Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 374632 Details for
Bug 506882
net-firewall/shorewall with kernel 3.13, 3.14 - panic in ipt_do_table in [ip_tables]
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
iptables
iptables.txt (text/plain), 13.30 KB, created by
Reuben Martin
on 2014-04-09 23:24:03 UTC
(
hide
)
Description:
iptables
Filename:
MIME Type:
Creator:
Reuben Martin
Created:
2014-04-09 23:24:03 UTC
Size:
13.30 KB
patch
obsolete
>Chain INPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 2850 3064K lan2fw all -- enp7s0 * 0.0.0.0/0 0.0.0.0/0 > 5 196 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 > 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Shorewall:INPUT:REJECT:" > 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] > >Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Shorewall:FORWARD:REJECT:" > 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] > >Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 2325 270K fw2lan all -- * enp7s0 0.0.0.0/0 0.0.0.0/0 > 5 196 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 > 15 2055 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Shorewall:OUTPUT:REJECT:" > 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] > >Chain @fw2lan (1 references) > pkts bytes target prot opt in out source destination > 79 4740 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 6/sec burst 15 > 13 780 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 > >Chain @lan2fw (1 references) > pkts bytes target prot opt in out source destination > 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 15 > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 4 prefix "Shorewall:lan2fw:DROP:" > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 > >Chain Broadcast (1 references) > pkts bytes target prot opt in out source destination > 15 2055 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST > >Chain Limit (1 references) > pkts bytes target prot opt in out source destination > 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: SSH side: source mask: 255.255.255.255 > 0 0 Limit% all -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 600 hit_count: 6 name: SSH side: source mask: 255.255.255.255 > 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 > >Chain Limit% (1 references) > pkts bytes target prot opt in out source destination > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Shorewall:SSH:DROP:" > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 > >Chain Reject (4 references) > pkts bytes target prot opt in out source destination > 15 2055 all -- * * 0.0.0.0/0 0.0.0.0/0 > 15 2055 Broadcast all -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */ > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 /* Needed ICMP types */ > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID > 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 /* SMB */ > 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 /* SMB */ > 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMB */ > 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 /* SMB */ > 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* UPnP */ > 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 > 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 /* Late DNS Replies */ > >Chain dynamic (1 references) > pkts bytes target prot opt in out source destination > >Chain fw2lan (1 references) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 > 2030 229K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED > 92 5520 @fw2lan tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.0/24 multiport dports 135,445 /* SMBBI */ > 4 801 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.0/24 udp dpts:137:139 /* SMBBI */ > 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.0/24 udp spt:137 dpts:1024:65535 /* SMBBI */ > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.0/24 multiport dports 135,139,445 /* SMBBI */ > 44 23691 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 /* mDNSbi */ > 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:5353 dpts:1024:65535 /* mDNSbi */ > 3 96 ACCEPT 2 -- * * 0.0.0.0/0 224.0.0.251 /* mDNSbi */ > 0 0 ACCEPT udp -- * * 224.0.0.0/4 0.0.0.0/0 > 0 0 ACCEPT 2 -- * * 224.0.0.0/4 0.0.0.0/0 > 0 0 ACCEPT udplite-- * * 224.0.0.0/4 0.0.0.0/0 > 231 16216 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 > >Chain lan2fw (1 references) > pkts bytes target prot opt in out source destination > 69 26953 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW,UNTRACKED > 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 > 2628 3015K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 > 139 20184 ACCEPT udp -- enp7s0 * 192.168.1.1 0.0.0.0/0 > 2644 3017K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED > 0 0 @lan2fw tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 > 0 0 ACCEPT udp -- * * 192.168.1.0/24 0.0.0.0/0 multiport dports 135,445 /* SMBBI */ > 4 801 ACCEPT udp -- * * 192.168.1.0/24 0.0.0.0/0 udp dpts:137:139 /* SMBBI */ > 0 0 ACCEPT udp -- * * 192.168.1.0/24 0.0.0.0/0 udp spt:137 dpts:1024:65535 /* SMBBI */ > 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 multiport dports 135,139,445 /* SMBBI */ > 0 0 ACCEPT icmp -- * * 192.168.1.0/24 0.0.0.0/0 icmptype 8 /* Ping */ > 0 0 ACCEPT icmp -- * * 192.168.1.0/24 0.0.0.0/0 icmptype 3 code 4 /* Needed ICMP types */ > 0 0 ACCEPT icmp -- * * 192.168.1.0/24 0.0.0.0/0 icmptype 11 /* Needed ICMP types */ > 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:9418 /* Git */ > 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpts:1024:65535 > 57 25490 ACCEPT udp -- * * 192.168.1.0/24 0.0.0.0/0 udp dpts:1024:65535 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 /* mDNSbi */ > 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:5353 dpts:1024:65535 /* mDNSbi */ > 3 96 ACCEPT 2 -- * * 0.0.0.0/0 224.0.0.251 /* mDNSbi */ > 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.0/4 > 3 96 ACCEPT 2 -- * * 0.0.0.0/0 224.0.0.0/4 > 0 0 ACCEPT udplite-- * * 0.0.0.0/0 224.0.0.0/4 > 0 0 ~log0 all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] -m geoip ! --source-country US,CA > 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 /* DNS */ > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 /* DNS */ > 0 0 Limit tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 > 0 0 RETURN all -- * * 0.0.0.0/0 224.0.0.0/4 > 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Shorewall:lan2fw:REJECT:" > 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto] > >Chain logdrop (0 references) > pkts bytes target prot opt in out source destination > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 > >Chain logflags (5 references) > pkts bytes target prot opt in out source destination > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:" > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 > >Chain logreject (0 references) > pkts bytes target prot opt in out source destination > 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 > >Chain reject (9 references) > pkts bytes target prot opt in out source destination > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST > 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 > 0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset > 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable > 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable > 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited > >Chain shorewall (0 references) > pkts bytes target prot opt in out source destination > 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255 > >Chain tcpflags (1 references) > pkts bytes target prot opt in out source destination > 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x29 > 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x00 > 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x06/0x06 > 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x03/0x03 > 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02 > >Chain ~log0 (1 references) > pkts bytes target prot opt in out source destination > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Shorewall:lan2fw:DROP:" > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=374632">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 506882
:
374358
|
374442
|
374444
|
374446
|
374448
| 374632 |
374634
|
374636
|
374638
|
374640
