Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 93 6562 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 1 60 venet0_in all -- venet0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 3595 331K eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 4006 2992K venet0_fwd all -- venet0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 47 29772 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 1 40 fw2all all -- * venet0 0.0.0.0/0 0.0.0.0/0 0 0 fw2all all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain Drop (1 references) pkts bytes target prot opt in out source destination 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 33 2514 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 33 2514 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 3 234 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 22 1184 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 6 320 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 Chain Reject (3 references) pkts bytes target prot opt in out source destination 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 Chain all2all (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dropBcast (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 193.23.24.95 0 0 DROP all -- * * 0.0.0.0/0 192.168.7.255 0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255 0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4 Chain dropInvalid (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID Chain dropNotSyn (2 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 Chain dynamic (6 references) pkts bytes target prot opt in out source destination Chain eth0_fwd (1 references) pkts bytes target prot opt in out source destination 156 9188 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 3595 331K net2venet all -- * venet0 0.0.0.0/0 0.0.0.0/0 0 0 net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 33 2514 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 93 6562 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 loc2all all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 loc2venet all -- * venet0 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2all (3 references) pkts bytes target prot opt in out source destination 1 40 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 47 29772 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 fw2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2all (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22212 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:19637 0 0 loc2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain loc2venet (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2all (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 33 2514 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 8 1096 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' 8 1096 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2fw (1 references) pkts bytes target prot opt in out source destination 60 4048 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22212 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:19637 33 2514 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2venet (1 references) pkts bytes target prot opt in out source destination 3439 322K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 93.93.81.13 192.168.7.150 tcp dpt:443 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 123.56.32.166 192.168.7.150 tcp dpt:443 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 211.21.32.6 192.168.7.150 tcp dpt:443 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 211.21.32.5 192.168.7.150 tcp dpt:443 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 93.93.81.13 192.168.7.150 tcp dpt:80 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 123.56.32.166 192.168.7.150 tcp dpt:80 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 211.21.32.6 192.168.7.150 tcp dpt:80 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 211.21.32.5 192.168.7.150 tcp dpt:80 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 93.93.81.13 192.168.7.150 tcp dpt:19637 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 123.56.32.166 192.168.7.150 tcp dpt:19637 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 211.21.32.6 192.168.7.150 tcp dpt:19637 ctorigdst 193.23.24.70 0 0 ACCEPT tcp -- * * 211.21.32.5 192.168.7.150 tcp dpt:19637 ctorigdst 193.23.24.70 35 1744 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:80 ctorigdst 193.23.24.81 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:19657 ctorigdst 193.23.24.81 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:19637 ctorigdst 193.23.24.81 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:443 ctorigdst 193.23.24.81 59 3448 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:25 ctorigdst 193.23.24.81 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:53 ctorigdst 193.23.24.81 42 2928 ACCEPT udp -- * * 0.0.0.0/0 192.168.7.152 udp dpt:53 ctorigdst 193.23.24.81 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:993 ctorigdst 193.23.24.81 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:995 ctorigdst 193.23.24.81 4 192 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:143 ctorigdst 193.23.24.81 13 624 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:110 ctorigdst 193.23.24.81 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.152 tcp dpt:21 ctorigdst 193.23.24.81 3 252 ACCEPT icmp -- * * 123.56.32.166 192.168.7.152 ctorigdst 193.23.24.81 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:19657 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:80 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:443 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:19637 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:9091 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:5222 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:5223 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:25 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:53 ctorigdst 193.23.24.82 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.7.185 udp dpt:53 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:993 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:995 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:143 ctorigdst 193.23.24.82 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.7.185 tcp dpt:110 ctorigdst 193.23.24.82 0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject (9 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 193.23.24.95 0 0 DROP all -- * * 0.0.0.0/0 192.168.7.255 0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255 0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4 0 0 DROP all -- * * 193.23.24.95 0.0.0.0/0 0 0 DROP all -- * * 192.168.7.255 0.0.0.0/0 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain shorewall (0 references) pkts bytes target prot opt in out source destination Chain smurfs (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 193.23.24.95 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 0 0 DROP all -- * * 193.23.24.95 0.0.0.0/0 0 0 LOG all -- * * 192.168.7.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 0 0 DROP all -- * * 192.168.7.255 0.0.0.0/0 0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 Chain venet0_fwd (1 references) pkts bytes target prot opt in out source destination 199 15876 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 4006 2992K venet2all all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 venet2all all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain venet0_in (1 references) pkts bytes target prot opt in out source destination 1 60 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 1 60 venet2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain venet2all (3 references) pkts bytes target prot opt in out source destination 3807 2976K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 200 15936 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain venet2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22212 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:19637 1 60 venet2all all -- * * 0.0.0.0/0 0.0.0.0/0