Packet Filtering Custom Firewall Rules for the SnapGear SG565Router Sceenshot

Back to the SnapGear SG565



Screenshots from PortForward.com


SG565 - Custom Firewall Rules Network Setup Network Setup DHCP Server Web Cache Shares QoS Traffic Shaping SIP Firewall Incoming Access Definitions Packet Filtering NAT Connection Tracking Intrusion Detection Access Control Antivirus Antispam VPN PPTP VPN Client PPTP VPN Server L2TP VPN Client L2TP VPN Server IPSec Port Tunnels System Date and Time Backup/Restore Users Management Diagnostics Advanced Help and Support Copyright (C) 1999-2008 Secure Computing Corp. All rights reserved. Custom Firewall Rules Packet Filter Rules Custom Firewall Rules Custom IPv6 Firewall Rules Custom Firewall Rules Below are the SnapGear unit's custom firewall rules. Custom firewall rules are instead of built-in rules   Packet Filter Rules Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 76 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 9 360 InvalidL all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 21854 2787K EstabRel all -- * * 0.0.0.0/0 0.0.0.0/0 571 44239 PrivIn all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 15 3222 PrivIn all -- eth2 * 0.0.0.0/0 0.0.0.0/0 9 790 WanIn all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 PrivIn all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 95 11106 PrivIn all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 122 10228 PrivIn all -- ppp2 * 0.0.0.0/0 0.0.0.0/0 0 0 DefDeny all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 17 packets, 7383 bytes) pkts bytes target prot opt in out source destination 57956 33M EstabRelFwd all -- * * 0.0.0.0/0 0.0.0.0/0 1674 154K LanFwd all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 575 75004 LanFwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 3 144 WanFwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 137 12217 VPNFwd all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 327 27257 VPNFwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 250 21720 VPNFwd all -- ppp2 * 0.0.0.0/0 0.0.0.0/0 0 0 DefDeny all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 11 packets, 828 bytes) pkts bytes target prot opt in out source destination 1 76 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 26393 21M EstabRel all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 PFPrivOut all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 0 0 PFPrivOut all -- * eth2 0.0.0.0/0 0.0.0.0/0 9 684 WanOut all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 PFPrivOut all -- * ipsec0 0.0.0.0/0 0.0.0.0/0 0 0 PFPrivOut all -- * ppp0 0.0.0.0/0 0.0.0.0/0 0 0 PFPrivOut all -- * ppp2 0.0.0.0/0 0.0.0.0/0 Chain DefDeny (5 references) pkts bytes target prot opt in out source destination 5 246 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Default - dropped: ' 10 518 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain EstabRel (2 references) pkts bytes target prot opt in out source destination 47426 24M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED Chain EstabRelFwd (1 references) pkts bytes target prot opt in out source destination 54990 32M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED Chain ExtAcc (1 references) pkts bytes target prot opt in out source destination Chain ExtAccIn (1 references) pkts bytes target prot opt in out source destination Chain Filter (1 references) pkts bytes target prot opt in out source destination Chain IcmpConf (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 Chain InvalidL (1 references) pkts bytes target prot opt in out source destination 5 200 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Invalid - dropped: ' 9 360 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain IpsecIn (1 references) pkts bytes target prot opt in out source destination 2 416 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain LanFwd (2 references) pkts bytes target prot opt in out source destination 134 6851 LanVPN all -- * ipsec0 0.0.0.0/0 0.0.0.0/0 2 280 LanVPN all -- * ppp0 0.0.0.0/0 0.0.0.0/0 0 0 LanVPN all -- * ppp2 0.0.0.0/0 0.0.0.0/0 2249 229K PrivFwd all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LanVPN (3 references) pkts bytes target prot opt in out source destination Chain PF1Deny (2 references) pkts bytes target prot opt in out source destination 0 0 PF1DenyL tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 PF1DenyL udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135 0 0 PF1DenyL tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 0 0 PF1DenyL udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 0 0 PF1DenyL tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 0 0 PF1DenyL udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 0 0 PF1DenyL tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 PF1DenyL udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 0 0 PF1DenyL tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 PF1DenyL udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 Chain PF1DenyL (10 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `PF Deny Dropped SMB: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PFPrivIn (1 references) pkts bytes target prot opt in out source destination Chain PFPrivOut (5 references) pkts bytes target prot opt in out source destination Chain PFPrivPriv (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.85 tcp dpt:21 2024 225K PFPrivPrivI6 all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.2.81-192.168.2.250 5 650 PFPrivPrivI7 all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.2.2-192.168.2.79 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.39 tcp dpt:7000 Chain PFPrivPrivI6 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 DROP tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 Chain PFPrivPrivI7 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 DROP tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 Chain PFPrivWan (1 references) pkts bytes target prot opt in out source destination 787 49490 PF1Deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.85 tcp dpt:21 765 46867 PFPrivWanI6 all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.2.81-192.168.2.250 22 2623 PFPrivWanI7 all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.2.2-192.168.2.79 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.39 tcp dpt:7000 Chain PFPrivWanI6 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 DROP tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 Chain PFPrivWanI7 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 DROP tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 Chain PFWanIn (1 references) pkts bytes target prot opt in out source destination Chain PFWanOut (1 references) pkts bytes target prot opt in out source destination Chain PFWanPriv (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.85 tcp dpt:21 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.39 tcp dpt:7000 Chain PFWanWan (1 references) pkts bytes target prot opt in out source destination 0 0 PF1Deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.85 tcp dpt:21 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.39 tcp dpt:7000 Chain PrivFwd (2 references) pkts bytes target prot opt in out source destination 1073 121K PrivPriv all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 967 112K PrivPriv all -- * eth2 0.0.0.0/0 0.0.0.0/0 787 49490 PrivWan all -- * eth1 0.0.0.0/0 0.0.0.0/0 134 6851 PrivPriv all -- * ipsec0 0.0.0.0/0 0.0.0.0/0 2 280 PrivPriv all -- * ppp0 0.0.0.0/0 0.0.0.0/0 0 0 PrivPriv all -- * ppp2 0.0.0.0/0 0.0.0.0/0 0 0 DefDeny all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PrivIn (5 references) pkts bytes target prot opt in out source destination 803 68795 PFPrivIn all -- * * 0.0.0.0/0 0.0.0.0/0 803 68795 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PrivPriv (5 references) pkts bytes target prot opt in out source destination 2176 240K PFPrivPriv all -- * * 0.0.0.0/0 0.0.0.0/0 2176 240K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PrivWan (1 references) pkts bytes target prot opt in out source destination 787 49490 PFPrivWan all -- * * 0.0.0.0/0 0.0.0.0/0 787 49490 Filter all -- * * 0.0.0.0/0 0.0.0.0/0 787 49490 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain SmbOut (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 reject-with icmp-admin-prohibited 