Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 41 23243 lan2fw all enp7s0 * ::/0 ::/0 0 0 ACCEPT all lo * ::/0 ::/0 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 4 prefix "Shorewall:INPUT:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 4 prefix "Shorewall:FORWARD:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 40 23107 fw2lan all * enp7s0 ::/0 ::/0 0 0 ACCEPT all * lo ::/0 ::/0 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 4 prefix "Shorewall:OUTPUT:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain @fw2lan (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all * * ::/0 ::/0 limit: avg 6/sec burst 15 0 0 DROP all * * ::/0 ::/0 Chain @lan2fw (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all * * ::/0 ::/0 limit: avg 10/sec burst 15 0 0 LOG all * * ::/0 ::/0 limit: avg 5/min burst 5 LOG flags 0 level 4 prefix "Shorewall:lan2fw:DROP:" 0 0 DROP all * * ::/0 ::/0 Chain AllowICMPs (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 /* Needed ICMP types (RFC4890) */ 1 136 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 141 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 151 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 152 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 153 /* Needed ICMP types (RFC4890) */ Chain Broadcast (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ::/0 ff00::/8 Chain Reject (4 references) pkts bytes target prot opt in out source destination 0 0 reject tcp * * ::/0 ::/0 tcp dpt:113 /* Auth */ 0 0 AllowICMPs icmpv6 * * ::/0 ::/0 0 0 Broadcast all * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 ctstate INVALID 0 0 reject udp * * ::/0 ::/0 multiport dports 135,445 /* SMB */ 0 0 reject udp * * ::/0 ::/0 udp dpts:137:139 /* SMB */ 0 0 reject udp * * ::/0 ::/0 udp spt:137 dpts:1024:65535 /* SMB */ 0 0 reject tcp * * ::/0 ::/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP tcp * * ::/0 ::/0 tcp flags:!0x17/0x02 0 0 DROP udp * * ::/0 ::/0 udp spt:53 /* Late DNS Replies */ Chain dynamic (1 references) pkts bytes target prot opt in out source destination Chain fw2lan (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED 0 0 @fw2lan tcp * * ::/0 ::/0 tcp flags:0x17/0x02 40 23107 ACCEPT udp * * ::/0 ff02::fb udp dpt:5353 /* mDNS */ 0 0 ACCEPT 2 * * ::/0 ff02::fb /* mDNS */ 0 0 ACCEPT all * * ::/0 ::/0 Chain lan2fw (1 references) pkts bytes target prot opt in out source destination 41 23243 dynamic all * * ::/0 ::/0 ctstate INVALID,NEW,UNTRACKED 0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED 0 0 @lan2fw tcp * * ::/0 ::/0 tcp flags:0x17/0x02 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:53 /* DNS */ 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:53 /* DNS */ 40 23107 ACCEPT udp * * ::/0 ff02::fb udp dpt:5353 /* mDNS */ 0 0 ACCEPT udp * * ::/0 ::/0 udp spt:5353 dpts:32768:65535 /* mDNS */ 0 0 ACCEPT 2 * * ::/0 ff02::fb /* mDNS */ 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:22 limit: up to 3/min burst 5 mode srcip /* SSH */ 0 0 ACCEPT udp * * fe80::/10 ::/0 multiport dports 135,445 /* SMB */ 0 0 ACCEPT udp * * fe80::/10 ::/0 udp dpts:137:139 /* SMB */ 0 0 ACCEPT udp * * fe80::/10 ::/0 udp spt:137 dpts:1024:65535 /* SMB */ 0 0 ACCEPT tcp * * fe80::/10 ::/0 multiport dports 135,139,445 /* SMB */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 128 /* Ping */ 1 136 AllowICMPs all * * fe80::/10 ::/0 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 4 prefix "Shorewall:lan2fw:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain logdrop (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ::/0 ::/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 reject all * * ::/0 ::/0 Chain reject (10 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ff00::/8 ::/0 0 0 DROP 2 * * ::/0 ::/0 0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset 0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable 0 0 REJECT icmpv6 * * ::/0 ::/0 reject-with icmp6-addr-unreachable 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited Chain shorewall (0 references) pkts bytes target prot opt in out source destination 0 0 all * * ::/0 ::/0 recent: SET name: %CURRENTTIME side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff