. all -- anywhere anywhere
52. reject tcp -- anywhere anywhere tcp dpt:auth
53. dropBcast all -- anywhere anywhere
54. ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
55. ACCEPT icmp -- anywhere anywhere icmp time-exceeded
56. dropInvalid all -- anywhere anywhere
57. reject udp -- anywhere anywhere multiport dports epmap,microsoft-ds
58. reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
59. reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
60. reject tcp -- anywhere anywhere multiport dports epmap,netbios-ssn,microsoft-ds
61. DROP udp -- anywhere anywhere udp dpt:1900
62. dropNotSyn tcp -- anywhere anywhere
63. DROP udp -- anywhere anywhere udp spt:domain
64.  
65. Chain dropBcast (2 references)
66. target prot opt source destination
67. DROP all -- anywhere 172.16.255.255
68. DROP all -- anywhere 192.168.1.255
69. DROP all -- anywhere 255.255.255.255
70. DROP all -- anywhere base-address.mcast.net/4
71.  
72. Chain dropInvalid (2 references)
73. target prot opt source destination
74. DROP all -- anywhere anywhere ctstate INVALID
75.  
76. Chain dropNotSyn (2 references)
77. target prot opt source destination
78. DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
79.  
80. Chain dynamic (2 references)
81. target prot opt source destination
82.  
83. Chain fw2loc (1 references)
84. target prot opt source destination
85. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
86. ACCEPT all -- anywhere anywhere
87.  
88. Chain fw2net (1 references)
89. target prot opt source destination
90. ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
91. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
92. ACCEPT all -- anywhere anywhere
93.  
94. Chain loc2fw (1 references)
95. target prot opt source destination
96. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
97. Reject all -- anywhere anywhere
98. LOG all -- anywhere anywhere LOG level info prefix `Shorewall:loc2fw:REJECT:'
99. reject all -- anywhere anywhere [goto]
100.  
101. Chain loc2net (1 references)
102. target prot opt source destination
103. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
104. ACCEPT all -- anywhere anywhere
105.  
106. Chain logdrop (0 references)
107. target prot opt source destination
108. DROP all -- anywhere anywhere
109.  
110. Chain logreject (0 references)
111. target prot opt source destination
112. reject all -- anywhere anywhere
113.  
114. Chain net2fw (1 references)
115. target prot opt source destination
116. ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
117. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
118. Reject all -- anywhere anywhere
119. LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2fw:REJECT:'
120. reject all -- anywhere anywhere [goto]
121.  
122. Chain net2loc (1 references)
123. target prot opt source destination
124. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
125. Reject all -- anywhere anywhere
126. LOG all -- anywhere anywhere LOG level info prefix `Shorewall:net2loc:REJECT:'
127. reject all -- anywhere anywhere [goto]
128.  
129. Chain reject (13 references)
130. target prot opt source destination
131. DROP all -- anywhere 172.16.255.255
132. DROP all -- anywhere 192.168.1.255
133. DROP all -- anywhere 255.255.255.255
134. DROP all -- base-address.mcast.net/4 anywhere
135. DROP igmp -- anywhere anywhere
136. REJECT tcp -- anywhere anywhere reject-with tcp-reset
137. REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
138. REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
139. REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
140.  
141. Chain shorewall (0 references)
142. target prot opt source destination