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 reject-with icmp-admin-prohibited 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 reject-with icmp-admin-prohibited 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 reject-with icmp-admin-prohibited 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 reject-with icmp-admin-prohibited 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 reject-with icmp-admin-prohibited 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 reject-with icmp-admin-prohibited 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 reject-with icmp-admin-prohibited Chain VPNFwd (3 references) pkts bytes target prot opt in out source destination 517 46921 VPNLan all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 0 0 VPNLan all -- * eth2 0.0.0.0/0 0.0.0.0/0 714 61194 PrivFwd all -- * * 0.0.0.0/0 0.0.0.0/0 Chain VPNLan (2 references) pkts bytes target prot opt in out source destination Chain WanFwd (1 references) pkts bytes target prot opt in out source destination 3 144 WanPriv all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 0 0 WanPriv all -- * eth2 0.0.0.0/0 0.0.0.0/0 0 0 PFWanWan all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 WanPriv all -- * ipsec0 0.0.0.0/0 0.0.0.0/0 0 0 WanPriv all -- * ppp0 0.0.0.0/0 0.0.0.0/0 0 0 WanPriv all -- * ppp2 0.0.0.0/0 0.0.0.0/0 3 144 DefDeny all -- * * 0.0.0.0/0 0.0.0.0/0 Chain WanIn (1 references) pkts bytes target prot opt in out source destination 0 0 IcmpConf icmp -- eth1 * 0.0.0.0/0 9 790 PFWanIn all -- * * 0.0.0.0/0 0.0.0.0/0 9 790 ExtAccIn all -- eth1 * 0.0.0.0/0 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 tcp dpt:1723 9 790 IpsecIn all -- eth1 * 0.0.0.0/0 0 0 DROP all -- eth1 * 0.0.0.0/0 216.27.172.167 0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255 7 374 DefDeny all -- * * 0.0.0.0/0 0.0.0.0/0 Chain WanOut (1 references) pkts bytes target prot opt in out source destination 9 684 PFWanOut all -- * * 0.0.0.0/0 0.0.0.0/0 9 684 SmbOut all -- * * 0.0.0.0/0 0.0.0.0/0 Chain WanPriv (5 references) pkts bytes target prot opt in out source destination 3 144 PFWanPriv all -- * * 0.0.0.0/0 0.0.0.0/0 3 144 ExtAcc all -- * * 0.0.0.0/0 0.0.0.0/0 NAT Rules Chain PREROUTING (policy ACCEPT 854K packets, 68M bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 tcp dpt:21 to:192.168.2.85 3 144 DNAT tcp -- * * 0.0.0.0/0 tcp dpt:80 to:192.168.2.85 0 0 DNAT tcp -- * * 0.0.0.0/0 tcp dpt:7000 to:192.168.2.39 Chain POSTROUTING (policy ACCEPT 30908 packets, 2133K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0 0 0 MASQUERADE all -- * eth0.2 0.0.0.0/0 0.0.0.0/0 ctstate DNAT MARK match 0x13 0 0 MASQUERADE all -- * eth2 0.0.0.0/0 0.0.0.0/0 ctstate DNAT MARK match 0x9 0 0 MASQUERADE all -- * ipsec0 0.0.0.0/0 0.0.0.0/0 ctstate DNAT MARK match 0xa 0 0 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0 ctstate DNAT MARK match 0x2a 0 0 MASQUERADE all -- * ppp2 0.0.0.0/0 0.0.0.0/0 ctstate DNAT MARK match 0x20 549 54383 ACCEPT all -- * br0 192.168.2.0/24 0.0.0.0/0 772 47731 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0 5 272 IpsecMasq all -- * ipsec0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 7047 packets, 1466K bytes) pkts bytes target prot opt in out source destination Chain IpsecMasq (1 references) pkts bytes target prot opt in out source destination Packet Mangle Rules Chain PREROUTING (policy ACCEPT 85M packets, 53G bytes) pkts bytes target prot opt in out source destination 79422 35M Filter all -- * * 0.0.0.0/0 0.0.0.0/0 3321 319K MarkPreNew all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW 79395 35M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore Chain INPUT (policy ACCEPT 17M packets, 2927M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 69M packets, 50G bytes) pkts bytes target prot opt in out source destination 2 80 Invalid all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 828 42908 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU Chain OUTPUT (policy ACCEPT 24M packets, 26G bytes) pkts bytes target prot opt in out source destination 26429 21M MarkOut all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 93M packets, 76G bytes) pkts bytes target prot opt