Mageia Bugzilla – Attachment 7085 Details for
Bug 16867
iptables.service is dead after booting kernel-4.2.2-2.mga6
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
iptables -L output
initial_iptables-L (text/plain), 9.55 KB, created by
Marja Van Waes
on 2015-10-03 10:46:40 CEST
(
hide
)
Description:
iptables -L output
Filename:
MIME Type:
Creator:
Marja Van Waes
Created:
2015-10-03 10:46:40 CEST
Size:
9.55 KB
patch
obsolete
>Chain INPUT (policy DROP) >target prot opt source destination >Ifw all -- anywhere anywhere >enp8s0_in all -- anywhere anywhere >wlp5s0_in all -- anywhere anywhere >ACCEPT all -- anywhere anywhere >Reject all -- anywhere anywhere >LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:" >reject all -- anywhere anywhere [goto] > >Chain FORWARD (policy DROP) >target prot opt source destination >enp8s0_fwd all -- anywhere anywhere >wlp5s0_fwd all -- anywhere anywhere >Reject all -- anywhere anywhere >LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:" >reject all -- anywhere anywhere [goto] > >Chain OUTPUT (policy DROP) >target prot opt source destination >fw-net all -- anywhere anywhere >fw-net all -- anywhere anywhere >ACCEPT all -- anywhere anywhere >Reject all -- anywhere anywhere >LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:" >reject all -- anywhere anywhere [goto] > >Chain Broadcast (2 references) >target prot opt source destination >DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST >DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST >DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST > >Chain Drop (1 references) >target prot opt source destination > all -- anywhere anywhere >Broadcast all -- anywhere anywhere >ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */ >ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */ >DROP all -- anywhere anywhere ctstate INVALID >DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */ >DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */ >DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */ >DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */ >DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */ >DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN >DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */ > >Chain Ifw (1 references) >target prot opt source destination >RETURN all -- anywhere anywhere match-set ifw_wl src >DROP all -- anywhere anywhere match-set ifw_bl src >IFWLOG all -- anywhere anywhere ctstate INVALID,NEWpsd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN' > >Chain Reject (3 references) >target prot opt source destination > all -- anywhere anywhere >Broadcast all -- anywhere anywhere >ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */ >ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */ >DROP all -- anywhere anywhere ctstate INVALID >reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */ >reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */ >reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */ >reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */ >DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */ >DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN >DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */ > >Chain dynamic (4 references) >target prot opt source destination > >Chain enp8s0_fwd (1 references) >target prot opt source destination >sfilter all -- anywhere anywhere [goto] >dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED >tcpflags tcp -- anywhere anywhere >net_frwd all -- anywhere anywhere > >Chain enp8s0_in (1 references) >target prot opt source destination >dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED >tcpflags tcp -- anywhere anywhere >net-fw all -- anywhere anywhere > >Chain fw-net (2 references) >target prot opt source destination >ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED >ACCEPT all -- anywhere anywhere > >Chain logdrop (0 references) >target prot opt source destination >DROP all -- anywhere anywhere > >Chain logflags (5 references) >target prot opt source destination >LOG all -- anywhere anywhere LOG level info ip-options prefix "Shorewall:logflags:DROP:" >DROP all -- anywhere anywhere > >Chain logreject (0 references) >target prot opt source destination >reject all -- anywhere anywhere > >Chain net-fw (2 references) >target prot opt source destination >ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED >Drop all -- anywhere anywhere >LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net-fw:DROP:" >DROP all -- anywhere anywhere > >Chain net_frwd (2 references) >target prot opt source destination >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere > >Chain reject (8 references) >target prot opt source destination >DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST >DROP all -- base-address.mcast.net/4 anywhere >DROP igmp -- anywhere anywhere >REJECT tcp -- anywhere anywhere reject-with tcp-reset >REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable >REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable >REJECT all -- anywhere anywhere reject-with icmp-host-prohibited > >Chain sfilter (2 references) >target prot opt source destination >LOG all -- anywhere anywhere LOG level info prefix "Shorewall:sfilter:DROP:" >DROP all -- anywhere anywhere > >Chain sha-lh-b89b5a26f601e20633d2 (0 references) >target prot opt source destination > >Chain sha-rh-4a1607650af52806acc3 (0 references) >target prot opt source destination > >Chain shorewall (0 references) >target prot opt source destination > all -- anywhere anywhere recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255 > >Chain tcpflags (4 references) >target prot opt source destination >logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG >logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE >logflags tcp -- anywhere anywhere [goto] tcp flags:SYN,RST/SYN,RST >logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN/FIN,SYN >logflags tcp -- anywhere anywhere [goto] tcp spt:0 flags:FIN,SYN,RST,ACK/SYN > >Chain wlp5s0_fwd (1 references) >target prot opt source destination >sfilter all -- anywhere anywhere [goto] >dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED >tcpflags tcp -- anywhere anywhere >net_frwd all -- anywhere anywhere > >Chain wlp5s0_in (1 references) >target prot opt source destination >dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED >tcpflags tcp -- anywhere anywhere >net-fw all -- anywhere anywhere
Chain INPUT (policy DROP) target prot opt source destination Ifw all -- anywhere anywhere enp8s0_in all -- anywhere anywhere wlp5s0_in all -- anywhere anywhere ACCEPT all -- anywhere anywhere Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:" reject all -- anywhere anywhere [goto] Chain FORWARD (policy DROP) target prot opt source destination enp8s0_fwd all -- anywhere anywhere wlp5s0_fwd all -- anywhere anywhere Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:" reject all -- anywhere anywhere [goto] Chain OUTPUT (policy DROP) target prot opt source destination fw-net all -- anywhere anywhere fw-net all -- anywhere anywhere ACCEPT all -- anywhere anywhere Reject all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:" reject all -- anywhere anywhere [goto] Chain Broadcast (2 references) target prot opt source destination DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST Chain Drop (1 references) target prot opt source destination all -- anywhere anywhere Broadcast all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */ ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */ DROP all -- anywhere anywhere ctstate INVALID DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */ DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */ DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */ DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */ DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */ DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */ Chain Ifw (1 references) target prot opt source destination RETURN all -- anywhere anywhere match-set ifw_wl src DROP all -- anywhere anywhere match-set ifw_bl src IFWLOG all -- anywhere anywhere ctstate INVALID,NEWpsd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN' Chain Reject (3 references) target prot opt source destination all -- anywhere anywhere Broadcast all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */ ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */ DROP all -- anywhere anywhere ctstate INVALID reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */ reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */ reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */ reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */ DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */ DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */ Chain dynamic (4 references) target prot opt source destination Chain enp8s0_fwd (1 references) target prot opt source destination sfilter all -- anywhere anywhere [goto] dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED tcpflags tcp -- anywhere anywhere net_frwd all -- anywhere anywhere Chain enp8s0_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED tcpflags tcp -- anywhere anywhere net-fw all -- anywhere anywhere Chain fw-net (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain logdrop (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain logflags (5 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info ip-options prefix "Shorewall:logflags:DROP:" DROP all -- anywhere anywhere Chain logreject (0 references) target prot opt source destination reject all -- anywhere anywhere Chain net-fw (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED Drop all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net-fw:DROP:" DROP all -- anywhere anywhere Chain net_frwd (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain reject (8 references) target prot opt source destination DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST DROP all -- base-address.mcast.net/4 anywhere DROP igmp -- anywhere anywhere REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain sfilter (2 references) target prot opt source destination LOG all -- anywhere anywhere LOG level info prefix "Shorewall:sfilter:DROP:" DROP all -- anywhere anywhere Chain sha-lh-b89b5a26f601e20633d2 (0 references) target prot opt source destination Chain sha-rh-4a1607650af52806acc3 (0 references) target prot opt source destination Chain shorewall (0 references) target prot opt source destination all -- anywhere anywhere recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255 Chain tcpflags (4 references) target prot opt source destination logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE logflags tcp -- anywhere anywhere [goto] tcp flags:SYN,RST/SYN,RST logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN/FIN,SYN logflags tcp -- anywhere anywhere [goto] tcp spt:0 flags:FIN,SYN,RST,ACK/SYN Chain wlp5s0_fwd (1 references) target prot opt source destination sfilter all -- anywhere anywhere [goto] dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED tcpflags tcp -- anywhere anywhere net_frwd all -- anywhere anywhere Chain wlp5s0_in (1 references) target prot opt source destination dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED tcpflags tcp -- anywhere anywhere net-fw all -- anywhere anywhere
View Attachment As Raw
Actions:
View
Attachments on
bug 16867
:
7074
|
7076
|
7077
|
7079
|
7080
|
7083
|
7084
| 7085