Chain INPUT (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere ppp0_in 0 -- anywhere anywhere eth0_in 0 -- anywhere anywhere Reject 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject 0 -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ppp0_fwd 0 -- anywhere anywhere eth0_fwd 0 -- anywhere anywhere Reject 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:' reject 0 -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc fw2net 0 -- anywhere anywhere policy match dir out pol none fw2loc 0 -- anywhere 192.168.1.0/24 policy match dir out pol none fw2loc 0 -- anywhere 255.255.255.255 fw2loc 0 -- anywhere BASE-ADDRESS.MCAST.NET/4 ACCEPT 0 -- anywhere anywhere Chain Drop (3 references) target prot opt source destination reject tcp -- anywhere anywhere tcp dpt:auth dropBcast 0 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed ACCEPT icmp -- anywhere anywhere icmp time-exceeded dropInvalid 0 -- anywhere anywhere DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds DROP udp -- anywhere anywhere udp dpt:1900 dropNotSyn tcp -- anywhere anywhere DROP udp -- anywhere anywhere udp spt:domain Chain Reject (4 references) target prot opt source destination reject tcp -- anywhere anywhere tcp dpt:auth dropBcast 0 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed ACCEPT icmp -- anywhere anywhere icmp time-exceeded dropInvalid 0 -- anywhere anywhere reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds DROP udp -- anywhere anywhere udp dpt:1900 dropNotSyn tcp -- anywhere anywhere DROP udp -- anywhere anywhere udp spt:domain Chain all2all (0 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED Reject 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:' reject 0 -- anywhere anywhere Chain dropBcast (2 references) target prot opt source destination DROP 0 -- anywhere anywhere PKTTYPE = broadcast DROP 0 -- anywhere anywhere PKTTYPE = multicast Chain dropInvalid (2 references) target prot opt source destination DROP 0 -- anywhere anywhere state INVALID Chain dropNotSyn (2 references) target prot opt source destination DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN Chain dynamic (4 references) target prot opt source destination Chain eth0_fwd (1 references) target prot opt source destination dynamic 0 -- anywhere anywhere state INVALID,NEW smurfs 0 -- anywhere anywhere state INVALID,NEW policy match dir in pol none tcpflags tcp -- anywhere anywhere policy match dir in pol none loc2net 0 -- 192.168.1.0/24 anywhere policy match dir out pol none Chain eth0_in (1 references) target prot opt source destination dynamic 0 -- anywhere anywhere state INVALID,NEW smurfs 0 -- anywhere anywhere state INVALID,NEW policy match dir in pol none tcpflags tcp -- anywhere anywhere policy match dir in pol none loc2fw 0 -- 192.168.1.0/24 anywhere policy match dir in pol none Chain fw2all (2 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT 0 -- anywhere anywhere Chain fw2loc (3 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere fw2all 0 -- anywhere anywhere Chain fw2net (1 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT icmp -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpt:ntp fw2all 0 -- anywhere anywhere Chain loc2all (0 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED Reject 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:loc2all:REJECT:' reject 0 -- anywhere anywhere Chain loc2fw (1 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT 0 -- anywhere anywhere Chain loc2net (1 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT 0 -- anywhere anywhere Chain logdrop (0 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdrop:DROP:' DROP 0 -- anywhere anywhere Chain logflags (5 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logflags:DROP:' DROP 0 -- anywhere anywhere Chain logreject (0 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:' reject 0 -- anywhere anywhere Chain net2all (0 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED Drop 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:' DROP 0 -- anywhere anywhere Chain net2fw (1 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED reject icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:8436 ACCEPT tcp -- anywhere anywhere tcp dpt:6881 Drop 0 -- anywhere anywhere DROP 0 -- anywhere anywhere Chain net2loc (1 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED Drop 0 -- anywhere anywhere DROP 0 -- anywhere anywhere Chain norfc1918 (2 references) target prot opt source destination rfc1918 0 -- 172.16.0.0/12 anywhere rfc1918 0 -- anywhere anywhere ctorigdst 172.16.0.0/12 rfc1918 0 -- 192.168.0.0/16 anywhere rfc1918 0 -- anywhere anywhere ctorigdst 192.168.0.0/16 rfc1918 0 -- 10.0.0.0/8 anywhere rfc1918 0 -- anywhere anywhere ctorigdst 10.0.0.0/8 Chain ppp0_fwd (1 references) target prot opt source destination dynamic 0 -- anywhere anywhere state INVALID,NEW smurfs 0 -- anywhere anywhere state INVALID,NEW policy match dir in pol none norfc1918 0 -- anywhere anywhere state NEW policy match dir in pol none tcpflags tcp -- anywhere anywhere policy match dir in pol none net2loc 0 -- anywhere 192.168.1.0/24 policy match dir out pol none Chain ppp0_in (1 references) target prot opt source destination dynamic 0 -- anywhere anywhere state INVALID,NEW smurfs 0 -- anywhere anywhere state INVALID,NEW policy match dir in pol none ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc norfc1918 0 -- anywhere anywhere state NEW policy match dir in pol none tcpflags tcp -- anywhere anywhere policy match dir in pol none net2fw 0 -- anywhere anywhere policy match dir in pol none Chain reject (12 references) target prot opt source destination DROP 0 -- 255.255.255.255 anywhere DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere DROP 0 -- anywhere anywhere PKTTYPE = broadcast DROP 0 -- anywhere anywhere PKTTYPE = multicast DROP 0 -- 255.255.255.255 anywhere DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited Chain rfc1918 (6 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:rfc1918:DROP:' DROP 0 -- anywhere anywhere Chain shorewall (0 references) target prot opt source destination Chain smurfs (4 references) target prot opt source destination LOG 0 -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP 0 -- 192.168.1.255 anywhere LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP 0 -- 255.255.255.255 anywhere LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere Chain tcpflags (4 references) target prot opt source destination logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE logflags tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST logflags tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN logflags tcp -- anywhere anywhere tcp spt:0 flags:FIN,SYN,RST,ACK/SYN