in out source destination 16538 14M IPSecPOSTROUTING all -- * ipsec0 0.0.0.0/0 0.0.0.0/0 2972 291K MarkPostNew all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW Chain Filter (1 references) pkts bytes target prot opt in out source destination 1 76 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 SpoofL all -- * * 127.0.0.0/8 0.0.0.0/0 34345 18M Spoof all -- eth1 * 0.0.0.0/0 0.0.0.0/0 76089 35M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 3332 320K InvalidAddr all -- * * 0.0.0.0/0 0.0.0.0/0 21 1294 Flood all -- eth1 * 0.0.0.0/0 0.0.0.0/0 Chain Flood (1 references) pkts bytes target prot opt in out source destination 21 1294 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Flood - dropped: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain IPSecPOSTROUTING (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:4500 16538 14M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x0 Chain Invalid (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- eth0.2 eth0.2 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- eth2 eth2 0.0.0.0/0 0.0.0.0/0 2 80 InvalidL all -- * * 0.0.0.0/0 0.0.0.0/0 Chain InvalidAddr (1 references) pkts bytes target prot opt in out source destination 0 0 InvalidL all -- * * 0.0.0.0/0 127.0.0.0/8 0 0 InvalidL all -- * * 255.255.255.255 0.0.0.0/0 0 0 InvalidL all -- * * 0.0.0.0/0 0.0.0.0 0 0 InvalidL all -- * * 224.0.0.0/4 0.0.0.0/0 Chain InvalidL (5 references) pkts bytes target prot opt in out source destination 2 80 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Invalid - dropped: ' 2 80 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain MarkOut (1 references) pkts bytes target prot opt in out source destination 16538 15M RETURN esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN ah -- * * 0.0.0.0/0 0.0.0.0/0 287 33760 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:4500 10 732 RouteOut all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW 9604 5564K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore Chain MarkPost (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN ah -- * * 0.0.0.0/0 0.0.0.0/0 796 50174 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore Chain MarkPostNew (1 references) pkts bytes target prot opt in out source destination 796 50174 CONNMARK all -- * eth1 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x8 796 50174 MarkPost all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain MarkPreNew (1 references) pkts bytes target prot opt in out source destination 0 0 CONNMARK all -- lo * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x2 1797 160K CONNMARK all -- eth0.2 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x13 575 75004 CONNMARK all -- eth2 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x9 12 934 CONNMARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x8 137 12217 CONNMARK all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0xa 428 39203 CONNMARK all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x2a 372 31948 CONNMARK all -- ppp2 * 0.0.0.0/0 0.0.0.0/0 CONNMARK set 0x20 3321 319K RouteIn all -- * * 0.0.0.0/0 0.0.0.0/0 Chain RouteDNS (2 references) pkts bytes target prot opt in out source destination 21 1380 CONNMARK all -- * * 0.0.0.0/0 216.27.175.2 CONNMARK set 0x8 125 7975 CONNMARK all -- * * 0.0.0.0/0 208.67.220.220 CONNMARK set 0x8 1 72 CONNMARK all -- * * 0.0.0.0/0 64.81.159.2 CONNMARK set 0x8 Chain RouteIn (1 references) pkts bytes target prot opt in out source destination 12 934 RETURN all -- eth1 * 0.0.0.0/0 0.0.0.0/0 3309 318K RouteDNS all -- * * 0.0.0.0/0 0.0.0.0/0 Chain RouteOut (1 references) pkts bytes target prot opt in out source destination 10 732 RouteDNS all -- * * 0.0.0.0/0 0.0.0.0/0 Chain Spoof (1 references) pkts bytes target prot opt in out source destination 0 0 SpoofL all -- * * 192.168.2.1 0.0.0.0/0 0 0 SpoofL all -- * * 192.168.2.231 0.0.0.0/0 0 0 SpoofL all -- * * 192.168.2.1 0.0.0.0/0 0 0 SpoofL all -- * * 192.168.2.230 0.0.0.0/0 Chain SpoofL (5 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Spoof - dropped: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Home > Screenshots > SnapGear > SG565 > Packet Filtering Custom Firewall Rules